|
Log-Analyse und Auswertung: Bundespolizei Trojaner entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.10.2012, 21:25 | #1 |
| Bundespolizei Trojaner entfernen Hallo und Guten Abend. Ich habe mir gerade beim Surfen den Bundespolizei Trojaner eingefangen. Ich konnte im Abgesicherten Modus eine Systemwiederherstellung durchführen. Wäre über jede Hilfe sehr dankbar. OTL.Txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.10.2012 21:44:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,17% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,16 Gb Total Space | 361,15 Gb Free Space | 25,85% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS Drive H: | 186,31 Gb Total Space | 88,59 Gb Free Space | 47,55% Space Free | Partition Type: NTFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.08 21:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe PRC - [2012.08.22 08:16:43 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe PRC - [2012.08.08 11:01:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 14:17:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 14:17:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.09.02 11:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.12.18 11:23:08 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\Windows\STK03N\STK03NM.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe PRC - [2006.12.11 21:33:20 | 000,184,320 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe PRC - [2006.09.13 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe PRC - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe ========== Modules (No Company Name) ========== MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.09.02 11:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe MOD - [1998.10.31 05:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBManage.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.02 17:37:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.10 14:17:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 14:17:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.19 09:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.04.19 09:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.05.10 14:17:06 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.10 14:17:06 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.05 22:10:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 16:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.09 23:05:13 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.09 21:27:10 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.15 09:55:54 | 000,170,624 | ---- | M] (ZF Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ch64ccid.sys -- (CH64CCID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.14 10:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.03.10 13:17:40 | 000,386,560 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt61.sys -- (RT61) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2011.06.09 23:05:13 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=112542&tt=120912_ccp_3812_3&babsrc=HP_ss&mntrId=d0d518d800000000000000248c5145c6 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {25ED8768-A7D9-4C38-85B7-1FF026B3DC77} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{25ED8768-A7D9-4C38-85B7-1FF026B3DC77}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGLL_deDE455 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.10.28 21:41:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.02 17:37:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.01 11:19:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.28 21:41:39 | 000,000,000 | ---D | M] [2011.10.28 21:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2012.09.18 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\8y2q712m.default\extensions [2012.09.18 17:45:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\8y2q712m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.25 22:38:28 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\8y2q712m.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012.09.18 17:24:48 | 000,002,223 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\8y2q712m.default\searchplugins\BabylonMngr.xml [2012.04.15 13:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 17:37:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.28 00:27:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.18 17:24:37 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.01 11:42:44 | 000,001,067 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 195.137.236.101 O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG) O4 - HKCU..