| |
| |||||||
Log-Analyse und Auswertung: Trojaner Bundespolizei 2.07 (unter Window 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.11.2012, 23:21
| #1 |
 |  Trojaner Bundespolizei 2.07 (unter Window 7) Hi, bei mir hat sich gestern der Trojaner Bundespolizei in der Version 2.07 eingenistet. Nach längerer Recherche, habe ich mit Kaspersky WindowsUnlocker meinen Rechner wieder entsperren können. Dateien waren zum Glück keine verschlüsselt. Heute habe ich mit Malwarebytes 6 Stunden lang einen Scan laufen lassen wo mir 24 Dateien als infiziert angezeigt wurden. Diese habe ich dann gelöscht (irgendwo hier habe ich dann später erst gelesen ich hätte die Files in Quarantäne platzieren sollen). Der Rechner macht den "Anschein", den ersten "Schnupfen" überwunden zu haben. Was mich jetzt aber stutzig macht - ich kann avast professional zwar installieren aber nicht ausführen nach dem Re-Start. Ich hoffe mir kann jemand helfen wie ich den Rechner wieder sauber bekomme. Oder sollte ich den Rechner lieber gleich neu aufsetzen? Beste Grüße Oli OTL.txt Code:
ATTFilter OTL logfile created on: 17.11.2012 22:43:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\im-med\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free 4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS Computer Name: im-medi | User Name: im-med | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe PRC - [2012.11.12 17:03:55 | 006,610,592 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012.09.30 12:01:09 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe PRC - [2011.01.05 14:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2011.01.05 14:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012.10.31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012.10.31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012.10.31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012.10.31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012.10.31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012.10.31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012.10.31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012.10.31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.01.23 18:47:44 | 000,148,280 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\ezprint.exe MOD - [2010.04.05 04:56:07 | 000,716,954 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizard.dll MOD - [2010.04.05 04:55:15 | 000,159,890 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\customui.dll MOD - [2010.04.05 04:55:04 | 000,061,604 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epfunct.dll MOD - [2010.04.05 04:54:59 | 000,123,033 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\eputil.dll MOD - [2010.04.05 04:54:52 | 000,143,502 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\imagutil.dll MOD - [2009.11.16 19:31:58 | 000,069,632 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll MOD - [2009.06.23 05:11:04 | 000,102,400 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epoemdll.dll MOD - [2009.06.23 05:10:29 | 000,045,056 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epstring.dll MOD - [2009.06.23 05:09:11 | 002,203,648 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\epwizres.dll MOD - [2009.03.02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Programme\Lexmark Pro800-Pro900 Series\lxecptp.dll ========== Services (SafeList) ========== SRV - [2012.10.29 12:20:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.01 12:25:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.10 17:57:18 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.05 14:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 14:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device) SRV - [2010.04.14 14:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.09.30 12:01:17 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2012.09.30 11:54:13 | 009,945,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.26 13:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.08.21 11:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.13 12:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.09.17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 12:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 12:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2000.07.24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\BrPar.sys -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 6C A8 21 F6 9E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.10 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.20 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2012.09.30 11:23:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.17 22:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.29 12:20:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.30 15:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Extensions [2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions [2012.10.13 20:12:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.09.30 21:47:25 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.11.02 08:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\Firefox\Profiles\367h1v77.default\extensions\trash [2012.11.02 08:40:27 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.11 09:07:05 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.09.30 21:47:25 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2012.09.30 21:47:26 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.10.26 09:03:34 | 002,042,937 | ---- | M] () (No name found) -- C:\Users\im-med\AppData\Roaming\mozilla\firefox\profiles\367h1v77.default\extensions\trash\firebug@software.joehewitt.com.xpi [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 12:20:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.29 12:20:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\im-med\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\im-med\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Google Mail = C:\Users\im-med\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.10.01 12:21:38 | 000,001,304 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\im-med\AppData\Roaming\Mozilla\Firefox\Profiles\367h1v77.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe () O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [{896FA599-5F89-AD42-B1F4-CEF0A900EDED}] "C:\Users\im-med\AppData\Roaming\Albea\samyh.exe" File not found O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A4E9AF-6E8F-42C6-B0FE-DD0505DF217D}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FEE007D-B489-49D7-B545-969B938158D4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun O33 - MountPoints2\{f690a86d-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell - "" = AutoRun O33 - MountPoints2\{f690a92b-0ae5-11e2-b8c5-fc9ba9d164a1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 22:28:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe [2012.11.17 22:21:48 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.11.17 22:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012.11.17 22:21:46 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.11.17 22:21:38 | 000,113,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.11.17 22:21:01 | 000,202,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.11.17 22:20:59 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.11.17 22:20:57 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.11.17 22:20:56 | 000,018,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.11.17 22:20:54 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.11.17 22:20:50 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.11.17 22:19:34 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys [2012.11.17 22:19:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.17 22:19:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.11.17 13:57:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Malwarebytes [2012.11.17 13:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.17 13:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.17 13:57:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.17 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited [2012.11.16 21:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.11.16 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.11.14 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Kreditkarte - Atlassian [2012.11.14 15:22:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Leadmanufaktur [2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.14 11:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.14 11:04:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\Application Data [2012.11.14 11:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\XMind [2012.11.13 13:49:10 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\#Companies [2012.11.04 19:33:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\Documents\_Privat [2012.11.04 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite [2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\WindSolutions [2012.11.04 19:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012.11.04 19:09:26 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\Moka [2012.11.04 19:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin [2012.11.04 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin [2012.11.02 10:37:31 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Roaming\GMX [2012.11.02 10:37:25 | 000,086,016 | ---- | C] (GMX GmbH) -- C:\Windows\System32\UIGMXMON.DLL [2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMX [2012.11.02 10:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\GMX [2012.11.02 10:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\GMX [2012.10.29 12:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.24 13:31:03 | 000,000,000 | ---D | C] -- C:\Users\im-med\Desktop\Smooth_Arrows_by_Limoli.csh [2012.10.24 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.10.24 11:25:01 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.10.24 11:07:05 | 000,000,000 | ---D | C] -- C:\Users\im-med\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2012.11.17 22:49:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000UA.job [2012.11.17 22:40:20 | 000,000,000 | ---- | M] () -- C:\Users\im-med\defogger_reenable [2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 22:32:19 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.17 22:31:55 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 22:31:55 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 22:31:55 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.17 22:31:55 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.17 22:28:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\im-med\Desktop\OTL.exe [2012.11.17 22:24:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.17 22:24:16 | 1853,136,896 | -HS- | M] () -- C:\hiberfil.sys [2012.11.17 22:21:48 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.17 22:20:50 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.17 20:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4229072982-2054732327-2107518541-1000Core.job [2012.11.17 13:58:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 12:56:48 | 002,338,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 21:20:33 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.11.15 10:35:20 | 000,003,849 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig [2012.11.15 09:45:20 | 000,004,214 | ---- | M] () -- C:\Users\im-med\Desktop\xmregs Report_raffle Details_20121115.csv [2012.11.12 11:58:31 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.11.04 19:17:25 | 000,001,441 | ---- | M] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk [2012.11.04 19:09:19 | 000,000,929 | ---- | M] () -- C:\Users\im-med\Desktop\iTwin.lnk [2012.10.30 13:00:59 | 000,131,284 | ---- | M] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF [2012.10.30 11:48:33 | 000,002,657 | ---- | M] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv [2012.10.24 18:51:10 | 000,386,556 | ---- | M] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf ========== Files Created - No Company Name ========== [2012.11.17 22:40:20 | 000,000,000 | ---- | C] () -- C:\Users\im-med\defogger_reenable [2012.11.17 22:21:48 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.17 13:57:08 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.17 12:46:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 12:45:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.16 21:20:33 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.11.16 21:20:32 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.11.15 09:45:15 | 000,004,214 | ---- | C] () -- C:\Users\im-med\Desktop\xmregs Report_raffle Details_20121115.csv [2012.11.04 19:17:25 | 000,001,441 | ---- | C] () -- C:\Users\im-med\Desktop\CopyTrans Control Center.lnk [2012.11.04 19:09:19 | 000,000,929 | ---- | C] () -- C:\Users\im-med\Desktop\iTwin.lnk [2012.10.30 11:47:07 | 000,002,657 | ---- | C] () -- C:\Users\im-med\Desktop\adcell_stornos_20121030.csv [2012.10.30 11:13:11 | 000,003,849 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check_dbf.eig [2012.10.30 11:10:22 | 000,131,284 | ---- | C] () -- C:\Users\im-med\Desktop\cid33_adcell_20121026_mailcom-check.DBF [2012.10.24 18:51:04 | 000,386,556 | ---- | C] () -- C:\Users\im-med\Desktop\Tobias Herrmann _ XING Kontakte.pdf [2012.10.01 14:20:09 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2012.10.01 14:20:07 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.10.01 14:20:07 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD5270DN.DAT [2012.10.01 14:18:13 | 000,000,060 | R--- | C] () -- C:\Program Files\BRINST.INI [2012.10.01 14:06:56 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini [2012.10.01 13:27:13 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.10.01 13:25:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.10.01 11:58:11 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll [2012.10.01 11:58:10 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll [2012.10.01 11:58:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll [2012.10.01 11:58:09 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll [2012.10.01 11:58:09 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll [2012.10.01 11:57:33 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll [2012.10.01 11:57:33 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll [2012.10.01 11:57:33 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll [2012.10.01 11:57:33 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll [2012.10.01 11:57:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll [2012.10.01 11:57:33 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe [2012.10.01 11:57:33 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll [2012.10.01 11:57:33 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe [2012.10.01 11:57:33 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll [2012.10.01 11:57:33 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll [2012.10.01 11:57:33 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll [2012.10.01 11:57:33 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll [2012.10.01 11:57:33 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll [2012.10.01 11:57:33 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe [2012.10.01 11:57:33 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll [2012.10.01 11:57:33 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll [2012.10.01 11:57:33 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll [2012.10.01 11:57:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll [2012.10.01 11:57:33 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll [2012.10.01 11:57:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll [2012.10.01 11:57:33 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll [2012.10.01 11:57:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll [2012.10.01 11:57:26 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll [2012.10.01 11:57:26 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll [2012.10.01 07:25:20 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.09.30 12:18:25 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2012.09.30 12:02:10 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2011.01.11 20:41:30 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2011.01.11 20:41:28 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011.01.11 20:41:28 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2011.01.11 20:09:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.01.11 20:06:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.17 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Albea [2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Bytemobile [2012.11.16 21:20:40 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Canneverbe Limited [2012.11.05 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FileZilla [2012.10.02 13:27:29 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\FireShot [2012.11.02 10:37:31 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\GMX [2012.11.04 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Moka [2012.10.24 11:25:02 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\pdfforge [2012.09.30 11:24:15 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone [2012.09.30 11:27:00 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\Vodafone Mobile Connect [2012.11.04 19:39:21 | 000,000,000 | ---D | M] -- C:\Users\im-med\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 17.11.2012 22:43:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\im-med\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 57,43% Memory free
