|
Plagegeister aller Art und deren Bekämpfung: Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.12.2012, 12:30 | #1 |
| Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam Hey, der Laptop von meiner Freundin ist mit dem 100€ Paysafe Virus befallen, der auch auf die Webcam zugreift. Es handelt sich um einen relativ alten Laptop auf dem noch Vista läuft. Sobald der PC komplett hochgefahren ist, kommt sofort dieser Virus und es is nicht möglich des Task Manager oder irgendein Programm zu starten. |
06.12.2012, 12:33 | #2 | ||
/// TB-Ausbilder | Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcamIch werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Scan und Unlock mit SREP Downloade dir bitte srep.exe und speichere diese auf einen USB Stick. Wichtig: Nicht in einen Ordner speichern.
Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.
__________________ |
06.12.2012, 14:43 | #3 | ||
| Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam Sorry, hab beim editieren zuviel Zeit verplempert.
__________________Dies sollte eigentlich der eigentliche Post zu dem Thema werden: Auch ich wurde von diesem Virus heimgesucht. Habe mich erstmal allein aufgemacht, den Virus zu beseitigen: 1. Im abgesichteren Modus gestartet. - Malwarebytes Anti-Malware -> quickscan Zitat:
Zitat:
OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.12.2012 11:40:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kasimir\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,58% Memory free 4,00 Gb Paging File | 3,13 Gb Available in Paging File | 78,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 8,73 Gb Free Space | 8,94% Space Free | Partition Type: NTFS Drive E: | 135,22 Gb Total Space | 29,33 Gb Free Space | 21,69% Space Free | Partition Type: NTFS Drive F: | 300,00 Gb Total Space | 131,87 Gb Free Space | 43,95% Space Free | Partition Type: NTFS Drive G: | 150,00 Gb Total Space | 12,77 Gb Free Space | 8,51% Space Free | Partition Type: NTFS Drive H: | 14,96 Gb Total Space | 14,69 Gb Free Space | 98,20% Space Free | Partition Type: FAT32 Drive I: | 112,88 Gb Total Space | 83,00 Gb Free Space | 73,53% Space Free | Partition Type: NTFS Drive M: | 80,00 Gb Total Space | 67,22 Gb Free Space | 84,02% Space Free | Partition Type: NTFS Drive N: | 40,00 Gb Total Space | 39,70 Gb Free Space | 99,25% Space Free | Partition Type: NTFS Drive Z: | 15,76 Gb Total Space | 15,67 Gb Free Space | 99,44% Space Free | Partition Type: NTFS Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.06 11:30:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\\Downloads\OTL.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.09 12:00:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\kasimir\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 21:16:20 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files\avira\antivir desktop\avcenter.exe PRC - [2012.05.08 21:16:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:16:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:16:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.11.09 17:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology\Assistant\UsbClientService.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.01 14:56:54 | 000,254,004 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files\Cherry\KeyMan\KeyMan.exe PRC - [2010.08.26 02:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 02:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) -- C:\Program Files\Cherry\CDI\cdi.exe PRC - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.09.14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.11.30 16:40:30 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.30 16:40:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.30 16:39:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.30 16:39:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.30 16:38:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.30 16:38:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.30 16:38:49 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.30 16:38:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.08.25 20:44:50 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.08.04 14:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.10.14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe MOD - [2006.02.22 14:47:44 | 000,073,728 | ---- | M] () -- C:\Program Files\Cherry\KeyMan\zlib1.dll MOD - [2006.02.22 14:47:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Cherry\KeyMan\libpng13.