Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner mit Webcam

GVU Trojaner mit Webcam


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit Webcam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.04.2013, 11:22   #1
Homomorphism
 
GVU Trojaner mit Webcam - Standard

GVU Trojaner mit Webcam


Guten Tag,

der zweite Laptop in unserem Haushalt, ein Asus Notebook B50A Series Windows Vista, ist von dem GVU Trojaner mit Webcam befallen worden. Da ich mich schon vor ein paar Monaten mit dem gleichen Trojaner auf einem anderen Laptop bei euch gemeldet und das Problem mit eurer Hilfe schnell beseitigt habe, wende ich mich heute wieder an euch.

Zunächst habe ich einen von Malwarebytes erkannten Trojaner löschen lassen und bin dem Rest der Anleitung gefolgt.
Hier die von der Anleitung gewünschten logs

Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.02.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Katharina :: KATHARINA-PC [Administrator]

02.04.2013 10:27:14
mbam-log-2013-04-02 (10-27-14).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244166
Laufzeit: 6 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Katharina\AppData\Local\Temp\htd69mtcmgmo928n43l3sx.exe (Trojan.Lameshield.124) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL
Code:
ATTFilter
OTL logfile created on: 02.04.2013 11:01:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Katharina\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,58% Memory free
4,16 Gb Paging File | 2,88 Gb Available in Paging File | 69,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 56,11 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 95,24 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
 
Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.02 10:53:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.11.25 14:43:59 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.01 16:27:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.12 07:11:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008.07.09 19:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.19 22:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.18 08:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 07:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.10 21:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008.01.16 03:27:10 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.12.12 02:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.12.04 20:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.29 03:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.11.05 05:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.23 06:23:43 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.08.15 21:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 02:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.02.06 19:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.01 16:27:37 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008.11.12 07:11:15 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008.04.10 21:25:54 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.08.14 23:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 23:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 23:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013.03.14 10:06:30 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.11.25 14:43:59 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.23 06:23:43 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.02.06 19:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006.06.21 12:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.13 18:52:20 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.29 23:52:25 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.06.26 00:30:49 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.06.06 06:54:09 | 000,161,024 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2008.06.03 08:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 20:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.02.16 03:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.23 04:22:07 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 21:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 20:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.17 07:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.9
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.01 16:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.28 13:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.08.21 10:44:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2012.08.21 10:44:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
[2010.12.23 16:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Extensions
[2013.04.02 10:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions
[2010.12.24 01:29:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.12.15 11:01:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\vt9sspvc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.02 10:51:43 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\vt9sspvc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.19 14:44:53 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\firefox\profiles\vt9sspvc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.15 17:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.01.25 23:25:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.01 16:27:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.01 16:27:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.01 16:27:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.01 16:27:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.01 16:27:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.01 16:27:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.01 16:27:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found
O4 - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KFO.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB7648E5-4F75-4D9C-B469-590BACB79C52}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: (APSHook.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS3.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.02 10:53:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
[2013.04.02 10:50:04 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.02 10:57:21 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 10:57:21 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 10:57:21 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 10:57:21 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 10:53:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe
[2013.04.02 10:49:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 10:49:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 10:49:49 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.04.02 10:49:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.04.02 10:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.02 10:49:40 | 2110,902,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 10:48:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.02 10:47:52 | 000,000,020 | ---- | M] () -- C:\Users\Katharina\defogger_reenable
[2013.04.02 10:46:31 | 000,050,477 | ---- | M] () -- C:\Users\Katharina\Desktop\Defogger.exe
[2013.04.02 10:25:33 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.02 10:20:20 | 000,000,004 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\skype.ini
[2013.04.02 10:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 09:56:02 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.02 10:47:20 | 000,000,020 | ---- | C] () -- C:\Users\Katharina\defogger_reenable
[2013.04.02 10:46:25 | 000,050,477 | ---- | C] () -- C:\Users\Katharina\Desktop\Defogger.exe
[2013.03.31 17:14:17 | 000,000,004 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\skype.ini
[2012.12.15 11:21:01 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2012.10.28 15:37:31 | 000,000,432 | ---- | C] () -- C:\Users\Katharina\HalloMama.class
[2012.10.28 15:35:56 | 000,000,146 | ---- | C] () -- C:\Users\Katharina\Hallomama.java
[2012.04.09 13:41:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.03 14:33:51 | 000,004,608 | ---- | C] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.02 23:39:17 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.07.02 05:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 19:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.08.14 00:43:15 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Ableton
[2009.06.02 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DentalSoftware
[2012.04.09 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\IrfanView
[2012.03.18 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 849 bytes -> C:\Users\Katharina\Desktop\Nachricht von timandstella.eml:OECustomProperty

