| |
| |||||||
Log-Analyse und Auswertung: PolizeitrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.11.2012, 21:22
| #1 |
 |  Polizeitrojaner Hallo, meinen PC hat´s leider erwischt. Unten der Logfile aus malwarebytes, bitte um weitere Instruktionen. Vielen Dank Alex ----------------------------------- Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.13.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 petra :: PETRA-PC [Administrator] Schutz: Aktiviert 13.11.2012 21:10:57 mbam-log-2012-11-13 (21-10-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218095 Laufzeit: 4 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 2 C:\ProgramData\lsass.exe (Trojan.Delf) -> 2880 -> Löschen bei Neustart. C:\ProgramData\lsass.exe (Trojan.Delf) -> 3644 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Users\petra\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\petra\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart. C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart. C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
13.11.2012, 21:26
| #2 |
| /// Helfer-Team  | Polizeitrojaner http://www.trojaner-board.de/120156-...tml#post883848 Diese Infektion haettest du dir ersparen koennen, wenn du nicht abgebrochen haettest.
__________________ |
|
13.11.2012, 21:28
| #3 |
| | Polizeitrojaner Wie darf ich das bitte verstehen?
__________________ |
|
13.11.2012, 21:33
| #4 |
| /// Helfer-Team | Polizeitrojaner Du hast die Bereinigung damals abgebrochen. |
|
13.11.2012, 21:35
| #5 |
| | Polizeitrojaner das war mir nicht wirklich bewußt, sorry ich dachte ich hätte alle protokolle gepostet. Abgesehen davon ist nun leider ein anderer pc betroffen. Darf ich auf deine Hilfe zählen, ich gelobe Besserung! Danke Alex |
|
13.11.2012, 21:38
| #6 |
| /// Helfer-Team | Polizeitrojaner Wir sind fertig, wenn ich das Zeichen gebe, wenn du nochmal abhaust, werde ich dir nicht nochmal helfen. Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ --> Polizeitrojaner |
|
13.11.2012, 22:05
| #7 |
| | Polizeitrojaner vielen Dank für den Vertrauensvorschuß, ich werde dich nicht enttäuschen!. Also hier sind die beiden OTL Protokolle: OTL.txt -----------OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.11.2012 21:50:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\petra\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 67,66% Memory free 6,49 Gb Paging File | 5,33 Gb Available in Paging File | 82,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 676,63 Gb Free Space | 72,65% Space Free | Partition Type: NTFS Drive E: | 14,89 Gb Total Space | 2,48 Gb Free Space | 16,67% Space Free | Partition Type: FAT32 Computer Name: PETRA-PC | User Name: petra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\petra\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe () PRC - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe () PRC - C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA) PRC - C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Users\petra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe () MOD - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WSWNDA3100) -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe () SRV - (FTRTSVC) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (BCMH43XX) -- C:\Windows\System32\drivers\bcmwlhigh6.sys (Broadcom Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (SCMNdisP) -- C:\Windows\System32\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetter.at/ IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 1E 6D CF 20 7D CB 01 [binary data] IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\..\SearchScopes\{4303FAC2-C609-4B52-9800-B13257626D4E}: "URL" = hxxp://search.toolbars.alexa.com/?src={referrer:source}&q={searchTerms} IE - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.28 07:12:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.25 11:20:06 | 000,000,000 | ---D | M] [2011.06.01 08:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Extensions [2011.06.01 08:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010.11.22 15:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.06.01 08:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\petra\AppData\Roaming\mozilla\Firefox\Profiles\5gz8cw9i.default\extensions [2012.02.16 09:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.28 07:12:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.02.16 09:10:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.03 20:43:34 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2010.12.03 20:43:34 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2012.02.16 09:10:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.12.03 20:43:34 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Alexa) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlxTB2.9.39.dll (Alexa Internet, Inc.) O3 - HKU\S-1-5-21-21827887-2472640195-2750457125-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [IEWINTERNET-SPSessionManager] C:\Program Files\Orange\Internet Everywhere\SessionManager\SessionManager.exe (France Telecom SA) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-21827887-2472640195-2750457125-1000..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKU\S-1-5-21-21827887-2472640195-2750457125-1000..\Run: [googletalk] C:\Users\petra\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-21827887-2472640195-2750457125-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-21827887-2472640195-2750457125-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Windows\web\related.