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl04b\Brinstck.exe (Brother Industries, Ltd.) O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.178.30/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E295DFA-68B1-4CB0-8794-C08C72D4CB25}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0D8198C-F756-4755-A13D-69425ECA16A6}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.08 21:42:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.10.08 21:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.08 20:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\dxqkpljbjfyamxr [2012.10.06 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Fotos_taufe [2012.09.23 11:12:45 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Fotos [2012.09.19 14:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.19 14:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.19 14:45:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.18 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Software4u [2012.09.18 17:24:49 | 000,000,000 | ---D | C] -- C:\Users\PC\Start Menu [2012.09.18 17:24:33 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Babylon [2012.09.18 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.09.18 17:07:33 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\DiskAid [2012.09.16 20:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader [2012.09.16 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader [2012.09.16 20:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications [2012.09.16 16:49:25 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Felix [2012.09.14 07:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.14 07:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.14 07:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.14 07:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.09.14 07:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\PC\Documents\*.tmp files -> C:\Users\PC\Documents\*.tmp -> ] [1 C:\Users\PC\*.tmp files -> C:\Users\PC\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.08 21:42:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.10.08 21:41:45 | 000,000,384 | ---- | M] () -- C:\Users\PC\defogger_reenable [2012.10.08 21:29:32 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 21:23:37 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 21:23:37 | 000,016,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.08 21:23:36 | 001,501,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.08 21:23:36 | 000,655,496 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.08 21:23:36 | 000,617,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.08 21:23:36 | 000,130,054 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.08 21:23:36 | 000,106,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.08 21:18:31 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc900a813cade0.job [2012.10.08 21:18:27 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.10.08 21:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.08 21:18:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.10.08 20:56:10 | 000,076,360 | ---- | M] () -- C:\ProgramData\wxunaalefqtbpuf [2012.10.08 20:41:38 | 000,001,432 | ---- | M] () -- C:\Users\PC\Desktop\73fd2f2b6f01f6495d1fe749522a2f46.dlc [2012.10.06 09:42:14 | 000,323,264 | ---- | M] () -- C:\Users\PC\Desktop\Katzenfutter.jpg [2012.10.04 19:05:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.02 05:48:22 | 000,158,618 | ---- | M] () -- C:\Users\PC\Desktop\kabeldeutschland-kuendigung.pdf [2012.09.23 11:15:52 | 003,306,375 | ---- | M] () -- C:\Users\PC\Desktop\files.rar [2012.09.18 17:28:33 | 001,598,968 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.18 17:24:40 | 000,000,315 | ---- | M] () -- C:\user.js [2012.09.16 20:18:20 | 000,001,289 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2012.09.14 07:16:46 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\PC\Documents\*.tmp files -> C:\Users\PC\Documents\*.tmp -> ] [1 C:\Users\PC\*.tmp files -> C:\Users\PC\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.08 21:41:44 | 000,000,384 | ---- | C] () -- C:\Users\PC\defogger_reenable [2012.10.08 21:29:32 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.08 20:56:04 | 000,076,360 | ---- | C] () -- C:\ProgramData\wxunaalefqtbpuf [2012.10.08 20:41:38 | 000,001,432 | ---- | C] () -- C:\Users\PC\Desktop\73fd2f2b6f01f6495d1fe749522a2f46.dlc [2012.10.06 09:42:13 | 000,323,264 | ---- | C] () -- C:\Users\PC\Desktop\Katzenfutter.jpg [2012.10.02 05:47:28 | 000,158,618 | ---- | C] () -- C:\Users\PC\Desktop\kabeldeutschland-kuendigung.pdf [2012.09.23 11:15:51 | 003,306,375 | ---- | C] () -- C:\Users\PC\Desktop\files.rar [2012.09.18 17:26:48 | 001,598,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.18 17:24:40 | 000,000,315 | ---- | C] () -- C:\user.js [2012.09.16 20:18:20 | 000,001,289 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2012.09.14 07:16:46 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.26 22:03:42 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\LPng.dll [2012.06.26 10:08:37 | 000,003,584 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.03 23:31:40 | 003,049,288 | ---- | C] () -- C:\Windows\SysWow64\VitaminCtrl.dll [2011.12.24 19:47:19 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.10.29 07:26:40 | 001,048,576 | ---- | C] () -- C:\Windows\1402.BIN [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.19 20:38:53 | 000,000,287 | ---- | C] () -- C:\Windows\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini [2011.02.19 20:37:48 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.02.11 00:04:32 | 000,000,342 | ---- | C] () -- C:\Users\PC\T-KonfigEu2k.ini [2010.04.12 10:54:00 | 005,172,735 | ---- | C] () -- C:\Users\PC\maria [2010.03.25 23:15:37 | 000,001,024 | ---- | C] () -- C:\Users\PC\.rnd ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.10.28 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\AnvSoft [2012.09.18 17:24:33 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Babylon [2012.03.05 22:10:16 