< End of report >
Extras
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2013 11:01:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Katharina\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,97 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 40,58% Memory free
4,16 Gb Paging File | 2,88 Gb Available in Paging File | 69,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 56,11 Gb Free Space | 48,19% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 95,24 Gb Free Space | 89,28% Space Free | Partition Type: NTFS
 
Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0694936B-0EFF-49CC-A232-71DE0EE5AB04}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1F7771A6-EDB2-4DFB-BC1A-4CD3232C89E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4CBA825C-E09B-485A-B42D-D8E2F953F3A5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6AC3EA34-ED32-4A6D-95C4-C9F0B96BD4B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7FC462F5-F78A-4A45-A232-5AE45E803B27}" = lport=139 | protocol=6 | dir=in | app=system | 
"{89B159B3-DD64-432E-80D9-5EAE37B5B943}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A06E57C1-2C8F-45DD-B1F0-1AD911ACE51C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EA6E13EF-45EC-4339-8FD3-2348B120B1E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F70E8733-E69D-4796-A5E6-8E3972952351}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F997925D-3367-4991-926F-DF9057FD5584}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B10699-6BC9-4368-9543-2FB9C746664D}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe | 
"{0D07C9CA-92CE-4D5C-A9A5-08CC869CC042}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43A5084C-063D-4E60-B6B4-8327906175A9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{44EAD8D7-9FB7-4865-964E-6378F9903E2A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{49ECEF98-BF3A-40CB-997F-FDDEFD745B4D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{5B2A6147-1B3A-4B04-83F5-0E515669B95A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5CC20CD3-F212-4C5F-A806-6920EFFACE22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6E71BAB8-53C4-455A-8AF9-FC2A0B30E18A}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | 
"{843428C6-9DE0-47BE-BB67-EEF5EF2CD8D2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"{84EAB318-94A4-49C2-9D19-6C1C962A306B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8AE04C4E-D8EF-492E-AB38-214BFDBDB17C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A0826932-C992-4501-8E78-C7C0930213AA}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{A1C90967-6B82-425A-BA12-E3E1356FA194}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A9E54C9E-F28A-44A0-8585-F5923EBEC87B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D07E0991-3ECD-4EB5-8C84-9624C56ABBAE}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | 
"{EB2D0D8F-BE8D-48B0-A0CD-6DB1D5E68D80}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | 
"TCP Query User{27235672-247E-4186-BFB4-EB5D719AA721}C:\users\katharina\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de.exe | 
"TCP Query User{3ACBC6BE-C762-4482-9BB3-3EB2AB69DC4F}C:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe | 
"TCP Query User{56F27023-92C7-4AA1-BC84-C7A238C60E93}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{6F40AB74-6997-460B-903A-3E9A5F561D92}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{7AF1B6E1-E265-45FD-8394-2BF95A3D963D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"TCP Query User{83ABEF13-F511-4FDE-83B4-8B08992465C3}C:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe | 
"TCP Query User{C965336B-356A-44B2-A47F-CE8038B9D14B}C:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe" = protocol=6 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe | 
"TCP Query User{FDD656E0-82AC-45AF-924C-3770178293FA}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{0898CFF8-4BFD-49D5-9226-8464A244C92F}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{40E97500-B075-4FC6-AF8A-62AE1A365E5C}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{44C33CEB-F620-43F6-9882-00CACD26FAD4}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | 
"UDP Query User{52DEFB6F-198D-48EC-9E47-CF085CD48887}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{9FEB2C2E-A04C-4AD1-BAC0-8C3ECFC2B8F5}C:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(2).exe | 
"UDP Query User{AC428C85-E2AF-45C6-AB34-9F9F43B17C95}C:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(3).exe | 
"UDP Query User{C3538854-B4E3-4306-B954-5026A944F356}C:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de(1).exe | 
"UDP Query User{FE439D48-1207-4ABA-A99A-58B1B7E1025A}C:\users\katharina\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\katharina\downloads\starcraft_2_eu_de-de.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"CCleaner" = CCleaner
"FrWin" = Fernröntgenanalyse
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"Live 8.2.2" = Live 8.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Picasa2" = Picasa 2
"StomaWin" = Praxisverwaltung
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 15:03:20 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.03.2013 05:22:00 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.03.2013 08:14:24 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 04:00:38 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 05:47:49 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.03.2013 08:19:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.03.2013 03:40:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 04:38:32 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2013 07:20:12 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.03.2013 03:41:43 | Computer Name = Katharina-PC.KFO.local | Source = WinMgmt | ID = 10
Description = 
 
