| |
| |||||||
Log-Analyse und Auswertung: Bundespolizeitrojaner - System säubernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.09.2012, 19:37
| #1 |
| |  Bundespolizeitrojaner - System säubern Hallo liebe Aktive im TB, ich bin dabei, den Rechner eines Freundes zu säubern, nachdem er sich den Bundespolizeitrojaner eingefangen hatte. Hier im Forum habe ich viele gute Ratschläge gelesen und einige bereits ausgeführt. Jetzt fragen wir uns, was noch zu tun bleibt - ich freue mich auf Hinweise. Wir haben bereits: - Den Rechner an einen Systemwiederherstellungspunkt zurückversetzt, um den Rechner zugänglich zu machen (da war ich nicht dabei) - Mit EMSIsoft Anti-Malware gescannt (das hatte er bereits installiert, anscheinend gab es Funde, die hat er gelöscht...) - Java 7 nachinstalliert - Mit Malwarebytes Anti-Malware gescannt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 NummerEins :: PC02 [Administrator] Schutz: Aktiviert 13.07.2012 19:47:19 mbam-log-2012-07-13 (19-47-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272256 Laufzeit: 35 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\Railo\zefyq.exe (Spyware.Zbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\NummerEins\Desktop\2011-11_PC-E_Software\SoftonicDownloader_fuer_photo-collage.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 27.09.2012 19:23:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\NummerEins\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,71% Memory free 4,83 Gb Paging File | 3,71 Gb Available in Paging File | 76,81% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 931,31 Gb Total Space | 883,17 Gb Free Space | 94,83% Space Free | Partition Type: NTFS Computer Name: PC02 | User Name: NummerEins | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\NummerEins\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Temp\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - c:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Temp\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation) PRC - c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc.) PRC - C:\Programme\Logitech\QuickCam10\QuickCam10.exe () PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe (Sun Microsystems, Inc.) PRC - C:\Programme\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.) PRC - C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe () PRC - C:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) ========== Modules (No Company Name) ========== MOD - C:\Programme\Opera Next\mapi\OperaMAPI.dll () MOD - \\?\C:\Programme\Emsisoft Anti-Malware\avxdisk.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.39622__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.39728__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.39594__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.39624__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.39701__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.39671__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.39656__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.39616__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.39608__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.39679__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.39606__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.39729__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3693.39773__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.39678__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.39678__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.39660__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.39691__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.39659__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.39626__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.39610__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.39625__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.39666__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.39666__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.39630__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.39668__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.39658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.39652__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.39657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.39658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3693.39586__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3693.39581__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3693.39587__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3693.39736__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3693.39587__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3693.39726__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3693.39593__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3693.39584__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3693.39581__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3693.39579__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3693.39720__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3693.39583__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3693.39583__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3693.39615__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3693.39606__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3693.39581__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3693.39582__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3693.39592__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3693.39585__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3693.39586__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3693.39727__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3693.39728__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3693.39677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3693.39700__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3693.39646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3693.39621__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3693.39657__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3693.39606__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3693.39670__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3693.39607__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3693.39607__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3693.39620__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3693.39665__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3693.39593__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3693.39582__