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000099 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000100 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000101 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000102 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000103 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000104 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000105 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000106 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000107 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000108 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000110 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000111 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{105054BA-2B26-4566-9AA3-18C7D311375E}: DhcpNameServer = 141.105.104.254 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C98F122E-C241-434A-A2B4-D8644463FF5E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAF33A70-CC22-4EDC-A860-0888EAC27346}: DhcpNameServer = 141.105.104.254 8.8.8.8 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{49870a0c-11b8-11e0-b567-6cf0497de596}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.13 21:40:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\petra\Desktop\OTL.exe [2012.11.13 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\petra\AppData\Roaming\Malwarebytes [2012.11.13 21:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.13 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.13 21:09:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.13 21:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2012.11.13 21:43:17 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.13 21:43:17 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.13 21:43:17 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.13 21:43:17 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.13 21:40:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\petra\Desktop\OTL.exe [2012.11.13 21:32:29 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.13 21:32:29 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.11.13 21:31:14 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 21:31:14 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.13 21:24:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.13 21:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.13 21:23:46 | 2613,698,560 | -HS- | M] () -- C:\hiberfil.sys [2012.11.13 21:23:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.13 21:17:50 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.13 21:09:39 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 08:25:00 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.31 20:13:04 | 000,750,424 | ---- | M] () -- C:\Users\petra\.spyglass.properties ========== Files Created - No Company Name ========== [2012.11.13 21:09:39 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.13 16:58:01 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.01.05 10:51:57 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2012.01.03 17:26:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.19 22:19:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT [2011.01.05 18:16:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.01.05 18:16:06 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.25 14:19:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.02 09:56:55 | 002,739,576 | ---- | C] () -- C:\Users\petra\.websiteauditor.properties [2010.11.22 17:43:26 | 000,534,386 | ---- | C] () -- C:\Users\petra\.ranktracker.properties [2010.11.22 17:37:10 | 000,457,379 | ---- | C] () -- C:\Users\petra\.linkassistant.properties [2010.11.22 15:39:48 | 000,750,424 | ---- | C] () -- C:\Users\petra\.spyglass.properties [2010.11.20 07:46:25 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2010.11.20 07:45:01 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.01.02 09:50:38 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\GoPal Assistant [2010.11.25 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\HandBrake [2011.02.02 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Samsung [2011.02.02 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\alex\AppData\Roaming\Uniblue [2012.11.13 20:35:10 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\go [2010.11.22 09:03:08 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\HamsterSoft [2011.01.07 06:28:23 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Samsung [2011.04.11 11:15:56 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\ScanSoft [2012.03.02 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\petra\AppData\Roaming\Uniblue ========== Purity Check ========== < End of report > ------------------------ und Extras.txt ------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 21:50:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\petra\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 67,66% Memory free
6,49 Gb Paging File | 5,33 Gb Available in Paging File | 82,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 676,63 Gb Free Space | 72,65% Space Free | Partition Type: NTFS
Drive E: | 14,89 Gb Total Space | 2,48 Gb Free Space | 16,67% Space Free | Partition Type: FAT32
Computer Name: PETRA-PC | User Name: petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_USERS\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange\Internet Everywhere\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Internet Everywhere\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22411F22-FE36-48E7-AA50-12DF6764E8BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A769C51-8B7A-48A5-95DC-505BC4FE747C}" = rport=139 | protocol=6 | dir=out | app=system |
"{30CC7038-6268-4B68-8DB8-5A74DF1DDE40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{317525DC-5E9A-4C1C-BB39-2CD597ED1DD9}" = lport=139 | protocol=6 | dir=in | app=system |