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.12.02 17:00:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.15 11:10:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 21:16:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:16:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2010.10.08 11:24:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.26 02:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.08.25 13:09:24 | 000,577,582 | ---- | M] (ZF Electronics GmbH) [On_Demand | Running] -- C:\Program Files\Cherry\CDI\cdi.exe -- (Cherry Device Interface) SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.05.08 21:16:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:16:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.02.18 07:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.08.26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 02:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.07.15 13:47:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010.04.28 07:38:54 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTAudio.sys -- (SndTAudio) DRV - [2010.03.23 01:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2010.01.27 16:22:46 | 001,254,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.01.21 16:03:56 | 000,112,512 | ---- | M] (Cherry GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ch2kUSB.sys -- (Ch2kUSB) DRV - [2009.11.02 14:37:42 | 000,565,440 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.05.01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.04.30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2009.04.30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2006.09.22 15:33:38 | 000,515,200 | ---- | M] (Windows (R) 2000/XP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 6D 4C 2D E9 D2 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {1DBCB714-8FE1-4E09-B85A-98906690E0D2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1DBCB714-8FE1-4E09-B85A-98906690E0D2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: autocopy2%40teo.pl:1.2.6 FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.0 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: real%40debrid:2.3b FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.0 FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.6.20100202.1 FF - prefs.js..extensions.enabledAddons: %7Bd33c2f7c-b1e6-4d46-ab0e-be1f6d05c904%7D:2.0.4 FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {2E18002D-DF43-4c65-9FDA-40D02F066D9E}:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 17:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.02 17:00:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.26 16:44:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.02 17:00:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.02 17:00:46 | 000,000,000 | ---D | M] [2010.09.19 01:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions [2010.09.19 01:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.30 17:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions [2012.11.30 17:54:14 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.09.19 06:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2011.02.15 14:27:05 | 000,000,000 | ---D | M] (Extended Copy Menu) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\{2E18002D-DF43-4c65-9FDA-40D02F066D9E} [2010.09.19 06:53:59 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2011.03.12 14:10:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\personas@christopher.beard [2012.07.09 21:16:20 | 000,000,000 | ---D | M] (Real-Debrid - Plugin) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\real@debrid [2010.09.22 21:11:51 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\csjmt21t.default\extensions\vshare@toolbar [2012.10.07 14:01:02 | 000,103,455 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\autocopy2@teo.pl.xpi [2012.07.12 09:36:26 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\isreaditlater@ideashower.com.xpi [2012.11.26 17:18:39 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\SkipScreen@SkipScreen.xpi [2011.12.20 03:15:04 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\youtube2mp3@mondayx.de.xpi [2012.11.26 17:18:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.07.08 17:18:43 | 000,035,287 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2011.09.10 21:48:55 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.04.23 17:28:16 | 000,001,849 | ---- | M] () -- C:\Users\\AppData\Roaming\mozilla\firefox\profiles\csjmt21t.default\searchplugins\idealode.xml [2012.12.02 17:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.12.02 17:00:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.02 17:00:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.22 11:18:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.26 10:35:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 11:46:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 10:35:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 10:35:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 10:35:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 10:35:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Unity Player (Enabled) = C:\Users\kasimir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - Extension: Skype Click to Call = C:\Users\kasimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CherryKeyMan] C:\Program Files\Cherry\KeyMan\KeyMan.exe (ZF Electronics GmbH) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3373A961-4E12-472E-BDC6-BBC713E54E05}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F01C2A00-30B7-4D62-96B8-4E2E519BE897}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.11.17 02:16:16 | 000,000,000 | ---- | M] () - N:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.05 17:59:29 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.02 17:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.30 