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3693.39588__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.39765__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.39720__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.39736__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3693.39584__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3693.39585__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3693.39591__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.39588__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.39712__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.39615__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.39717__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.39591__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.39592__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3693.39587__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3693.39586__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3693.39614__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.39601__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.39590__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.39589__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3693.39599__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.39719__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3693.39599__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3693.39623__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\libxml2.dll () MOD - C:\Programme\Logitech\QuickCam10\LAppRes.DLL () MOD - C:\Programme\Logitech\QuickCam10\QuickCam10.exe () MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LCMServerPS.dll () MOD - C:\Programme\AMD\RAIDXpert\jetty\extra\win32\lib\Wrapper.dll () MOD - C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AMDRAIDXpert) -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe () ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (StarOpen) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (AsrCDDrv) -- C:\WINDOWS\system32\Drivers\AsrCDDrv.sys File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH) DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH) DRV - (asmtxhci) -- C:\WINDOWS\system32\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV - (asmthub3) -- C:\WINDOWS\system32\drivers\asmthub3.sys (ASMedia Technology Inc) DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.) DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011.09.22 22:43:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.27 16:15:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.19 23:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\Mozilla\Extensions [2012.09.27 16:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\Mozilla\Firefox\Profiles\q6r1jh4h.default\extensions [2012.09.27 18:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.27 16:15:49 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.27 16:15:49 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.03 13:00:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.27 16:15:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.03 13:00:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.27 16:15:46 | 000,003,581 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml [2012.03.03 13:00:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.03 13:00:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.03 13:00:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Acronis*True*Image Monitor] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [emsisoft anti-malware] c:\programme\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMBooster] C:\Programme\Iminent\IMBooster\imbooster.exe /warmup File not found O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003..\Run: [msnmsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk = C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342203060687 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B0BDE93-7F91-4F30-BD15-653B202E4845}: NameServer = 217.0.43.49 217.0.43.33 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.09.13 21:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.27 19:03:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NummerEins\Desktop\Viral [2012.09.27 18:19:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NummerEins\Desktop\anti_trojaner-software [2012.09.27 17:01:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.09.27 16:03:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.27 16:03:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.27 16:03:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.27 16:01:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NummerEins\Desktop\OTL.exe [2012.09.26 20:54:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.09.26 20:53:35 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.09.26 20:53:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.09.26 20:53:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.09.26 20:53:25 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.26 20:53:24 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.09.26 17:28:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NummerEins\Desktop\Luca [2012.09.05 19:58:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.09.05 19:58:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.09.05 19:58:15 | 000,000,000 | R--D | C] -- C:\Programme\Skype [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.27 18:45:00 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.27 18:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.27 18:27:26 | 000,000,005 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx [2012.09.27 18:27:14 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX [2012.09.27 18:26:25 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.27 18:25:05 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.27 18:24:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.27 18:13:10 | 000,513,501 | ---- | M] () -- C:\Dokumente und Einstellungen\NummerEins\Desktop\adwcleaner.exe [2012.09.27 16:01:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NummerEins\Desktop\OTL.exe [2012.09.26 21:20:00 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.09.26 21:19:59 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.09.26 20:53:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.09.26 20:52:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012.09.26 20:52:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012.09.26 20:52:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.09.26 20:52:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.09.26 20:52:59 