"{334FE1AC-066A-402C-BAAA-FD24A0E237A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{34FEC41C-5585-4861-BC1F-B72F5D0CDCB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{457BB8F5-E8D2-46CA-B3FB-52F5592116EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45F20F1E-C0EE-4002-A01A-37EBC46E4DC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E865C0E-E32A-488D-ACA5-CC78BB0DBA1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{612ED611-6C59-4FBE-99BE-08A14A591CE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71D54204-E8FA-430D-AFEC-D29180ACDD2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71DB8911-5978-41CA-BF93-7B1696C88B8D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7438BB0F-BF9A-4C1C-9024-31A367714339}" = lport=138 | protocol=17 | dir=in | app=system |
"{7A740D83-B25C-40ED-8FBA-E24884CF3FB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C0BA01B-5394-47FE-A343-A28744FE1DBA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7E074E3F-6B83-4C3A-A4F7-7994FFF147DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AABD985-14EC-4093-8CEF-1C4A07A73687}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD8A1287-9844-4DBB-AED9-1A2C6F53AA91}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF3A42CD-EE97-479B-8BB7-83744B9DE7D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3B25B12-72E2-49E9-961D-7A64137B081A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5D7852E-C3EB-4EC7-85CB-FF34D510F481}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD132A32-1C2B-429A-9383-E470654BA625}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC651E0F-037E-4E1B-A155-D162F2B7BFCD}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8971D3A-252F-4CAD-8713-C906E29DB1B8}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE188ED-B045-45C5-8FBC-408C8253F162}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0EA3EED3-AD25-4779-BC3F-C1471BBFC69D}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\bradminv3.exe |
"{12A2016B-032B-4B1B-94F3-CC8B97591101}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1DAC6504-12EA-4074-A28A-049A34E083CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27B60DC8-62B2-4AC9-8B4B-5D06A5E5DF3C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{38F376A0-5F25-401E-9641-00F1ECAA1406}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{393D10AB-B126-4ADF-B066-DF803CE5AC98}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46158779-1C00-46A9-818A-D76E8C4B63E6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47D9F196-DF7F-475A-93BA-73E52D0AFA80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4885EC3A-BAC1-4430-B007-981FDA6102A0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48D96478-C4D3-4D16-9990-A37372D149B5}" = protocol=6 | dir=out | app=system |
"{4B33E185-0824-4964-8775-677A80C52580}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5A704BFC-E626-4D24-95AF-63FEE9C0EAF6}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\auditorserver.exe |
"{64C87014-F9D8-477A-99DD-96B02160D8A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{71AF91CB-59AC-4DE0-9341-A051B8BEA48D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8007F6A8-437E-4FA3-A375-92C8C642C3FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BD36A80-60AF-49D8-9CCD-BDC13101ADB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91E313FC-AB26-426A-8612-CBF32066937C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93F2855C-9065-4A79-BF9F-0C9DDBFBEB4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{95003F61-F0D6-4E66-BD35-61127C3B0D1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C3F13CB-3D00-4D3F-9352-AE5D0437973C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9FF41BE9-AF9E-47C1-9F8B-444DE3ACCA0E}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\discover.exe |
"{A545DD7F-9D59-42DC-B4E1-FAEB00C735E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFBD598E-87D7-4590-A20F-6CBF543C7E2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B0D791EB-2284-4004-A89C-47605B116BA0}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\discover.exe |
"{BA939FBF-6FD9-4BE4-8BC2-9DE470893E23}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC8ED28D-5F8F-4F63-A517-F0635C3CDBC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BCF1586F-C992-44B5-9EF5-0E5F297952F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C321B1C3-A486-4E23-A798-9D134CB52686}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C44CC6B6-E520-4B49-AD4B-38C9239D87BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C501C378-722C-45D9-B8B7-3DF79C5B11B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C87F8B14-6658-47D2-8221-1CFA59303EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D189E8A6-1403-432F-9A57-7C40EDCACF18}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC54DC87-BC97-443C-A4B1-BA7199211C9B}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin professional 3\bradminv3.exe |
"{E793D792-B95C-4907-9B9A-72FC0BFDE44F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E940C11A-4BE4-49D1-9C7B-8010E4FB451C}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin professional 3\auditorserver.exe |
"{EF047300-A81E-4E70-B38B-E0065DC0D0BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF639FCC-7A73-4EF8-ABDB-3649DF1B60EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6F14465-E37B-486A-935D-D9D2C8E34963}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0B938193-3AF1-46ED-B960-6B71AD30828C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{14F27337-73D1-4698-B556-0E0791A31504}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{1B291DFB-DBCA-4298-A178-98526D02B927}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{299EB2C6-1E78-46B1-86CA-DC7AED4D0C8A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4E10F6C2-9C06-4174-B679-0D5446D31F05}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5EE931C0-075E-4821-95A0-368F0B6D1C34}C:\program files\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 4\dreamweaver.exe |
