Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Auf Paypal Phishing reingefallen, Trojaner Gefahr?

Auf Paypal Phishing reingefallen, Trojaner Gefahr?


Log-Analyse und Auswertung: Auf Paypal Phishing reingefallen, Trojaner Gefahr?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.01.2013, 18:58   #1
Oddgit
 
Auf Paypal Phishing reingefallen, Trojaner Gefahr? - Standard

Auf Paypal Phishing reingefallen, Trojaner Gefahr?


Hallo zusammen,

in der Hoffnung, dass ich die Schritte für ein korrektes Posten in diesem Forum erfolgreich durchgeführt habe, wende ich mich mit meinen Log Files an euch.

Habe heute eine Paypal Phishing Mail erhalten. Inhalt war wie folgt:
"Bitte helfen Sie uns dabei, Ihr PayPal-Kundenkonto wieder in Ordnung zu bringen. Bis dahin haben wir den Zugang zu Ihrem PayPal-Konto vorübergehend eingeschränkt.

Wo liegt das Problem?

Bei Ihrer letzten Zahlung sind uns ungewöhnliche Aktivitäten aufgefallen.

Was mache ich jetzt?

Bitte verifizieren Sie sich über folgenden Button durch einen Abgleich Ihrer Daten als rechtmäßigen Besitzer des Kontos. Im Anschluss können Sie Ihr Paypal-Kundenkonto wieder uneingeschränkt nutzen:

Hier klicken"

Ich Trottel hab natürlich auf den Link geklickt. Dann kam eine Seite, die identisch mit der Paypal Seite war, aber halt ne andere URL hatte. Da bin ich zum Glück stutzig geworden und habe mich nicht angemeldet. D.h. ich war "nur" auf der Seite, hab aber keine Daten eingegeben. Paypal Passwort habe ich mittlerweile von nem anderen PC aus geändert.
Jetzt hab ich Angst, dass ich mir durch den Besuch auf der Seite einen Trojaner oder irgendeinen anderen Müll eingefangen habe.

Ich habe die beschriebenen Schritte durchgeführt und hier sind die Log Files.

Für eure Hilfe bedanke ich mich im Voraus. Wäre echt froh, wenn ich mein System nicht platt machen müsste... :-/

Besten Dank und beste Grüße,

Philipp.

defogger_disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:49 on 28/01/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL:
Code:
ATTFilter
OTL logfile created on: 28.01.2013 17:34:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,85 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 68,47% Memory free
15,70 Gb Paging File | 13,32 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 316,15 Gb Total Space | 246,65 Gb Free Space | 78,02% Space Free | Partition Type: NTFS
Drive D: | 148,44 Gb Total Space | 119,63 Gb Free Space | 80,59% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 321,09 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 101,27 Gb Free Space | 21,75% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.28 17:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.19 18:18:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.12 10:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 01:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 03:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 03:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008.07.10 04:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.05.13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.04.11 14:06:04 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sessavs.sys -- (sessavs)
DRV:64bit: - [2011.04.11 14:06:04 | 000,097,360 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sessusb.sys -- (sessusb_svc)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 10:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.12.28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.01 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.31 12:23:30 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.11.16 15:58:46 | 000,031,248 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynasUSB)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 C1 B7 76 D9 8D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 18:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 20:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 18:18:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 20:15:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.08 16:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.28 15:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2vrazlut.default\extensions
[2013.01.28 15:40:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2vrazlut.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.24 17:13:36 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\2vrazlut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.19 18:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 18:18:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B6C5FA4-5A8C-4731-A5D0-9CFF20E701C5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CEC1FF-ECC9-424F-A88B-4DE2F2B06D46}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.28 17:31:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner Board
[2013.01.28 17:29:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.22 21:13:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\g200kg
[2013.01.19 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.09 20:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.07 22:26:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
[2013.01.07 22:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2013.01.07 22:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x64)
[2013.01.07 22:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x64)
[2013.01.07 22:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier
[2013.01.07 22:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2013.01.07 22:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Application Verifier (x64)
[2013.01.07 22:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier (x64)
[2013.01.07 22:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2013.01.07 22:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 17:32:59 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.28 17:31:37 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.28 17:29:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.28 17:29:47 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.28 14:53:05 | 000,004,620 | ---- | M] () -- C:\Users\***\Desktop\INFO *** Bulling Ihr Konto ist vorübergehend eingeschränkt.zip
[2013.01.28 14:11:52 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 14:11:52 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 14:08:47 | 001,798,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.28 14:08:47 | 000,762,690 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.28 14:08:47 | 000,718,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.28 14:08:47 | 000,173,076 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.28 14:08:47 | 000,146,030 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.28 14:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 14:04:24 | 2028,253,183 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.27 10:16:47 | 000,001,013 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.24 20:49:49 | 000,009,141 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.01.10 15:46:22 | 000,294,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 22:11:00 | 001,775,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2013.01.28 17:32:59 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.28 17:31:35 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.28 17:29:45 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.28 14:53:05 | 000,004,620 | ---- | C] () -- C:\Users\***\Desktop\INFO *** Bulling Ihr Konto ist vorübergehend eingeschränkt.zip
[2013.01.24 20:49:49 | 000,009,141 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.09.11 17:09:33 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012.09.10 22:00:59 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012.09.10 21:34:24 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012.09.10 16:33:40 | 001,775,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.07 18:29:59 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.09.07 18:29:59 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.09.07 18:29:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.18 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atmel
[2012.11.13 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft
[2013.01.07 22:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.juce.introjucer
[2013.01.28 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.01.22 21:13:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\g200kg
[2013.01.07 22:58:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Introjucer
[2013.01.07 23:01:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juce Audio Plugin Host
[2012.12.23 12:01:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jucer
[2012.09.10 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LyX2.0
[2012.09.08 17:27:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.12.14 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phi-T Effect S
[2012.09.10 10:24:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scilab
[2012.09.19 19:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.09.08 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2013.01.06 13:00:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VisualAssist
 