4,60 Gb Paging File | 3,27 Gb Available in Paging File | 71,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284,99 Gb Total Space | 155,72 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
Computer Name: im-medi | User Name: im-med | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009F7B72-A330-48C9-85D1-60AFD5DE52AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{086BFEEF-C93C-497C-9437-227486795D0E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0999BB4A-7D4F-4B89-8D1D-C1265DE3F719}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13B7AFB5-8479-4BB2-8EBC-EDAA36BF3C55}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1FD09251-B030-4AF8-B9C9-DF722D8450ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{2177F39A-5C20-4582-8874-A6DDB12F6F3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{230FE251-99BC-42A6-9401-7D8FA63A44D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34AE78C5-1DEB-4BB6-896C-C40CEDBA4FA6}" = lport=139 | protocol=6 | dir=in | app=system |
"{35352748-6F7A-4023-A48D-E80026819A89}" = rport=139 | protocol=6 | dir=out | app=system |
"{429162CD-CB76-4DB0-9A36-CC04DA5C200D}" = rport=138 | protocol=17 | dir=out | app=system |
"{4CC11F06-62AF-4745-85FD-D1FC6ACEAAFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60A24E71-91F3-4668-B1C4-D6EF65EBC3B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{618B6DDB-D1D3-4B40-B7D0-4351C924F8C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{684DBBF6-4C64-4634-8207-E81EBACB0571}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FE9E805-8B4F-4B9C-82E0-FFC6A60E9686}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{719EDAEE-5B4B-4EE3-827D-0ED0D34E9EEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7418BE61-8611-478B-BBDB-36D0E7250880}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95020FDF-545D-49BD-A1FD-92FA3C945D31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5496FF9-0430-418D-8671-E1B3DFF21AD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AF49D643-17F5-414A-A257-C8CA2752AEA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C366341D-2B46-44A4-ACBF-94C3F914EDDE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C501AB6D-7E79-41A1-978F-A03F6655F408}" = lport=137 | protocol=17 | dir=in | app=system |
"{D6B019A6-E3C6-496F-BF1E-4CFA0408546A}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA15B0B8-3C62-470A-AE1C-211EBDB1004F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFB4665D-75B5-4C47-83C7-D50F7A840E94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0842BBE2-A663-4B05-A20A-C0880A005B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B078D9D-3907-48AF-A459-5FF5785C4496}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{0C5C935A-AB1C-4F8B-A36D-0F62201AD41A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1104325E-4DA8-4D43-9E4E-0534E42A7693}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1F73A9DC-F2B9-4955-A989-1D0EE7B743A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A9AE2E2-3658-471A-BFBE-61BDE3DD0DFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30B929C7-8A1F-4E1E-BB4A-B191272B54B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C324557-D38D-41A5-9441-8EC21B9E0A73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3DDA006C-401E-4626-A8DE-58E9AABCB30A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C36D7AC-B902-4F82-B94A-1D022AD759DE}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{7A053C22-22E6-4037-8B92-DF4E49A5F7F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EF13B66-E933-449D-A81E-3936C23E47E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{930859CF-8287-4AB9-B366-F792F47E626E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BF41D3B-C7D1-47B5-B7FF-C485396CED78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C915439-9EA8-44A0-AE2D-3A4F0EEDD3FB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A7F5319F-F10F-47BD-BDCF-7B5C5A0DB827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D05464-1F41-4A9D-8A46-1D1601D3B012}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B36BB1EB-8F0D-4B11-B67E-E0581E51C7C1}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{B7860D1F-1892-4227-B0E6-188832512744}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA69FDD3-12CA-4ADB-88E3-F5AF3ADF5796}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D27A7749-39F6-4940-BDCC-4FB16ACB4851}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D93631C9-1DE1-483C-8FC1-BF1AADDCC0B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE59B111-2250-4C8B-A74B-F7F4AF20A8DC}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{DF577650-10A1-40D2-A0EC-906955C1ACBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E025B650-3217-46D7-8AB1-1156215E7B23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F13D36AB-3E63-4F9A-B96F-A823CEBB41C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2ABEAEB-F58C-40DE-AC69-FDCE0E09B2A5}" = protocol=6 | dir=out | app=system |
"{F346281D-D03C-4527-9586-E206B521003C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F625D04A-71C7-4D68-8DE1-50A6D52C8FBE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{BC62F20F-922E-4C6F-A435-83288A008206}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BEBD938C-906E-4448-A2D8-87A73634E864}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D6D26B2D-EAA7-47D9-85DE-7220FC75E5AA}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E6288DD0-5B3B-42B0-8C55-B31BD2D7AC75}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E804E58F-1F43-40DC-B30C-EAFCF3D7D1FF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{31AEDA06-A4F7-4BE9-B1C4-6FD1FAFBAA0C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{3EAF3749-795E-4BFA-B2B7-4F745D090AC5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{66287A91-A075-4BA9-BE56-8AD767D8CEA3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7C7A55AF-BCEA-4361-B41B-D33BF4FA7816}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B4AA90C4-0BF2-4CC7-8069-7EA06CBA6F29}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.11
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"avast" = avast! Internet Security
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileZilla Client" = FileZilla Client 3.5.3
"GMX ProfiFax" = GMX ProfiFax
"iTwin_is1" = iTwin 3.3 Final
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"MailCom Adressen-Tools 7.0" = MailCom Adressen-Tools 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"PSPad editor_is1" = PSPad editor
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"XMind" = XMind
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1632737
Error - 17.11.2012 13:15:30 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1632737
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 455538
Error - 17.11.2012 15:37:42 | Computer Name = im-medi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 455538
Error - 17.11.2012 15:41:22 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 16:11:16 | Computer Name = im-medi | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 17.11.2012 17:05:44 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 17:15:42 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 17.11.2012 17:24:49 | Computer Name = im-medi | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 17.11.2012 17:15:35 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.11.2012 17:15:47 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
avast! Antivirus erreicht.