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite [2011.10.28 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Degener [2012.09.18 17:07:33 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DiskAid [2012.06.03 18:33:12 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoft [2011.10.28 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.28 08:56:45 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular [2011.10.28 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Foxit Software [2011.10.28 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\IrfanView [2011.10.28 21:53:33 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MAGIX [2012.06.03 18:20:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Mp3tag [2011.12.03 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Nokia [2011.12.03 19:36:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Nokia Ovi Suite [2012.08.14 20:04:46 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org [2011.10.28 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.08.23 18:00:12 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PC-FAX TX [2011.10.28 21:53:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ProtectDISC [2012.09.18 17:29:35 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Software4u [2011.02.11 00:03:48 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\T-Eumex 2000PC SE [2011.10.28 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TachoPlus-FreeDriver [2011.10.28 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > [/code] Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.10.2012 21:44:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,17% Memory free 8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,16 Gb Total Space | 361,15 Gb Free Space | 25,85% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS Drive H: | 186,31 Gb Total Space | 88,59 Gb Free Space | 47,55% Space Free | Partition Type: NTFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{24E10B57-97B9-4CBA-829B-11966076CB8D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{DA76E03C-7F58-4B95-B6AE-D5EF7EEE168B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18184A87-3506-4DFF-99D3-3F97D481D09D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1F29F73A-8DB6-484C-869A-E35E807D94BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{20EFFF7A-567C-463B-9D32-6B2743861F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3EEDBE49-5BEC-4062-834D-73B715026071}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{4A4E73D4-310F-4C58-A62F-00FF4B4DC16D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4AA33030-1B4C-443A-9CB6-37748F369D00}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{4D1116D3-61B1-4C2C-9B35-07AEB97F1DE8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{4D1965B9-C571-433C-B3E3-4F3F2278C1C4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4D9D230E-19F1-47A5-B303-34874F3D3C75}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{4EB6E3B1-E463-4506-B95E-A4A64596EC14}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{4F1BC544-0F04-42BB-96CF-95BC3A547A4F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{60002C6F-573B-45FF-92F0-459DE7BBC67C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{698597D6-12BF-4C2D-A212-D2B0BFE29687}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{74854B95-1BAC-4494-A175-3EFF75F57C41}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{85278F1A-0A06-4E5C-A5B4-899630D150D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8A256F57-680B-42F7-B8A0-64BFB4527E36}" = protocol=6 | dir=in | app=c:\program files (x86)\cherry\smartdevice\ctcymconfig.exe | "{94022A0D-D9BF-4D31-B2AC-CF6DEE5768D3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A56B4582-A0E8-4519-86B0-6D095247F031}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AB1CF67C-EEED-4A3F-ABB6-587FC53661C4}" = protocol=17 | dir=in | app=c:\program files (x86)\cherry\smartdevice\ctcymconfig.exe | "{AC4B2067-6C66-405C-A0DB-C9081FC77602}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | "{AC57D82A-2ECD-46F9-82B5-DB80124FBE45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{AE1BE74D-CFE9-43CA-9A6D-18FCDFEA7EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{B05091C3-F46A-4532-A1D0-A406524AAB0E}" = protocol=17 | dir=in | app=c:\program files (x86)\deskshare\security monitor pro 4.4\security monitor pro.exe | "{B49C4A21-1AE9-4281-921B-0F0A9F275B45}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B4CE53E7-1B60-4029-B9C4-E0078807D403}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B82022D5-B662-4B7C-933C-0158C403871C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{D044969A-9132-404A-BEA1-AD6003F67D16}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D04AFB4B-35D7-4559-8FD6-07B8554E758C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D0537642-DC31-4CE9-900B-F7C6DC14B88C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D4DEB67D-E886-49FA-80AD-0A5D04ED5869}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{D80085FD-3579-417E-A061-FB34AA2E65C6}" = protocol=6 | dir=in | app=c:\program files (x86)\deskshare\security monitor pro 4.4\security monitor pro.exe | "{D938E2EE-B9D0-4F58-9CFD-9EF9FC16C556}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{EBCB626F-654D-4A9C-A0CF-E644FA99C92A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EDE985F6-5A5F-4B1F-A833-023E265991CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F2A1081A-0D51-417E-806C-A6B150A7A5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F47AE215-47BC-4B93-93B6-C575F3F97F25}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{FCA19F51-8BB1-4D86-AD2C-7684F74052AE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{FEF1CE7F-9AB3-476A-AB85-2EC87FC1F18C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{08223241-80E3-475C-AB89-60B3B18D1BFD}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{15DA412D-48E1-486C-8518-68EA742E829F}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe | "TCP Query User{1EC9E637-8814-4A31-B29F-9C1577F31D43}C:\windows\syswow64\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ipcamera.exe | "TCP Query User{3528A360-50A6-48A6-A734-73AB48FC2BED}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{4414D42C-ADF3-4F68-83AD-51F6C4E41337}C:\program files (x86)\ip camera super-client\superipcam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ip camera super-client\superipcam.exe | "TCP Query User{608545A1-90D0-4980-8806-BE86968AE612}C:\users\pc\desktop\iphone\tinyumbrella-4.32.01.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\iphone\tinyumbrella-4.32.01.exe | "TCP Query User{6BC93006-D547-4DFB-B62B-3B9B3696B945}C:\program files (x86)\go1984\go1984.exe" = protocol=6 | dir=in | app=c:\program files (x86)\go1984\go1984.exe | "TCP Query User{7B72DAC1-8CDF-49DE-B93B-CB51B5579001}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{87FA30B6-6C57-415C-BA49-D15A83799E3F}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "TCP Query User{ABD64876-F029-4AEE-8786-7710C44FD068}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{B092ECB3-96F7-4D81-BA7D-58BC7704127E}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe | "TCP Query User{D1E3DEB4-0BBB-486A-A0CD-005035D32EF3}C:\users\pc\desktop\iphone\tinyumbrella-4.30.05.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\iphone\tinyumbrella-4.30.05.exe | "TCP Query User{EDC3EB6D-8291-4F03-A01C-C5B0DBCAD402}C:\games\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "TCP Query User{F84651D5-2FDA-4443-A4E8-613429EEFA8B}C:\program files (x86)\beausoft\ncwpro32\ncw_de.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beausoft\ncwpro32\ncw_de.exe | "UDP Query User{482ACCB8-E0B5-456F-849E-ADB81F7C5905}C:\program files (x86)\ip camera super-client\superipcam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ip camera super-client\superipcam.exe | "UDP Query User{51B5708E-0869-4AA6-A0BC-99459F3B3399}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{679C5EC2-20AB-482F-AA1B-DE9BCC1930EC}C:\program files (x86)\beausoft\ncwpro32\ncw_de.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beausoft\ncwpro32\ncw_de.exe | "UDP Query User{83FDE203-EA00-4C2C-B701-CC01711469AB}C:\games\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\games\call of duty black ops\blackops.exe | "UDP Query User{88215423-A05C-4C39-8EB2-FB6D08BFA99E}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | "UDP Query User{90B648F7-2AE5-45F7-AE2A-56566D387F94}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{926CFBB6-7EA8-428C-BD8D-6795D7387F87}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{9A248836-4117-492A-B715-B209DF4DF676}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero showtime\showtime.exe | "UDP Query User{A344014A-C05A-47D3-890B-CE36A51DB3CD}C:\users\pc\desktop\iphone\tinyumbrella-4.32.01.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\iphone\tinyumbrella-4.32.01.exe | "UDP Query User{A3E8D66D-3402-4A29-AEB9-040D7E19F071}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{BDDCC391-0AAF-44EF-9395-B072E54A61E8}C:\windows\syswow64\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ipcamera.exe | "UDP Query User{D3B6F474-9A01-4AF7-9E95-DB8B064527F7}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe | "UDP Query User{E46D9E1F-0012-47E3-B6AA-72779B77E1BE}C:\users\pc\desktop\iphone\tinyumbrella-4.30.05.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\iphone\tinyumbrella-4.30.05.exe | "UDP Query User{EF1830F4-0D3C-4B0C-8D13-41F80F326E45}C:\program files (x86)\go1984\go1984.exe" = protocol=17 | dir=in | app=c:\program files (x86)\go1984\go1984.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "MediaInfo" = MediaInfo 0.7.60 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater "{554A4E80-0001-2008-FFFF-11FF59A27A18}" = 3D-Garten 9.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7EEE4DC5-9D83-418F-B8AD-ABBAFD7DD961}" = GloboFleet CC Plus "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version "{8FA8F567-E8F1-477E-969F-7F958F009EF8}_is1" = Battlefield 3 Version v1.0 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2 "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AD7FC27B-519A-48CB-B996-71A1B367F751}" = Ligos Indeo® Codecs "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{BABE1E59-F3A3-4B2B-80B1-41928543A042}" = Cherry SmartCard Package V2.0 Build 3 "{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone-Konfigurationsprogramm "{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8 "{BE59011C-CE48-45DC-9345-73D5C20C0EBB}_is1" = IP Camera Super-Client 1.0.4.276 "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DE2F265D-DC1F-4396-B8E7-E98E719AAA24}_is1" = CLICK & LEARN DiDi 360° 1.1 "{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0 "{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14 "{E83CD823-C522-4B71-B10A-E1088B3BD261}" = STK03N "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Any Video Converter_is1" = Any Video Converter 3.1.2 "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira Free Antivirus "Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7 "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "DAEMON Tools Lite" = DAEMON Tools Lite "Debut" = Debut Video Capture Software "DivX Setup.divx.com" = DivX-Setup "ElsterFormular 13.2.0.8623p" = ElsterFormular "Foxit Phantom" = Foxit Phantom "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Audio Converter_is1" = Free Audio Converter version 5.0.11.504 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "German Truck Simulator" = German Truck Simulator 1.00 "GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011 "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X "IP Camera" = IP Camera "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49b "MySSID_is1" = Vtune 7.13 "Nokia Ovi Suite" = Nokia Ovi Suite "Nokia PC Suite" = Nokia PC Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenAL" = OpenAL "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "SystemRequirementsLab" = System Requirements Lab "TIS-Compact Plus" = TIS-Compact Plus "Uninstall_is1" = Uninstall 1.0.0.1 "VisionGS PE_is1" = VisionGS PE "Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.6 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.10.2012 06:55:06 | Computer Name = PC-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 08.10.2012 06:55:08 | Computer Name = PC-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 08.10.2012 06:55:08 | Computer Name = PC-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 08.10.2012 06:56:47 | Computer Name = PC-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe" in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 08.10.2012 06:57:33 | Computer Name = PC-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.10.2012 14:01:14 | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UpdateChecker.exe, Version: 1.0.8.0, Zeitstempel: 0x4940a8f1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x76c Startzeit der fehlerhaften Anwendung: 0x01cda57e9c79e160 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 25d915c0-1172-11e2-bf96-00248c5145c6 Error - 08.10.2012 14:01:22 | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel: 0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel: 0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses: 0x1230 Startzeit der fehlerhaften Anwendung: 0x01cda57eece102a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Berichtskennung: 2ad75820-1172-11e2-bf96-00248c5145c6 Error - 08.10.2012 15:18:29 | Computer Name = PC-PC | Source = Avira Antivirus | ID = 4110 Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf! Fehlercode: 0x35 Error - 08.10.2012 15:20:34 | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UpdateChecker.exe, Version: 1.0.8.0, Zeitstempel: 0x4940a8f1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x548 Startzeit der fehlerhaften Anwendung: 0x01cda589b3277ac0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3b3290d0-117d-11e2-8ee3-00248c5145c6 Error - 08.10.2012 15:20:37 | Computer Name = PC-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.5.20.0, Zeitstempel: 0x4e991cc9 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.5.20.0, Zeitstempel: 0x4e991cc9 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f315 ID des fehlerhaften Prozesses: 0x13a8 Startzeit der fehlerhaften Anwendung: 0x01cda589ff008090 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe Berichtskennung: 3cd582d0-117d-11e2-8ee3-00248c5145c6 [ Media Center Events ] Error - 05.02.2011 16:28:29 | Computer Name = PC-PC | Source = MCUpdate | ID = 0 Description = 21:28:29 - Fehler beim Herstellen der Internetverbindung. 21:28:29 - Serververbindung konnte nicht hergestellt werden.. Error - 05.02.2011 16:29:14 | Computer Name = PC-PC | Source = MCUpdate | ID = 0 Description = 21:28:35 - Fehler beim Herstellen der Internetverbindung. 21:28:35 - Serververbindung konnte nicht hergestellt werden.. Error - 05.02.2011 17:29:20 | Computer Name = PC-PC | Source = MCUpdate | ID = 0 Description = 22:29:20 - Fehler beim Herstellen der Internetverbindung. 22:29:20 - Serververbindung konnte nicht hergestellt werden.. Error - 05.02.2011 17:29:29 | Computer Name = PC-PC | Source = MCUpdate | ID = 0 Description = 22:29:26 - Fehler beim Herstellen der Internetverbindung. 22:29:26 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 08.10.2012 15:19:34 | Computer Name = PC-PC | Source = PNRPSvc | ID = 102 Description = Error - 08.10.2012 15:19:34 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 08.10.2012 15:19:34 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = PNRPSvc | ID = 102 Description = Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = PNRPSvc | ID = 102 Description = Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 08.10.2012 15:19:44 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 08.10.2012 15:20:37 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > [/code] Gruß Björn |
09.10.2012, 03:51 | #2 |
/// Helfer-Team | Bundespolizei Trojaner entfernen1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
09.10.2012, 13:38 | #3 |