========== Purity Check ==========
 
 

< End of report >
Extras
Code:
ATTFilter
OTL Extras logfile created on: 28.01.2013 17:34:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,85 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 68,47% Memory free
15,70 Gb Paging File | 13,32 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 316,15 Gb Total Space | 246,65 Gb Free Space | 78,02% Space Free | Partition Type: NTFS
Drive D: | 148,44 Gb Total Space | 119,63 Gb Free Space | 80,59% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 321,09 Gb Free Space | 68,94% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 101,27 Gb Free Space | 21,75% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D30FC87-C7A6-4E15-B276-7E5FBA085202}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D5D92BCF-4F96-4E1D-BCE9-75E8C3CD27A6}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0FC8AC02-65F3-4429-8591-507C05A91030}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"TCP Query User{34073B7D-9285-4899-9C9F-A1E3847756A9}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"TCP Query User{8756D699-DF39-4F25-83CE-7605C2AF9786}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{3BD0B1A3-2CF8-4637-954F-114261EA1D8D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{826E250A-6E87-4214-8DD4-CE6608A0A177}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
"UDP Query User{D5C94111-157F-4149-AF93-DB6E2C5010B1}C:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atmel\atmel studio 6.0\atmelstudio.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{110C673D-E8C1-44C6-85D3-4BD29513FC88}" = Native Instruments Acoustic Refractions
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{199c6b63-fcb2-49f4-9859-ff78ddd0bb90}" = Native Instruments Scarbee Clavinet Pianet
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{45da1e94-82eb-4778-be0d-47c8d9e8451b}" = Native Instruments Scarbee Mark I
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{52931732-892F-4D54-A84A-3EDE25F9BCA2}" = Native Instruments Komplete 7
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5cd7e481-59d1-4961-a964-019f162b1f27}" = Native Instruments Scarbee A-200
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{65B7E38D-10F8-4B1A-8EE3-BF2362CF12AE}" = Native Instruments Kontakt 4 Factory Content
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{84042B7C-F238-11DF-9960-356CDFD72085}" = Native Instruments Berlin Concert Grand
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CD0E9FFE-70DD-47E3-A7A5-750E9DE6F40B}" = JLink OB CDC Driver Package
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{dc8b9571-8363-44c2-85e0-ea13ab89d032}" = Native Instruments Vienna Concert Grand
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EF728EC1-799C-4570-9AE0-8A9A54E4670A}" = Native Instruments Driver
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"6D4C34D12E9233ABADF9D04ADF9E288A7ECF3B5B" = Windows-Treiberpaket - Segger (jlink_ob_x64) USB  (03/13/2012 2.6.6.2)
"BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1" = Windows-Treiberpaket - SEGGER (usbser) Ports  (01/25/2012 6.0.2600.4)
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"scilab-5.3.3 (64-bit)_is1" = scilab-5.3.3 (64-bit)
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D423733-FCBC-4E27-B026-D6D973C6496F}" = Atmel Software Framework
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51CC3953-2D06-47FA-832A-B7FD24D01322}" = Atmel Studio 6.0
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}" = Atmel USB
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android SDK Tools" = Android SDK Tools
"Avira AntiVir Desktop" = Avira Free Antivirus
"EAGLE 6.3.0" = EAGLE 6.3.0
"eLicenser Control" = eLicenser Control
"LyX20" = LyX 2.0.4
"Maxima-5.28.0-2_is1" = Maxima 5.28.0-2
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Acoustic Refractions" = Native Instruments Acoustic Refractions
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Driver" = Native Instruments Driver
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O
"Native Instruments Komplete 7" = Native Instruments Komplete 7
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt 4 Factory Content" = Native Instruments Kontakt 4 Factory Content
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Scarbee A-200" = Native Instruments Scarbee A-200
"Native Instruments Scarbee Clavinet Pianet" = Native Instruments Scarbee Clavinet Pianet
"Native Instruments Scarbee Mark I" = Native Instruments Scarbee Mark I
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"VLC media player" = VLC media player 2.0.3
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 09:11:24 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 06:36:34 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 16:09:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 11:33:03 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 04:38:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 10:58:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.01.2013 11:26:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.01.2013 05:15:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.01.2013 12:54:11 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.01.2013 09:06:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 15.01.2013 05:31:29 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.
 