Error - 17.11.2012 17:21:58 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
avast! Antivirus erreicht.
Error - 17.11.2012 17:24:40 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avast! Antivirus" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7002
Description = Der Dienst "BrPar" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxecCATSCustConnectService erreicht.
Error - 17.11.2012 17:24:42 | Computer Name = im-medi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxecCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.11.2012 17:24:53 | Computer Name = im-medi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
tcpipBM
< End of report >
|
|
18.11.2012, 01:24
| #2 |
| /// Helfer-Team  | Trojaner Bundespolizei 2.07 (unter Window 7) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [{896FA599-5F89-AD42-B1F4-CEF0A900EDED}] "C:\Users\im-med\AppData\Roaming\Albea\samyh.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\im-med\*.tmp
C:\Users\im-med\AppData\Local\{*}
C:\Users\im-med\AppData\Local\Temp\*.exe
C:\Users\im-med\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
18.11.2012, 22:27
| #3 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) Hallo t'john,
__________________nachdem mein Rechner nicht stabil lief und immer wieder runtergefahren ist. Habe ich mich dazu entschlossen meinen Rechner neu aufzusetzen. Da ich nicht sicher bin ob ich richtig vorgegangen bin und damit auch den Trojaner los geworden bin wollte ich mich bei dir nochmal vergewissern. 1) Win7 Installation und die Partitionen gelöscht und 2 neue eingerichtet (1 für Programme, 2 für Dateien). 2) zuerst avast und malebyteware installiert (man lernt ja dazu ;-) ) 3) alle notwendigen Treiber für meinen Notebook installiert sowie ein paar Programme wie Firefox usw. 4) HINWEIS: Avast hat mich während ich online ware dann doch vor einem Trojaner gewarnt als eine URL aufgerufen wurde, die verdächtig so aussah wie die, als ich mir den Trojaner eingefangen habe. Deshalb habe ich die Befürchtung, dass der Trojaner doch noch irgendwo schlummert. Aus diesem Grund habe ich OTL nochmals ausgeführt und schicke Dir die beiden neuen Logfiles OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.11.2012 22:11:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oh\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,30 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 50,75% Memory free 4,60 Gb Paging File | 3,43 Gb Available in Paging File | 74,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 83,46 Gb Free Space | 85,46% Space Free | Partition Type: NTFS Drive D: | 187,33 Gb Total Space | 187,01 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Drive F: | 15,05 Gb Total Space | 1,71 Gb Free Space | 11,37% Space Free | Partition Type: FAT32 Drive G: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 930,86 Gb Total Space | 4,06 Gb Free Space | 0,44% Space Free | Partition Type: NTFS Computer Name: XMV | User Name: oh | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.18 22:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oh\Downloads\OTL.exe PRC - [2012.11.18 21:51:22 | 000,233,472 | ---- | M] (Alcor Micro Corp.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe PRC - [2012.11.18 21:39:59 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2011.01.05 15:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.12.03 14:47:42 | 000,701,832 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2010.12.03 14:47:40 | 000,701,824 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010.12.03 14:47:40 | 000,701,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - [2012.11.18 21:57:56 | 000,029,232 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) DRV - [2012.11.18 21:40:06 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.09.30 11:54:13 | 009,945,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.07.13 12:47:41 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) DRV - [2009.09.17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B E4 23 FB C4 C5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.18 21:25:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 21:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oh\AppData\Roaming\mozilla\Extensions [2012.11.18 22:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.18 22:07:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297483FD-D1E7-47FD-A238-DD5B0743CE77}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{8cc37f36-31b5-11e2-aeac-edee0ccccdeb}\Shell - "" = AutoRun O33 - MountPoints2\{8cc37f36-31b5-11e2-aeac-edee0ccccdeb}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009.10.14 22:28:45 | 003,271,968 | ---- | M] (Western Digital) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.18 22:07:57 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.18 22:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind [2012.11.18 22:07:43 | 000,000,000 | ---D | C] -- C:\Users\oh\Application Data [2012.11.18 22:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.18 22:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.18 22:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.11.18 22:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\XMind [2012.11.18 21:57:25 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2012.11.18 21:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM [2012.11.18 21:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2012.11.18 21:53:42 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.11.18 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2012.11.18 21:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\AmIcoSingLun [2012.11.18 21:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam [2012.11.18 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Liteon [2012.11.18 21:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Crystal Eye webcam [2012.11.18 21:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2012.11.18 21:41:02 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EED32A.dll [2012.11.18 21:41:02 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EEL32A.dll [2012.11.18 21:41:02 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\EEG32A.dll [2012.11.18 21:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.11.18 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.11.18 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Mozilla [2012.11.18 21:25:54 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Mozilla [2012.11.18 21:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.18 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.11.18 21:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.18 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Google [2012.11.18 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Deployment [2012.11.18 21:24:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Apps [2012.11.18 21:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.18 20:59:16 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Malwarebytes [2012.11.18 20:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.18 20:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.18 20:59:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.18 20:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.18 20:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012.11.18 20:47:29 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.11.18 20:47:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.11.18 20:47:26 | 000,106,560 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.11.18 20:47:18 | 000,199,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.11.18 20:47:17 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.11.18 20:47:17 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.11.18 20:47:17 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.11.18 20:47:16 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.11.18 20:47:13 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.11.18 20:46:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.11.18 20:46:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.11.18 20:46:35 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys [2012.11.18 20:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.18 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.11.18 20:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco [2012.11.18 20:35:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.18 20:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2012.11.18 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\InstallShield [2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\Searches [2012.11.18 20:29:10 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.18 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Identities [2012.11.18 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\oh\Contacts [2012.11.18 20:28:47 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\VirtualStore [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Vorlagen [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Verlauf [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Temporary Internet Files [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Startmenü [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\SendTo [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Recent [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Netzwerkumgebung [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Lokale Einstellungen [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Videos [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Musik [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Eigene Dateien [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Documents\Eigene Bilder [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Druckumgebung [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Cookies [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\AppData\Local\Anwendungsdaten [2012.11.18 20:28:44 | 000,000,000 | -HSD | C] -- C:\Users\oh\Anwendungsdaten [2012.11.18 20:28:43 | 000,000,000 | --SD | C] -- C:\Users\oh\AppData\Roaming\Microsoft [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Videos [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Saved Games [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Pictures [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Music [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Links [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Favorites [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Downloads [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Documents [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\Desktop [2012.11.18 20:28:43 | 000,000,000 | R--D | C] -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.18 20:28:43 | 000,000,000 | -H-D | C] -- C:\Users\oh\AppData [2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Temp [2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Local\Microsoft [2012.11.18 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\oh\AppData\Roaming\Media Center Programs [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Programme [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.18 20:28:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.18 20:23:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.18 20:20:56 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.18 20:20:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.11.18 20:19:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2012.11.18 22:07:57 | 000,000,915 | ---- | M] () -- C:\Users\oh\Desktop\XMind.lnk [2012.11.18 21:57:56 | 000,029,232 | ---- | M] (EgisTec) -- C:\Windows\System32\drivers\FPSensor.sys [2012.11.18 21:40:06 | 000,308,128 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.11.18 21:40:00 | 000,001,096 | ---- | M] () -- C:\Windows\System32\drivers\SamSfPa.dat [2012.11.18 21:35:11 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.18 21:35:06 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.18 21:31:15 | 000,002,227 | ---- | M] () -- C:\Users\oh\Desktop\Google Chrome.lnk [2012.11.18 21:26:40 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.18 21:26:40 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.18 21:26:40 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.18 21:26:40 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.18 21:25:47 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.18 21:23:07 | 000,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 21:23:07 | 000,012,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 21:21:35 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.11.18 21:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 21:20:31 | 1853,149,184 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 21:17:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.18 20:56:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.11.18 20:47:30 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.18 20:35:14 | 000,707,378 | ---- | M] () -- C:\Windows\System32\oem1.inf [2012.11.18 20:34:51 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll [2012.11.18 20:31:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.18 20:24:55 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.18 20:23:43 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.10.30 23:51:58 | 000,199,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.10.30 23:51:56 | 000,106,560 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2012.11.18 22:07:57 | 000,000,915 | ---- | C] () -- C:\Users\oh\Desktop\XMind.lnk [2012.11.18 21:41:21 | 000,001,096 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2012.11.18 21:31:15 | 000,002,227 | ---- | C] () -- C:\Users\oh\Desktop\Google Chrome.lnk [2012.11.18 21:30:29 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.18 21:30:28 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.18 21:25:47 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.11.18 21:25:47 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.18 21:21:35 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.11.18 21:17:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.18 20:47:30 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012.11.18 20:35:18 | 000,707,378 | ---- | C] () -- C:\Windows\System32\oem1.inf [2012.11.18 20:34:56 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2012.11.18 20:31:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.18 20:29:11 | 000,001,409 | ---- | C] () -- C:\Users\oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.18 20:23:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.11.18 20:23:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.11.18 20:20:33 | 1853,149,184 | -HS- | C] () -- C:\hiberfil.sys [2012.11.18 19:52:04 | 000,020,757 | ---- | C] () -- C:\Windows\System32\nvdisp_IH.nvu [2012.11.18 19:52:00 | 001,921,265 | ---- | C] () -- C:\Windows\System32\iglhxa32.cpa [2012.11.18 19:52:00 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.11.18 19:52:00 | 000,060,254 | ---- | C] () -- C:\Windows\System32\iglhxg32.vp [2012.11.18 19:52:00 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp [2012.11.18 19:52:00 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp [2012.11.18 19:52:00 | 000,051,632 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp [2012.11.18 19:52:00 | 000,001,090 | ---- | C] () -- C:\Windows\System32\iglhxa32.vp [2012.11.18 19:51:59 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.11.18 19:51:59 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.11.18 19:51:58 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.11.18 19:51:57 | 000,189,494 | ---- | C] () -- C:\Windows\System32\Gfxres.th-TH.resources [2012.11.18 19:51:57 | 000,165,337 | ---- | C] () -- C:\Windows\System32\Gfxres.ru-RU.resources [2012.11.18 19:51:57 | 000,136,343 | ---- | C] () -- C:\Windows\System32\Gfxres.ja-JP.resources [2012.11.18 19:51:57 | 000,125,500 | ---- | C] () -- C:\Windows\System32\Gfxres.it-IT.resources [2012.11.18 19:51:57 | 000,123,172 | ---- | C] () -- C:\Windows\System32\Gfxres.ko-KR.resources [2012.11.18 19:51:57 | 000,121,115 | ---- | C] () -- C:\Windows\System32\Gfxres.tr-TR.resources [2012.11.18 19:51:57 | 000,120,308 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-BR.resources [2012.11.18 19:51:57 | 000,119,558 | ---- | C] () -- C:\Windows\System32\Gfxres.hu-HU.resources [2012.11.18 19:51:57 | 000,119,528 | ---- | C] () -- C:\Windows\System32\Gfxres.nl-NL.resources [2012.11.18 19:51:57 | 000,119,302 | ---- | C] () -- C:\Windows\System32\Gfxres.sv-SE.resources [2012.11.18 19:51:57 | 000,119,009 | ---- | C] () -- C:\Windows\System32\Gfxres.pt-PT.resources [2012.11.18 19:51:57 | 000,118,351 | ---- | C] () -- C:\Windows\System32\Gfxres.pl-PL.resources [2012.11.18 19:51:57 | 000,118,000 | ---- | C] () -- C:\Windows\System32\Gfxres.sk-SK.resources [2012.11.18 19:51:57 | 000,114,794 | ---- | C] () -- C:\Windows\System32\Gfxres.nb-NO.resources [2012.11.18 19:51:57 | 000,114,314 | ---- | C] () -- C:\Windows\System32\Gfxres.sl-SI.resources [2012.11.18 19:51:57 | 000,103,986 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-TW.resources [2012.11.18 19:51:57 | 000,102,825 | ---- | C] () -- C:\Windows\System32\Gfxres.zh-CN.resources [2012.11.18 19:51:57 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.11.18 19:51:56 | 000,178,349 | ---- | C] () -- C:\Windows\System32\Gfxres.el-GR.resources [2012.11.18 19:51:56 | 000,139,851 | ---- | C] () -- C:\Windows\System32\Gfxres.ar-SA.resources [2012.11.18 19:51:56 | 000,133,688 | ---- | C] () -- C:\Windows\System32\Gfxres.he-IL.resources [2012.11.18 19:51:56 | 000,122,869 | ---- | C] () -- C:\Windows\System32\Gfxres.es-ES.resources [2012.11.18 19:51:56 | 000,122,651 | ---- | C] () -- C:\Windows\System32\Gfxres.de-DE.resources [2012.11.18 19:51:56 | 000,120,742 | ---- | C] () -- C:\Windows\System32\Gfxres.fr-FR.resources [2012.11.18 19:51:56 | 000,118,687 | ---- | C] () -- C:\Windows\System32\Gfxres.cs-CZ.resources [2012.11.18 19:51:56 | 000,118,639 | ---- | C] () -- C:\Windows\System32\Gfxres.fi-FI.resources [2012.11.18 19:51:56 | 000,114,203 | ---- | C] () -- C:\Windows\System32\Gfxres.da-DK.resources [2012.11.18 19:51:56 | 000,110,156 | ---- | C] () -- C:\Windows\System32\Gfxres.en-US.resources ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.18 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\oh\AppData\Roaming\Liteon ========== Purity Check ========== < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 22:11:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oh\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,30 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 50,75% Memory free
4,60 Gb Paging File | 3,43 Gb Available in Paging File | 74,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 83,46 Gb Free Space | 85,46% Space Free | Partition Type: NTFS
Drive D: | 187,33 Gb Total Space | 187,01 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Drive F: | 15,05 Gb Total Space | 1,71 Gb Free Space | 11,37% Space Free | Partition Type: FAT32
Drive G: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 930,86 Gb Total Space | 4,06 Gb Free Space | 0,44% Space Free | Partition Type: NTFS
Computer Name: XMV | User Name: oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}" = Alcor Micro USB Card Reader
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"avast" = avast! Internet Security
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Google Chrome" = Google Chrome
"InstallShield_{BC15023B-48DB-4F71-9C25-CFE1A8BB7202}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"XMind" = XMind
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 16:51:39 | Computer Name = xmv | Source = VSS | ID = 8194
Description =
Error - 18.11.2012 17:02:32 | Computer Name = xmv | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerSvc.exe, Version: 5.0.3009.0,
Zeitstempel: 0x4d241b0f Name des fehlerhaften Moduls: ePowerSvc.exe, Version: 5.0.3009.0,
Zeitstempel: 0x4d241b0f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000097fb ID des fehlerhaften
Prozesses: 0xeac Startzeit der fehlerhaften Anwendung: 0x01cdc5cf0b1b5897 Pfad der
fehlerhaften Anwendung: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Berichtskennung:
44e77285-31c3-11e2-8ace-83bdd0ba5d92
[ System Events ]
Error - 18.11.2012 15:50:36 | Computer Name = xmv | Source = DCOM | ID = 10010
Description =
Error - 18.11.2012 16:00:42 | Computer Name = xmv | Source = DCOM | ID = 10010
Description =
Error - 18.11.2012 17:02:34 | Computer Name = xmv | Source = Service Control Manager | ID = 7034
Description = Dienst "Acer ePower Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
|
|
19.11.2012, 05:56
| #4 | |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Wieso hast du, ob wohl du neuaufgestzt hast, eine veraltete Software installiert? Zitat:
Wie kann das sein? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
20.11.2012, 11:41
| #5 | ||
| | Trojaner Bundespolizei 2.07 (unter Window 7) Hi, ich habe wie Du geschrieben hast, Java aktualisiert und im Nachgang aus Chrome und Firefox das Plugin deaktiviert. Hier die copy & paste Infos, die Du wolltest. Passt jetzt soweit alles oder muss ich noch auf etwas achten? Ganz herzlichen Dank schon mal für die schnelle und grandiose Hilfestellung hier! VG, Oliver Zitat:
PluginCheck Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 11,0,0,379 ist aktuell. Zitat:
Firefox 16.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 11,0,0,379 ist aktuell. |
|
21.11.2012, 04:24
| #6 |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Sehr gut!  damit bist Du sauber und entlassen!  Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun?