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\kasimir\AppData\Local\JDownloader 2.0 [2012.11.30 17:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.30 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.30 17:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.30 17:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.11.30 17:54:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.26 18:59:04 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.26 18:59:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.26 18:58:39 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.26 18:58:39 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.26 18:58:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.26 16:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.26 16:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.11.26 16:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.26 16:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.26 16:42:19 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.26 16:42:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.26 16:42:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.26 16:42:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.26 16:42:11 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.26 16:42:09 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.26 16:42:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll ========== Files - Modified Within 30 Days ========== [2012.12.06 11:28:39 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.06 11:28:39 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.06 11:27:50 | 000,654,076 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.06 11:27:50 | 000,615,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.06 11:27:50 | 000,129,948 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.06 11:27:50 | 000,106,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.06 11:23:38 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.06 11:23:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.06 11:23:26 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.12.05 23:59:22 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.05 23:59:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.05 15:59:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.30 22:17:59 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.30 18:26:07 | 000,002,071 | ---- | M] () -- C:\Users\\Desktop\JDownloader.lnk [2012.11.30 17:59:02 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 16:36:20 | 001,648,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.12.05 14:05:09 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.30 18:26:07 | 000,002,071 | ---- | C] () -- C:\Users\k\Desktop\JDownloader.lnk [2012.11.30 18:26:06 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.11.30 18:26:06 | 000,002,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.11.30 18:26:06 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.11.30 17:59:02 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.26 18:59:05 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.26 18:58:39 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.08.01 14:28:52 | 000,000,218 | ---- | C] () -- C:\Users\\.recently-used.xbel [2012.07.13 21:40:09 | 006,250,649 | ---- | C] () -- C:\Users\\beyond the means_52.mp3 [2012.07.04 09:52:23 | 001,118,157 | ---- | C] () -- C:\Users\\IMG_2575.jpg [2012.07.04 09:51:27 | 001,125,041 | ---- | C] () -- C:\Users\\Foto.jpg [2012.01.26 23:40:29 | 000,059,969 | ---- | C] () -- C:\Users\\424130_337195712970277_142787695744414_1132627_553243029_n.jpg [2011.04.10 00:27:07 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.10 00:26:03 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.09.19 01:09:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.12.2012 11:40:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kasimir\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 70,58% Memory free 4,00 Gb Paging File | 3,13 Gb Available in Paging File | 78,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 8,73 Gb Free Space | 8,94% Space Free | Partition Type: NTFS Drive E: | 135,22 Gb Total Space | 29,33 Gb Free Space | 21,69% Space Free | Partition Type: NTFS Drive F: | 300,00 Gb Total Space | 131,87 Gb Free Space | 43,95% Space Free | Partition Type: NTFS Drive G: | 150,00 Gb Total Space | 12,77 Gb Free Space | 8,51% Space Free | Partition Type: NTFS Drive H: | 14,96 Gb Total Space | 14,69 Gb Free Space | 98,20% Space Free | Partition Type: FAT32 Drive I: | 112,88 Gb Total Space | 83,00 Gb Free Space | 73,53% Space Free | Partition Type: NTFS Drive M: | 80,00 Gb Total Space | 67,22 Gb Free Space | 84,02% Space Free | Partition Type: NTFS Drive N: | 40,00 Gb Total Space | 39,70 Gb Free Space | 99,25% Space Free | Partition Type: NTFS Drive Z: | 15,76 Gb Total Space | 15,67 Gb Free Space | 99,44% Space Free | Partition Type: NTFS Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0146735B-8C15-4756-8364-DB7439E480C8}" = rport=137 | protocol=17 | dir=out | app=system | "{142D570F-5D02-489B-8946-388661DDD2D5}" = rport=445 | protocol=6 | dir=out | app=system | "{1EAD2036-3B8C-4AB6-A722-329DB4F1D047}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{37575238-46D9-45E0-A5B7-6A3B0530EFD3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6AC548EA-4E0E-4D10-9E25-44F79BFADFC1}" = rport=138 | protocol=17 | dir=out | app=system | "{7649EF47-A80F-4A8D-A2DA-93D7F09FDAB6}" = lport=137 | protocol=17 | dir=in | app=system | "{7C473E8D-DC0A-4E7C-97AA-6E6CC933FD34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{85386113-1D34-4EDF-BCDE-13CB5225331E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{86CD5FDC-83F4-40C2-B661-D8212A2D5527}" = lport=445 | protocol=6 | dir=in | app=system | "{894BE38A-1311-49A2-8A00-4EF7EDA724CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93123DF3-FE1E-4498-8532-9E7122C4494B}" = lport=139 | protocol=6 | dir=in | app=system | "{B448981A-3C48-4A5A-A83B-9AE4F96F5CC3}" = rport=139 | protocol=6 | dir=out | app=system | "{CC6832D9-7DAB-45C7-92AB-E44F6BD4BF3A}" = lport=138 | protocol=17 | dir=in | app=system | "{DBADCC2B-CAD9-4398-AFB0-49F17F19AA9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05FDFA7A-C4F6-456E-A108-17C2FD0C60AF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{18A4CFEC-DB18-4CA7-A44A-B7FC8576831C}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{23DD1A8A-B1D3-4166-B0B0-6D9C8C14407A}" = protocol=6 | dir=in | app=c:\users\kasimir\appdata\roaming\dropbox\bin\dropbox.exe | "{2449F23D-644F-4BA2-9E45-9FC71B3C1DE9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2FE7EB4B-9F76-42E7-8A93-7A78155C826F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{375A78C6-CE40-41D4-A771-7B3756F6EF5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{381E529F-D322-413A-8DAF-D965B84DEA35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E73002-3AC2-429D-823E-68FA14EEB05B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{592D33F2-140E-40CE-90BF-EEF6E55AA2A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5BD41E9A-7CC7-4D63-8AE3-E559A321A600}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{613EAC1D-A0BC-4215-817C-377AA54F1874}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | "{71C090F9-EFDD-4F4E-B911-7CA5706AC6D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{82AE5335-FDB5-4769-AF55-AC5CCB1B12B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8667516F-B0CE-407F-9C0E-8B6DD9411EAD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{89F70277-039A-4C88-AC48-CD9BDED145D6}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{A5D48360-B418-45AE-B2FF-58EFFAE86D8D}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{A9DC5D9E-6BF6-4E6B-8526-3D62273F6C0B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{BB7E250E-0792-41A2-BB9F-89D7CC6DB5BD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{BD7017FA-76D9-421E-8B65-5ADF415B90D0}" = protocol=17 | dir=in | app=c:\users\kasimir\appdata\roaming\dropbox\bin\dropbox.exe | "{C66AC146-69C2-4515-8281-78C909A56CEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E18A1515-30EA-449E-A16E-9D0E8F3DFF84}" = dir=in | app=c:\program files\itunes\itunes.exe | "{E5E38244-D65C-4181-BEAC-4C770363229B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E679E6B1-9FFC-4873-B925-2A26BE552A1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{F46847A7-5667-4AE4-B680-8469AD34D0EB}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "TCP Query User{00422C8E-4097-4677-9B4A-AAA902606825}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{03EB9006-B66A-48B1-87FA-28EC83E1E738}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{1EDAA7EE-8DA9-42F3-A249-C631AC951A7A}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{429C786F-7377-4B93-B346-91E113684268}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{5E0AD496-0F08-4B46-8450-8869133A3163}C:\users\\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kasimir\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{9108D936-98FE-49A3-8721-6A6CB32B4E8C}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "TCP Query User{B79054A0-37F6-4835-92FE-1BDF8A3FC315}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "TCP Query User{CB407CE2-237A-4D59-9169-FD682F428FE6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{E29B2E37-68D8-40C0-9D2F-8E0216F227FC}C:\users\\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\kasimir\appdata\local\jdownloader 2.0\jdownloader2.exe | "TCP Query User{E6DF1EF5-DEF2-4134-ADDE-FBDA6A674160}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{EA79894C-48AB-4D92-88A9-5BF72689BA99}C:\program files\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | "TCP Query User{ED1A63BE-81F7-447E-8FFD-77857D3F347A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{F91941AD-1A57-414A-A84A-8D0D4D122E36}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{15CA15CF-FDF9-48FF-B3F2-08E5ACB0FE44}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "UDP Query User{1807DCAA-941C-4741-8B43-DC6DCFD46771}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{4EC5A61B-398C-4A2A-919C-4E3F9DBF7D38}C:\users\\appdata\local\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\kasimir\appdata\local\jdownloader 2.0\jdownloader2.exe | "UDP Query