"TCP Query User{7B99A92E-1DAD-4263-B4E2-F2BA184AC7F8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{0AB8E914-119F-4AC4-A2DF-11E264BE4225}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{356E49D9-0519-4948-9E2F-1336C046FB02}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{605A9419-5FEF-4BFC-9D48-26811775528B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{617E1117-1EDE-4526-B7AB-624FF5AB1D7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CA0328A2-7774-44EF-80B5-E312D3F63FE1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D0D02232-195D-4D4C-9EB0-800513BCF5B9}C:\program files\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 4\dreamweaver.exe |
"UDP Query User{D7FFCCA2-FDDF-4A7F-895A-8BD436FBDFA7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{IEWINTERNET-SP}.UninstallSuite" = Internet Everywhere uninstall
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0.1
"Alexa Toolbar" = Alexa Toolbar
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Babarosa Gif Animator 3.6" = Babarosa Gif Animator 3.6 (Remove only)
"CardDetectorHUAWEI1752_1552" = Card Detector for Huawei E1752 and E1552
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla" = FileZilla (remove only)
"Google Chrome" = Google Chrome
"Handbrake" = Handbrake 0.9.4
"Indeo® software" = Indeo® software
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Medion GoPal Assistant" = Medion GoPal Assistant 4.03.006
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"seopowersuite" = SEO PowerSuite
"VLC media player" = VLC media player 1.1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-21827887-2472640195-2750457125-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = GameXN GO
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2012 18:31:20 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\setupApiWrapper64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.06.2012 01:52:34 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\carddetector\huawei1752_1552\setupApiWrapper64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.06.2012 01:54:29 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\InstallDevice64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.06.2012 01:54:30 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\setupApiWrapper64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2012 07:02:12 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\carddetector\huawei1752_1552\setupApiWrapper64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2012 07:04:16 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\InstallDevice64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2012 07:04:16 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\setupApiWrapper64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.07.2012 03:19:32 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\carddetector\huawei1752_1552\setupApiWrapper64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.07.2012 03:21:30 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\InstallDevice64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 03.07.2012 03:21:30 | Computer Name = petra-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Orange\internet
everywhere\installation\Core\setupApiWrapper64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ OSession Events ]
Error - 13.01.2011 10:13:09 | Computer Name = petra-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1357
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.11.2012 11:52:08 | Computer Name = petra-PC | Source = DCOM | ID = 10016
Description =
Error - 13.11.2012 11:59:43 | Computer Name = petra-PC | Source = DCOM | ID = 10010
Description =
Error - 13.11.2012 13:05:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 13:06:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 13:07:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 15:06:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 15:07:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 15:15:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 15:20:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
Error - 13.11.2012 15:27:44 | Computer Name = petra-PC | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
erreicht wurde.
< End of report >
--------------------- |
|
14.11.2012, 01:21
| #8 |
| /// Helfer-Team | Polizeitrojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
[2012.11.13 21:32:29 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.11.13 21:17:50 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\petra\*.tmp
C:\Users\petra\AppData\Local\{*}
C:\Users\petra\AppData\Local\Temp\*.exe
C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
|
|
14.11.2012, 10:53
| #9 |
| | Polizeitrojaner OK hier ist mal der 1. Schritt - das Logfile aus dem OTL FIx: (Rest folgt) ------------------- All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. C:\Windows\Tasks\RegistryBooster.job moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\petra\*.tmp not found. File\Folder C:\Users\petra\AppData\Local\{*} not found. C:\Users\petra\AppData\Local\Temp\NV_Meet_Participant.exe moved successfully. C:\Users\petra\AppData\Local\Temp\SkypeSetup.exe moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. File/Folder C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten. C:\Users\petra\Desktop\cmd.bat deleted successfully. C:\Users\petra\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: alex ->Temp folder emptied: 649415739 bytes ->Temporary Internet Files folder emptied: 239936776 bytes ->Java cache emptied: 3418967 bytes ->FireFox cache emptied: 68518862 bytes ->Google Chrome cache emptied: 46273566 bytes ->Flash cache emptied: 21194 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: petra ->Temp folder emptied: 357693544 bytes ->Temporary Internet Files folder emptied: 2055671533 bytes ->FireFox cache emptied: 6858101 bytes ->Google Chrome cache emptied: 10600663 bytes ->Flash cache emptied: 136809 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 332820905 bytes RecycleBin emptied: 12269845 bytes Total Files Cleaned = 3.608,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11142012_104731 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