| Bundespolizei Trojaner entfernen Der Vollscan mit Malwarebytes brachte volgendes ergebnis:
__________________Code:
ATTFilter :Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.09.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 PC :: PC-PC [Administrator] 09.10.2012 06:43:10 mbam-log-2012-10-09 (06-43-10).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 674577 Laufzeit: 2 Stunde(n), 8 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\$Recycle.Bin\S-1-5-21-1902540448-104041187-2557872828-1000\$RKT52LZ\Xilisoft KeyGen Digerati 1.1.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Laptop\***\AppData\Local\Microsoft\Messenger\***@hotmail.de\Sharing Folders\deinkumpelchen@hotmail.com\SMResLib.dll (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Laptop24.10.2008\Programme\Reconnect\Fritz!Box\bat\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Laptop24.10.2008\Programme\Reconnect\Fritz!Box\bat2\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Laptop_15.07.2008\exe\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Laptop_Arbeit\exe\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\Netbook\Neuer Ordner\Programme\CL\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\PC_14.03.2010\Desktop\BIOS\AWDFLASH134.EXE (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Desktop\Festplatte_Filme\PC_14.03.2010\Desktop\Programme\Cryptload\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\PC\Downloads\IDMSetup_1500.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.004 - Datei am 09/10/2012 um 14:21:29 erstellt # Aktualisiert am 06/10/2012 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : PC - PC-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\PC\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8y2q712m.default\BrowserMngr_extensions.sqlite Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8y2q712m.default\browsermngr_prefs.js Datei Gefunden : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8y2q712m.default\searchplugins\BabylonMngr.xml Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\Users\PC\AppData\LocalLow\BabylonToolbar Ordner Gefunden : C:\Users\PC\AppData\Roaming\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\DataMngr Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BrowserMngr Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-1902540448-104041187-2557872828-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112542&tt=120912_ccp_3812_3&babsrc=HP_ss&mntrId=d0d518d800000000000000248c5145c6 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112542&tt=120912_ccp_3812_3&babsrc=NT_ss&mntrId=d0d518d800000000000000248c5145c6 -\\ Mozilla Firefox v12.0 (de) Profilname : default Datei : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8y2q712m.default\prefs.js Gefunden : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112542&tt=120912_ccp_3812_[...] Gefunden : user_pref("avg.install.userSPSettings", "Search the web (Babylon)"); Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)"); Gefunden : user_pref("extensions.BabylonToolbar.admin", false); Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Gefunden : user_pref("extensions.BabylonToolbar.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=120912_ccp_3812_3"); Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", "18"); Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE"); Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gefunden : user_pref("extensions.BabylonToolbar.envrmnt", "production"); Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false); Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "54E919ECC39CE427AECB9F5932978334"); Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false); Gefunden : user_pref("extensions.BabylonToolbar.id", "d0d518d800000000000000248c5145c6"); Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15601"); Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1217:24:40"); Gefunden : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1"); Gefunden : user_pref("extensions.BabylonToolbar.newTab", false); Gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...] Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar.sg", "azb"); Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12"); Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1217:24:40"); Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=120912_ccp_3812_3"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1217:24:40"); Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)"); Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=112542&tt=120912_ccp_38[...] ************************* AdwCleaner[R1].txt - [6903 octets] - [09/10/2012 14:21:29] ########## EOF - C:\AdwCleaner[R1].txt - [6963 octets] ########## Gruß Björn Geändert von bm_6300 (09.10.2012 um 13:44 Uhr) |
09.10.2012, 23:12 | #4 | |
/// Helfer-Team | Bundespolizei Trojaner entfernenZitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
Themen zu Bundespolizei Trojaner entfernen |
antivir, any video converter, backdoor.small, black, bonjour, diagnostics, document, entfernen, fehler, firefox, flash player, iexplore.exe, install.exe, installation, intranet, jdownloader, logfile, mozilla, nvidia update, object, plug-in, pup.bundleinstaller.bi, pup.netcat, pup.smspay.pns, registry, registry cleaner, richtlinie, search the web, security, senden, software, trojan.agent.gni, trojaner, version., windows |