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012.09.26 20:52:58 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012.09.26 17:31:23 | 034,094,059 | ---- | M] () -- C:\Dokumente und Einstellungen\NummerEins\Desktop\Mediencenter.zip [2012.09.20 22:24:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.05 19:58:16 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.09.05 10:32:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.08.28 20:35:48 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.27 18:13:03 | 000,513,501 | ---- | C] () -- C:\Dokumente und Einstellungen\NummerEins\Desktop\adwcleaner.exe [2012.09.26 17:30:42 | 034,094,059 | ---- | C] () -- C:\Dokumente und Einstellungen\NummerEins\Desktop\Mediencenter.zip [2012.02.16 10:02:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.02 18:55:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2012.02.02 17:55:15 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfwad.bin [2012.01.12 10:59:05 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ4809N.DAT [2011.12.16 17:02:21 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2011.12.15 17:29:44 | 000,708,170 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1957994488-1078145449-682003330-1003-0.dat [2011.12.15 17:29:42 | 000,287,362 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.11.26 16:26:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2011.11.26 15:52:45 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.11.26 15:52:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.11.26 15:52:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.11.26 15:52:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.11.26 15:52:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.11.26 15:52:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.11.26 15:52:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.11.26 15:52:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.11.26 15:52:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.11.26 15:52:45 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.11.26 15:52:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.11.26 15:52:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.11.26 15:52:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.11.26 15:52:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.11.26 15:52:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.11.26 15:52:45 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.11.26 15:52:45 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.11.26 15:52:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.11.26 15:52:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.10.10 00:02:41 | 000,030,720 | ---- | C] () -- C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.08 20:51:27 | 000,048,205 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011.10.08 18:23:59 | 000,001,054 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.10.08 18:22:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI [2011.10.08 18:21:52 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini [2011.10.08 18:21:04 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pstudio.ini [2011.10.08 18:21:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini [2011.10.08 18:21:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2011.09.20 23:27:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.09.20 23:27:11 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini [2011.09.20 23:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2011.09.20 23:19:38 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2011.09.13 22:32:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.09.13 22:31:45 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.09.13 22:01:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.09.13 22:01:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.09.13 22:01:15 | 000,200,828 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.09.13 22:01:15 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.09.13 22:01:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2011.09.13 22:01:10 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2011.09.13 21:45:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.09.13 21:40:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2011.09.13 21:59:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.06.21 20:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.09.2012 19:23:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\NummerEins\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,71% Memory free
4,83 Gb Paging File | 3,71 Gb Available in Paging File | 76,81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931,31 Gb Total Space | 883,17 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
Computer Name: PC02 | User Name: NummerEins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen -- (Microsoft Corporation)
"C:\Programme\Iminent\IMBooster\IMBooster.exe" = C:\Programme\Iminent\IMBooster\IMBooster.exe:*:Enabled:IMBooster
"C:\Programme\Iminent\MMServer\Iminent.MMServer.exe" = C:\Programme\Iminent\MMServer\Iminent.MMServer.exe:*:Enabled:MMServer
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Epson Software\Event Manager\EEventManager.exe" = C:\Programme\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Programme\Opera Next\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera Next\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Opera Next\opera.exe" = C:\Programme\Opera Next\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent
"{179C9DAD-8A7E-E177-A099-9881BA6DB7E1}" = CCC Help Korean
"{1CA97896-6527-EFF2-15AF-F754A8345DB3}" = CCC Help Polish
"{1DE16DAD-6C8C-CE4B-6D0A-3B9C826EA7DF}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{207FE8B9-976B-8106-B8D8-75FD538B21AE}" = Catalyst Control Center Graphics Light
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2CA12532-C407-66B7-7872-998E86EB078A}" = CCC Help Thai
"{30646370-6577-DA44-F956-5179BD4FC81F}" = CCC Help Norwegian
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}" = Logitech QuickCam
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48E2A18A-C55F-4CEC-B3A2-A9B6F2BF95A0}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5155EC96-7397-FCC0-154C-F4814DA6B86C}" = ATI Catalyst Install Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{531E8A2E-CB06-DF8B-E7AF-E6FC443C0690}" = ccc-utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E990010-3CFC-3451-1F07-ABD632895DED}" = Catalyst Control Center Localization All
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{653771EC-5AA7-9E1D-EBF9-BF6E9BDC0649}" = CCC Help Greek