[ ASUS Security Protect Manager Events ]
Error - 02.06.2009 16:08:51 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina@KFO Credentials:
 Password   Error: (0x8007051F) There are currently no logon servers available to
 service the logon request.
 
Error - 02.06.2009 16:10:59 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 02.06.2009 16:11:53 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina-PC@KFO Credentials:
 Password   Error: (0x8007051F) There are currently no logon servers available to
 service the logon request.
 
Error - 02.06.2009 16:12:12 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 02.06.2009 16:12:29 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 02.06.2009 16:13:03 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 02.06.2009 16:13:33 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: MA@KFO Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 18.07.2011 13:48:28 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 18.07.2011 13:48:36 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 18.07.2011 14:41:57 | Computer Name = Katharina-PC.KFO.local | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: Katharina@KATHARINA-PC
Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
[ System Events ]
Error - 02.04.2013 03:53:37 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.04.2013 04:21:47 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 02.04.2013 04:22:05 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 02.04.2013 04:25:07 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.04.2013 04:42:39 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 02.04.2013 04:42:57 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 02.04.2013 04:44:57 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.04.2013 04:49:46 | Computer Name = Katharina-PC.KFO.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne KFO aufgrund der folgenden  Ursache:   %%1311 nicht einrichten.    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 02.04.2013 04:50:05 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 02.04.2013 04:51:15 | Computer Name = Katharina-PC.KFO.local | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
Gmer.txt
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 12:01:22
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925032 rev.0303 232,89GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\KATHAR~1\AppData\Local\Temp\kxtcquoc.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c480c7                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x28 0x69 0x9D 0x4C ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002243c480c7 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x28 0x69 0x9D 0x4C ...

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
Geändert von Homomorphism (02.04.2013 um 11:58 Uhr) Grund: OTL hinzugefügt

 

Themen zu GVU Trojaner mit Webcam
adobe, bingbar, bonjour, error, explorer, fehler, flash player, format, google, gruppe, gvu 2.07 vista, gvu webcam trojaner, install.exe, logfile, mozilla, netzwerk, officejet, plug-in, problem, realtek, registry, richtlinie, rundll, security, software, tcp, temp, trojaner, udp, usb, vista, wallpapers, windows


« Gvu Trojaner windows7 | GVU Trojaner »


Ähnliche Themen: GVU Trojaner mit Webcam


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU - Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (23)
  3. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  4. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  5. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 26.10.2012 (6)
  7. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (39)
  8. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  9. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  10. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  11. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  12. BSI Trojaner mit Webcam
    Log-Analyse und Auswertung - 21.08.2012 (16)
  13. GVU Trojaner + Webcam
    Log-Analyse und Auswertung - 16.08.2012 (8)
  14. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 13.08.2012 (24)
  15. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (11)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  17. Webcam trojaner?
    Mülltonne - 12.02.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner mit Webcam - Guten Tag, der zweite Laptop in unserem Haushalt, ein Asus Notebook B50A Series Windows Vista, ist von dem GVU Trojaner mit Webcam befallen worden. Da ich mich schon vor ein - GVU Trojaner mit Webcam...
Archiv
Du betrachtest: GVU Trojaner mit Webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131