Error - 15.01.2013 05:38:22 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.
 
Error - 15.01.2013 08:34:35 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.
 
Error - 15.01.2013 09:19:40 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus.
 
Error - 18.01.2013 13:39:35 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 18.01.2013 13:39:36 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 18.01.2013 13:39:36 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 26.01.2013 16:37:32 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 26.01.2013 16:37:33 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 26.01.2013 16:37:33 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
 
< End of report >
Gmer
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 18:19:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721050CLA360 rev.JP2OA50E 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\pxliyfod.sys


---- User code sections - GMER 2.0 ----

.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17         0000000076281401 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17           0000000076281419 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17         0000000076281431 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42         000000007628144a 2 bytes [28, 76]
.text  ...                                                                                                                            * 9
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17            00000000762814dd 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17     00000000762814f5 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17            000000007628150d 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17     0000000076281525 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17           000000007628153d 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17                0000000076281555 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17         000000007628156d 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17           0000000076281585 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17              000000007628159d 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17           00000000762815b5 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17         00000000762815cd 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20     00000000762816b2 2 bytes [28, 76]
.text  C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[2820] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31     00000000762816bd 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076281401 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076281419 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076281431 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007628144a 2 bytes [28, 76]
.text  ...                                                                                                                            * 9
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000762814dd 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000762814f5 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007628150d 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076281525 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007628153d 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076281555 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007628156d 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076281585 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007628159d 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000762815b5 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000762815cd 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000762816b2 2 bytes [28, 76]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000762816bd 2 bytes [28, 76]

---- EOF - GMER 2.0 ----

 

Themen zu Auf Paypal Phishing reingefallen, Trojaner Gefahr?
7-zip, antivir, autorun, avira, besitzer, beste grüße, bho, cubase, error, firefox, flash player, format, google, iexplore.exe, install.exe, logfile, mozilla, paypal phishing, phishing, phishing mail, plug-in, problem, realtek, registry, rundll, scan, security, server, software, spark, system, trojaner, visual studio, windows, zahlung


« Trojaner nach e-mail-Anhangsöffnung, Sytem: Windows8 | System Progressive Protection... »


Ähnliche Themen: Auf Paypal Phishing reingefallen, Trojaner Gefahr?


  1. Ist Mail von Paypal Phishing?
    Überwachung, Datenschutz und Spam - 07.09.2015 (5)
  2. Auf phishing(?)/junkmail reingefallen - infiziert?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2015 (1)
  3. PayPal-Phishing
    Überwachung, Datenschutz und Spam - 26.04.2015 (1)
  4. Phishing-Mail-Link angeklickt (Paypal-Phishing-Mail)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2014 (9)
  5. Phishing: Informationen zu Ihrem PayPal-Konto (Ihr PayPal-Konto weist derzeit einen negativen Kontostand auf.)
    Diskussionsforum - 11.10.2014 (0)
  6. Auf Phishing-Mail reingefallen - ELSTER-(Steuer)Bescheid
    Plagegeister aller Art und deren Bekämpfung - 27.09.2014 (9)
  7. Phishing E-Mail von PayPal mit dem Betreff: "Das Problem: Ihr Paypal Sperrung"
    Diskussionsforum - 21.07.2014 (0)
  8. Auf phishing mail reingefallen
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (6)
  9. Reingefallen: Vodafone Phishing Mail greift TAN vom Onlinebanking ab
    Log-Analyse und Auswertung - 26.05.2014 (10)
  10. paypal phishing........und ich mittendrin :(
    Überwachung, Datenschutz und Spam - 31.03.2014 (7)
  11. Phishing mail Reingefallen
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (3)
  12. Auf Paypal Phishing-Mail reingefallen - weiteres Vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (23)
  13. PayPal Phishing-Mail
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (9)
  14. Auf Paypal phishing Email reingefallen
    Log-Analyse und Auswertung - 03.01.2013 (13)
  15. Paypal Log-in Trojaner/Phishing?
    Log-Analyse und Auswertung - 21.10.2011 (11)
  16. Trojaner Paypal Phishing beim Versuch sich einzuloggen
    Log-Analyse und Auswertung - 22.08.2011 (21)
  17. An alle Paypal Verkäufer! Neue Paypal Bertugs Methode mit Phishing Mails
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auf Paypal Phishing reingefallen, Trojaner Gefahr? - Hallo zusammen, in der Hoffnung, dass ich die Schritte für ein korrektes Posten in diesem Forum erfolgreich durchgeführt habe, wende ich mich mit meinen Log Files an euch. Habe heute - Auf Paypal Phishing reingefallen, Trojaner Gefahr?...
Archiv
Du betrachtest: Auf Paypal Phishing reingefallen, Trojaner Gefahr? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19