__________________ --> Trojaner Bundespolizei 2.07 (unter Window 7) |
|
23.11.2012, 10:17
| #7 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) Hi, ich hätte doch nochmal eine Frage. Und zwar warnt mich mein Virenscanner avast tagtäglich bzgl. folgender Datei C:\Windows\System32\igfxpers.exe Hier die Erklärung von avast: hxxp://www.avast.com/de-de/lp-pr-virus-alert?p_ext=&utm_campaign=Virus_alert&utm_source=prg_ise_70_0&utm_medium=prg_systray&utm_content=.%2Fpaid%2Fde-de%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Windows\System32\igfxpers.exe&p_obj=hxxp://hittachis.ru/d1yehX?ENYkjRnOHixPXf=XRvRpOIQNXhertwDc%26dqgfqtknwHMOH=PslRphXNINab%26RMnaBhcQPGJ=yGKhSFgrUOxKiH&p_var=.%2Fpaid%2Fde-de%2Fvirus-alert-default&p_pro=2&p_vep=7&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=312&p_lng=de&p_lid=de-de&p_elm=7&p_vbd=1474 Ist bei mir eventuell immer noch etwas im argen was ich ändern sollte? Danke schon mal und beste Grüße, Oliver |
|
23.11.2012, 21:50
| #8 |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Send file" nach VirusTotal hochladen und prüfen lassen. Sollte die Datei bereits einmal geprüft sein, bitte auf Reanalyze klicken. Beim Firefox mit installiertem NoScript bitte VirusTotal erlauben. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Reanalyse" erneut prüfen. Wenn das Ergebnis vorliegt, kopiere mir den Ergebnis-Link (aus der Adresszeile des Browsers) hier in den Thread. Auch wenn sich herausstellt, dass die Datei/en infiziert ist/sind, bitte nicht ohne Absprache löschen! |
|
23.11.2012, 22:27
| #9 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) Welche Code Box meinst Du? Soeben wurde von Avast auch noch die Warnung für Explorer.EXE gemeldet Das Ergebnis bei Virustotal war für folgende Dateien ohne Befund: C:\Windows\Explorer.EXE https://www.virustotal.com/file/9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad/analysis/1353706373/ C:\Windows\System32\igfxpers.exe https://www.virustotal.com/file/1d91f0990ae8b1371a10f0fb50aae5946e7d4e6f5008fb9f6327a02478528179/analysis/1353705732/ hmmm... Habe ich vielleicht sonst wo noch irgend ein Sicherheitsloch? Beste Grüße, Oliver P.S.: Falls Du mit Code Box die OTL Logfiles meintest, habe ich die Dateien, die ich finden konnte darin einfach mal analysiert. Hier das Ergebnis. An einer Stelle wurde was gefunden?! C:\Programme\AmIcoSingLun\AmIcoSinglun.exe https://www.virustotal.com/file/f8925ca0a2643a1f6bbf5a76185c9d2f8f2517bb349c17bd4e25bc995b856c99/analysis/1353706798/ C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe https://www.virustotal.com/file/7f556de5621dd00ed8ee4d3c0978a22a2c508d4a98764b3fd2d00b7aff882f11/analysis/1353706821/ **** >>> ByteHero Trojan.Exception.gen.101 <<< **** C:\Programme\AVAST Software\Avast\AvastUI.exe https://www.virustotal.com/file/570dbf28f6d77890476f7b6a9c57f77dcc3c51038a1780540032b5fd9cf72190/analysis/1353706845/ **************************************************** C:\Programme\AVAST Software\Avast\AvastSvc.exe https://www.virustotal.com/file/d3f5ba7000ef311a0e4772b5bf9b0bffca721fa971d87dd76b7e8b9b06e9bbc3/analysis/1353706869/ C:\Programme\AVAST Software\Avast\afwServ.exe https://www.virustotal.com/file/38e551ad9897b8bfc190bc5f3414ffae0e762e8d52f33ccb1173b678269505d4/analysis/1353706990/ C:\Programme\Mozilla Firefox\firefox.exe https://www.virustotal.com/file/99f0e817981c10913dfbeee84b085121e65ad55217abe975ad4b8819212fd1f6/analysis/1353707021/ C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe https://www.virustotal.com/file/84ab101003797c35475340a66cf6fd21498a378ef0e7698d543ca957d75dd67d/analysis/1353707049/ C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe https://www.virustotal.com/file/639603e698fb99f0100fc30e6ecdff06ff33d4dcac16ba5c65499e9bd4d958da/analysis/1353707096/ C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe https://www.virustotal.com/file/8db25546b444ae86aaaa5f2d6b45e8d0ec033c721475baeec252c53134609289/analysis/1353707127/ C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe https://www.virustotal.com/file/b8947015602a3bba5875d90098b6b13c0f2f1c9580ec9885852815e4d26ec886/analysis/1353707163/ C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe https://www.virustotal.com/file/970ac652f2b8c8f1383fbdb3def292ba762d20ad6079088943b9c8c253aa9281/analysis/1353707206/ C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe https://www.virustotal.com/file/50a51cbc68a8bf1ab95f3c8fb80afaddea82c49b39c9d5df110d5c1452972fd2/analysis/1353707285/ C:\Windows\System32\taskhost.exe https://www.virustotal.com/file/65e3d8ce737896647065103fbb4d58e6a34171d0a48662a832cfdac3cf469701/analysis/1353707322/ C:\Windows\explorer.exe https://www.virustotal.com/file/9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad/analysis/1353707356/ C:\Windows\System32\dinotify.exe https://www.virustotal.com/file/987986934c96dbb64f0a336b72520077fcd556524643bc03f02d1aab4b491d3d/analysis/1353707420/ C:\Windows\System32\conhost.exe https://www.virustotal.com/file/128f49a9e4f6073e53cbbafc999cdd34af9b0cef817673eac1946330bc7a95a8/analysis/1353707458/ ---------------------------------- C:\Windows\System32\control.exe https://www.virustotal.com/file/9678f973ddb06f3f77cddfe8c9f3152beb87aef5ef048b36966a2be787f5ad70/analysis/1353707506/ C:\Windows\winhlp32.exe https://www.virustotal.com/file/8d39ac4c416cae32a6787326d2cae0b0cd075915b75229572fa5d90fbb3dfe52/analysis/1353707533/ C:\Program Files\Mozilla Firefox\firefox.exe https://www.virustotal.com/file/99f0e817981c10913dfbeee84b085121e65ad55217abe975ad4b8819212fd1f6/analysis/1353707567/ C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe https://www.virustotal.com/file/0d2143b8a03c8db3963a6a32a144c55a18aabbf06c9e4b08e720e4c94d7b1143/analysis/1353707641/ Geändert von via75 (23.11.2012 um 22:57 Uhr) |
|
24.11.2012, 06:13
| #10 |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Es ist alles sauber. ESET Online Scanner
|
|
25.11.2012, 12:25
| #11 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) Hallo t'john, das hier ist das Logfile von ESET ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=12 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1b5ef3e3c756b940a72b72df5cf17b2d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-25 11:15:38 # local_time=2012-11-25 12:15:38 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 155348 105470046 0 0 # compatibility_mode=8192 67108863 100 0 3962 3962 0 0 # scanned=218547 # found=23 # cleaned=0 # scan_time=3283 C:\Windows\System32\hccutils.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igd10umd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igdumd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igdumdx32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igfxdev.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igfxdo.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igfxpph.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igfxress.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\igfxTMM.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\iglhcp32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\iglhsip32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\hccutils.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igd10umd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igdumd32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igdumdx32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxdev.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxdo.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxpph.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxress.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\igfxTMM.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\iglhcp32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\DriverStore\FileRepository\nvmvac.inf_x86_neutral_f1b2eb59748c91e8\iglhsip32.dll Win32/Goblin.E.Gen virus (unable to clean) 00000000000000000000000000000000 I ${Memory} Win32/Goblin.E.Gen virus 00000000000000000000000000000000 I Auf Grund des Viren-Ergebnisses habe ich mit Avira auch mal den Ordner C:\Windows\System32\ gescannt - aber Avira hat nichts gefunden. Geändert von via75 (25.11.2012 um 12:33 Uhr) |
|
26.11.2012, 03:05
| #12 |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Wo hast du die Treiber den hergehabt? |
|
26.11.2012, 10:10
| #13 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) ich habe alle Treiber von der Herstellerseite meines Notebooks heruntergeladen bzw. die die ich noch auf dem Rechner hatte verwendet: hxxp://www.acer.de/ac/de/DE/content/drivers Notebook < TravelMate < TravelMate 8472TG Was kann ich tun? |
|
27.11.2012, 12:58
| #14 |
| /// Helfer-Team | Trojaner Bundespolizei 2.07 (unter Window 7) Lade die Treiber neu runter, dann deinstalliere die Grafikkarte aus dem Geräte-Manager mit der Option Treiber löschen. Dann Rechner neustarten und neue Treiber installieren. |
|
29.11.2012, 10:11
| #15 |
| | Trojaner Bundespolizei 2.07 (unter Window 7) Ich habe mein System die letzten 2 Tage beobachtet und es scheint jetzt Ruhe im Karton zu sein! :-) Ganz herzlichen Dank für Deine bzw. Eure Unterstützung!!! Kann man bei Euch für Euren engagierten Service auch was Spenden oder so? Beste Grüße, Oliver |
|
| Themen zu Trojaner Bundespolizei 2.07 (unter Window 7) |
| 7-zip, adobe after effects, antivirus, autorun, bonjour, document, entfernen, fehler, firefox, flash player, google, gruppe, helper, hängen, install.exe, karte, kaspersky, kreditkarte, langs, locker, logfile, microsoft office word, mozilla, neu aufsetzen, pixel, plug-in, registry, richtlinie, rundll, scan, searchscopes, senden, software, svchost.exe, third party, trojaner, version=1.0, win32/goblin.e.gen, window 7 |
Linear-Darstellung