14.11.2012, 11:28
| #10 |
| /// Helfer-Team | Polizeitrojaner Schritt 2, 3, 4  |
|
14.11.2012, 15:14
| #11 |
| | Polizeitrojaner OK, hier ist 2) Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.14.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 petra :: PETRA-PC [Administrator] Schutz: Aktiviert 14.11.2012 13:17:57 mbam-log-2012-11-14 (13-17-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492818 Laufzeit: 1 Stunde(n), 53 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Programminstallationen\oi_swfeasyzip.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programminstallationen\installer_shoutcast_server_1_9_8_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) hier ist 3) # AdwCleaner v2.007 - Datei am 14/11/2012 um 15:19:26 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : petra - PETRA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\petra\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\Alexa Toolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Alexa Internet Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\Software\Alexa Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v3.6.13 (de) Profilname : default Datei : C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\5gz8cw9i.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\l9fk3r3z.default\prefs.js Gefunden : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4733 octets] - [14/11/2012 15:19:26] ########## EOF - C:\AdwCleaner[R1].txt - [4793 octets] ########## und schließlich 4) ---------------- # AdwCleaner v2.007 - Datei am 14/11/2012 um 15:21:36 erstellt # Aktualisiert am 06/11/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : petra - PETRA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\petra\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Alexa Toolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Alexa Internet Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Alexa Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4a75-8CE7-263DBEF3E5D3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alexa Toolbar Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v3.6.13 (de) Profilname : default Datei : C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\5gz8cw9i.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\l9fk3r3z.default\prefs.js Gelöscht : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4862 octets] - [14/11/2012 15:19:26] AdwCleaner[S1].txt - [4795 octets] - [14/11/2012 15:21:36] ########## EOF - C:\AdwCleaner[S1].txt - [4855 octets] ########## |
|
14.11.2012, 20:56
| #12 |
| /// Helfer-Team | Polizeitrojaner Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
15.11.2012, 10:05
| #13 |
| | Polizeitrojaner Hallo, der Rechner läuft soweit gut, das popup ist auch nicht wieder aufgetaucht. Hier ist das logfile von emisoft (2 trojaner wurden gefunden - habe aber nichts gelöscht) ------------- Emsisoft Anti-Malware - Version 7.0 Letztes Update: 15.11.2012 07:36:14 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 15.11.2012 07:37:38 C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\417bc3d0-40989bae -> a/a.class gefunden: Trojan.Java.Exploit.O (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\417bc3d0-40989bae -> a/ya.class gefunden: Trojan.Java.Exploit.O (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d -> bagdfssdb.class gefunden: Exploit.Java.CVE-2012-5076.A (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d -> bagdfssda.class gefunden: Exploit.Java.CVE-2012-5076.A (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d -> NewClass1.class gefunden: Exploit.Java.CVE-2012-5076.A (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d -> bagdfssdd.class gefunden: Exploit.Java.CVE-2012-5076.A (B) C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d -> bagdfssdc.class gefunden: Exploit.Java.CVE-2012-5076.A (B) Gescannt 592674 Gefunden 7 Scan Ende: 15.11.2012 09:16:36 Scan Zeit: 1:38:58 |
|
15.11.2012, 11:24
| #14 |
| /// Helfer-Team | Polizeitrojaner Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
15.11.2012, 15:47
| #15 |
| | Polizeitrojaner ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b9a25f91c2b448488a6e6476ecda3cbf # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-15 02:39:01 # local_time=2012-11-15 03:39:01 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 24218496 24218496 0 0 # compatibility_mode=5893 16776574 100 94 19423423 104616078 0 0 # compatibility_mode=8192 67108863 100 0 3708 3708 0 0 # scanned=288453 # found=9 # cleaned=9 # scan_time=5454 C:\Daten\Firma\WWW\_Kunden\alemannia\wp-content\themes\theme1322\dos.php PHP/Obfuscated.F application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programminstallationen\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programminstallationen\Setup_FreeFlvConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programminstallationen\SoftonicDownloader_fuer_hamster-free-video-converter.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\alex\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\417bc3d0-40989bae a variant of Java/Exploit.CVE-2012-0507.U trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\762b3805-53437fa9 Java/Exploit.Agent.NBG trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\11142012_104731\C_Users\petra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\64c08c3e-46206c0d Java/Exploit.CVE-2012-1723.DF trojan (deleted - quarantined) 00000000000000000000000000000000 C |
|
| Themen zu Polizeitrojaner |
| administrator, anti-malware, appdata, autostart, bösartige, dateien, erfolgreich, explorer, gelöscht, gen, logfile, lsass.exe, löschen, malwarebytes, microsoft, minute, quarantäne, registrierung, roaming, service, speicher, startup, temp, test, version, wgsdgsdgdsgsd.exe |
Linear-Darstellung