User{67B22EED-E84F-49AE-9C26-333539D41A8D}C:\users\\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kasimir\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{8F136AA1-3C9B-4211-B05A-72D4CE953668}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{A9A4E945-D4B0-437B-AEEC-50E49DEEAA84}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "UDP Query User{ACA83E6F-95DE-4A5C-B5FD-92E191738BD4}C:\program files\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files\synology\assistant\dsassistant.exe | "UDP Query User{C279EAAD-2375-4F21-B178-AD8B4C17F306}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | "UDP Query User{D4425F0F-46A4-4B36-B641-76EDDCD22AC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{D4592280-42C6-4385-BC23-319E945B8D80}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{DB1CE93C-3284-4436-9EF1-A75859042C26}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{F67DF62B-6787-4B3D-AA76-B61EA0FA3380}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{FB3EC142-3B56-4C2A-AFE7-33AB49D3070B}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static "{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V3.6 Build 6 "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "6A2514200C13998ACAD12477F3F541B436CAD394" = Windows-Treiberpaket - Mindscape (usbser) Ports (11/10/2009 5.2.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29 "EPSON Scanner" = EPSON Scan "EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "Google Chrome" = Google Chrome "JDownloader" = JDownloader "jdownloader2" = JDownloader 2.0 "Karotz Setup_is1" = Karotz Setup version 0.11 "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "MKVToolNix" = MKVToolNix 5.4.0 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "mp3splt" = mp3splt "mp3splt-gtk" = mp3splt-gtk "Mp3tag" = Mp3tag v2.46a "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "Switch" = Switch Sound File Converter "Synology Assistant" = Synology Assistant (remove only) "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.06.2012 17:50:07 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3058 Error - 27.06.2012 17:50:07 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3058 Error - 27.06.2012 17:50:08 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.06.2012 17:50:08 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4118 Error - 27.06.2012 17:50:08 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4118 Error - 27.06.2012 17:50:09 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.06.2012 17:50:09 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5179 Error - 27.06.2012 17:50:09 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5179 Error - 27.06.2012 17:50:10 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.06.2012 17:50:10 | Computer Name = | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6178 [ System Events ] Error - 05.12.2012 11:25:04 | Computer Name = | Source = DCOM | ID = 10005 Description = Error - 05.12.2012 11:25:04 | Computer Name = | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst iPod-Dienst erreicht. Error - 05.12.2012 11:25:04 | Computer Name = | Source = Service Control Manager | ID = 7000 Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.12.2012 11:41:00 | Computer Name =| Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden. Error - 05.12.2012 11:43:15 | Computer Name = | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden. Error - 05.12.2012 11:43:53 | Computer Name = | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR6 gefunden. Error - 05.12.2012 16:09:16 | Computer Name = | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error - 05.12.2012 19:02:24 | Computer Name = | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 06.12.2012 06:24:06 | Computer Name = | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 06.12.2012 06:29:16 | Computer Name = | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. < End of report > Wie muss ich jetzt weiter vorgehen?? Wäre sehr verbunden, wenn hier mal jemand drüber schaut und mir weiter helfen kann. |
06.12.2012, 14:58 | #4 | ||
/// TB-Ausbilder | Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam Nein es ist Endstation. Egal ob du es wegeditierst oder nicht. Sowas hier ... Zitat:
Supportstopp: Cracks oder Keygens Damit ist das Thema beendet.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
06.12.2012, 15:09 | #5 |
| Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam auch wenn du mir nicht glaubst, aber das sind 3 sehr alte dateien (2 sogar auf alten festplatten, die eigentlich sonst abgekabelt sind hier im rechner), von programmen, die ich überhaupt nicht mehr nutze. besagte dateien und ordner wurden nun auch schon von mir gelöscht. ich habe es noch im log-file gelassen, weil ich nicht sicher war, ob es auch zu meinem problem beträgt. ansonsten wäre ich dir trotzdem sehr verbunden, wenn du mir helfen könntest, das system wieder sicher neu aufzusetzen. Geändert von kasimir.eich (06.12.2012 um 15:40 Uhr) |
Themen zu Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam |
adware.gamespyarcade, befallen, computer, exploit.drop.gs, freundin, gesperrt, hochgefahren, komplett, laptop, manager, nicht möglich, programm, relativ, riskware.tool.ck, sobald, starten, task manager, troja, trojan.bancos, trojan.ransom.sugen, trojaner, virus, webcam, zahlen, zugriff |