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B56D6C0-91EA-46AA-9D00-0C52C7431764}" = ADAC TourPlaner® 2004/2005
"{704985E4-596B-B30C-1B01-49A4E6386DF7}" = CCC Help Italian
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 3.0G
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7388AE07-F4E0-503F-6ADD-4FB9BED4C47E}" = CCC Help Czech
"{7D6A64F2-7D44-1878-EFDD-463B764C20C9}" = ccc-core-preinstall
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{8AE34925-34D7-4E53-FE56-B38C003FCE59}" = CCC Help Chinese Traditional
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D42CBBC-2089-44AB-8021-369DDB962816}" = Photo Collage 3.0
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{913694EF-D62F-B372-7778-7C0DFD287EED}" = Catalyst Control Center Graphics Previews Common
"{93F8D79A-EEC2-11F6-DE59-70EA8E50CAE2}" = CCC Help German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98FBED7A-E9E1-5578-F5FD-391D51799524}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0458615-CEFE-4007-8F07-6B98D86C0529}" = PerSonoCall Consumer Edition
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A259C1B6-7C3F-6827-657B-D6EDE5BF3CAE}" = CCC Help Finnish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D87A37-8620-FE7B-54C2-E654F4F92B95}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96174C8-BB27-8E86-2AA8-22486DDF7B4B}" = Catalyst Control Center Core Implementation
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE9C87B3-0BF3-6FE1-404C-FA0EA33B4EC3}" = CCC Help Japanese
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1A1ACA0-54BF-6279-CD75-D4772DD16197}" = CCC Help Danish
"{B2C78D7A-D4D2-A1EF-DFAA-48A4152A5771}" = ccc-core-static
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7A9BAF2-DA72-8503-F27F-44C6C2FF9F49}" = CCC Help Swedish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5348885-EB52-4355-C21B-27BD0E4CBA31}" = CCC Help Hungarian
"{D780486E-4F96-B025-4BBB-30D56E3C9418}" = CCC Help Portuguese
"{DE30220D-B7A6-EB8F-13E0-2521880E2F49}" = Catalyst Control Center Graphics Full Existing
"{E32BC396-8E51-BA3F-7001-EE463BB4EA75}" = CCC Help English
"{E481A482-A6A2-D3ED-0980-C741A9AAA96B}" = CCC Help Chinese Standard
"{E4AA1490-A0AE-5693-2C0B-4FF21C3721D8}" = CCC Help Dutch
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBF0AA20-D891-1908-10CB-010E289C36CD}" = CCC Help Russian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F9B431CB-5ACF-A7C1-5B96-9DF33AA25290}" = CCC Help Spanish
"{FB46F473-333E-4A06-A777-31C54188593E}" = ArcSoft MediaImpression 2
"{FE5ED0AC-BCC8-482A-8B08-AA11D5F00152}" = Epson Event Manager
"{FFE7F452-F093-5859-C96E-E75310248A10}" = CCC Help Turkish
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Canon MG4100 series Benutzerregistrierung" = Canon MG4100 series Benutzerregistrierung
"Canon MG4100 series On-screen Manual" = Canon MG4100 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DreamAqua" = Dream Aquarium
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Perfection V33_V330 Manual" = EPSON Perfection V33/V330 Handbuch
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"IrfanView" = IrfanView (remove only)
"LifeGlobe Sharks, Terrors of the Deep 2.0" = LifeGlobe Sharks, Terrors of the Deep 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Opera 12.10.1605" = Opera Next 12.10 beta RC build 1605
"Photo Transport" = Photo Transport Ver. 1.0.0(E)
"QcDrv" = Logitech® Camera-Treiber
"SereneScreen Marine Aquarium 2" = SereneScreen Marine Aquarium 2
"TrueImage" = Acronis*True*Image
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XP Codec Pack" = XP Codec Pack
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2012 06:36:02 | Computer Name = PC02 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 01.08.2012 16:36:17 | Computer Name = PC02 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 06.08.2012 09:27:08 | Computer Name = PC02 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 12.0.6661.5000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.08.2012 04:54:39 | Computer Name = PC02 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung PhotoViewer.exe, Version 1.0.0.8, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.08.2012 14:13:42 | Computer Name = PC02 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wlmail.exe, Version 14.0.8117.416, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.08.2012 09:36:55 | Computer Name = PC02 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 30.08.2012 06:09:51 | Computer Name = PC02 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 02.09.2012 06:02:48 | Computer Name = PC02 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung freecell.exe, Version 5.1.2600.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.09.2012 10:04:15 | Computer Name = PC02 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mbam.exe, Version 1.62.0.140, fehlgeschlagenes
Modul msvbvm60.dll, Version 6.0.98.2, Fehleradresse 0x000e450a.
Error - 27.09.2012 10:04:19 | Computer Name = PC02 | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -1145872933.
[ System Events ]
Error - 04.09.2012 05:55:58 | Computer Name = PC02 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 04.09.2012 05:55:58 | Computer Name = PC02 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 05.09.2012 04:18:31 | Computer Name = PC02 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 20.09.2012 14:36:04 | Computer Name = PC02 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 20.09.2012 14:36:04 | Computer Name = PC02 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.09.2012 14:36:04 | Computer Name = PC02 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 20.09.2012 14:36:04 | Computer Name = PC02 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 20.09.2012 14:36:31 | Computer Name = PC02 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)
Error - 20.09.2012 14:36:31 | Computer Name = PC02 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 15 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 21.09.2012 06:41:42 | Computer Name = PC02 | Source = Print | ID = 6161
Description = Das Dokument Kühlschrankscharnier (1 Paar) Kühlschrankscharnierset
481147 für Bosch Siemens Constructa Gaggenau Küppersbusch Kühlschrank: Amazon.de:
Küche & Haushalt, im Besitz von NummerEins, konnte nicht auf dem Drucker Canon
MG4100 series Printer gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
in Bytes: 3407872. Anzahl der gedruckten Bytes: 2982872. Gesamtanzahl der Seiten
des Dokuments: 3. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\PC02. Vom
Druckprozessor zurückgelieferter Win32-Fehlercode: 13 (0xd).
< End of report >
|
|
27.09.2012, 19:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizeitrojaner - System säubern Wieso postest du nur ein MBAM-Log vom 13.07.? Welche Aussagekraft hat ein über 2 Monate altes Log?
__________________Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
27.09.2012, 19:52
| #3 |
| /// Helfer-Team | Bundespolizeitrojaner - System säubern Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - (WDICA) -- File not found
DRV - (StarOpen) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IMBooster] C:\Programme\Iminent\IMBooster\imbooster.exe /warmup File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Photo Loader resident.lnk = C:\Programme\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk = C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.13 21:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012.03.03 13:00:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 13:00:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.03 13:00:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.03 13:00:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.03 13:00:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.09.27 16:15:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.09.27 16:15:46 | 000,003,581 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\NummerEins\*.exe
C:\Dokumente und Einstellungen\NummerEins\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
27.09.2012, 21:53
| #4 |
| | Bundespolizeitrojaner - System säubern Hi, danke für Eure Hilfe - sorry für das alte Log, da hab ich danebengegriffen. Hier der aktuelle Scan mit Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.27.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 NummerEins :: PC02 [Administrator] 27.09.2012 21:55:34 mbam-log-2012-09-27 (21-55-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 303927 Laufzeit: 25 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service StarOpen stopped successfully!
Service StarOpen deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ deleted successfully.
C:\WINDOWS\system32\ieframe.dll moved successfully.
HKEY_USERS\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1957994488-1078145449-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster deleted successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk moved successfully.
C:\Programme\Microsoft Office\Office\OSA9.EXE moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Photo Loader resident.lnk moved successfully.
C:\Programme\CASIO\Photo Loader\Plauto.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk moved successfully.
C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1957994488-1078145449-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\google.xml moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\NummerEins\*.exe not found.
File\Folder C:\Dokumente und Einstellungen\NummerEins\Startmenü\Programme\Autostart\ctfmon.lnk not found.
File\Folder C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk not found.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\NummerEins\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\NummerEins\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\NummerEins\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Elizabeth & Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64177 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 596380 bytes
User: NummerEins
->Temp folder emptied: 1528719966 bytes
->Temporary Internet Files folder emptied: 1223309251 bytes
->Java cache emptied: 133282 bytes
->FireFox cache emptied: 60157160 bytes
->Google Chrome cache emptied: 6328197 bytes
->Opera cache emptied: 11219035 bytes
->Flash cache emptied: 556 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 238720441 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.929,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 09272012_214550
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/27/2012 um 22:51:28 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : NummerEins - PC02
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\NummerEins\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Dokumente und Einstellungen\NummerEins\Anwendungsdaten\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [13824 octets] - [27/09/2012 18:21:07]
AdwCleaner[R1].txt - [830 octets] - [27/09/2012 22:51:28]
########## EOF - C:\AdwCleaner[R1].txt - [889 octets] ##########
|
|
28.09.2012, 10:47
| #5 |
| /// Helfer-Team | Bundespolizeitrojaner - System säubern Wo ist AdwCleaner[S1].txt |
|
12.10.2012, 15:51
| #6 |
| | Bundespolizeitrojaner - System säubern Hi Leute, danke für Eure Unterstützung - hab meinen Kollegen ne Weile nicht gesehen, er hat sich jetzt entschieden, den Rechner komplett neu aufzusetzen. Ich hätte gehofft, mit Eurer Hilfe die Kiste sauber zu kriegen, aber so ist es halt anders gekommen. Danke nochmal, ich melde mich wieder, falls was anliegt. Alles Gute CM |
|
12.10.2012, 23:42
| #7 |
| /// Helfer-Team | Bundespolizeitrojaner - System säubern Alles klar  |
|
| Themen zu Bundespolizeitrojaner - System säubern |
| 5 minuten, 7-zip, administrator, adobe, adobe flash player, bho, canon, cdburnerxp, desktop, emsisoft, error, explorer, firefox, flash player, format, frage, ftp, helper.exe, homepage, iexplore.exe, iminent, logfile, nicht möglich, ntdll.dll, office 2007, opera, plug-in, realtek, registry, rundll, schannel.dll, security, senden, software, super, system, temp, udp, usb 3.0, windows internet, zugänglich |
Linear-Darstellung
