Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Weißer Bildschirm "50€-Trojaner"

Weißer Bildschirm "50€-Trojaner"


Log-Analyse und Auswertung: Weißer Bildschirm "50€-Trojaner"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.02.2012, 22:08   #1
KaleuVIIc
 
Weißer Bildschirm "50€-Trojaner" - Standard

Weißer Bildschirm "50€-Trojaner"


Hallo zusammen, mein Sohn hat seit gestern Abend nur noch einen weißen Bildschirm mit der Meldung: "Bitte warten Sie bis die Verbindung zum Internet hergestellt wird". Heute Vormittag hatte er dann mal einen Bildschirm, auf dem er beschuldigt wurde, illegale Musikdownloads durchgeführt zu haben und soll nun 50,-€ bezahlen, damit der PC wieder freigeschaltet wird.
Mir war sofort klar, dass er Opfer eines Trojaners geworden ist. Ich habe hier schon einiges an hilfreichen Tips gelesen und auch schon versucht, die Logfiles zu erstellen. Nun habe ich aber das Problem, dass ich weder im abgesicherten Modus noch mittels Boot-CD den OTL Scan durchführen kann. Mein Sohn verwendet Windows7 64bit und ich XP Home 32bit. Ich habe die ISO Datei bei mir auf dem Rechner zu einer Scheibe gebrannt. Wenn ich nun damit seinen Rechner starte (das funktioniert), bekomme ich nicht den hier beschrieben Bildschirm um den Scan zu starten, sondern nach einer Weile den Bluescreen von XP mit dem Hinweis, dass der PC ein Problem hat. Als ob ich das nicht schon wüsste ... Ich hoffe, mir bzw. uns kann geholfen werden, der Junge ist schon ganz geknickt. Vielen Dank im Voraus.

Alt 19.02.2012, 18:14   #2
markusg
/// Malware-holic
 
Weißer Bildschirm "50€-Trojaner" - Standard

Weißer Bildschirm "50€-Trojaner"


hi,
gehe mal ins bios, und gucke ob ide oder Ahci eingestellt ist,wähle jeweils die gegenteilige einstellung und teste die otl cd erneut.
__________________

__________________
Alt 20.02.2012, 22:19   #3
KaleuVIIc
 
Weißer Bildschirm "50€-Trojaner" - Standard

Weißer Bildschirm "50€-Trojaner"


hallo, hab´s heute hinbekommen. abgesichert mit eingabeaufforderung, dann hatte ich zumindest zugriff auf das laufwerk und konnte den otl-scan laufen lassen. ablage auf den desktop haut nämlich nicht hin. der ist nach wie vor nicht verfügbar. im anhang nun die otl-txt. ich hoffe, du kannst damit was anfangen.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.02.2012 20:21:53 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = G:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 11,93 Gb Free Space | 11,93% Space Free | Partition Type: NTFS
Drive D: | 161,45 Gb Total Space | 140,87 Gb Free Space | 87,26% Space Free | Partition Type: NTFS
Drive E: | 161,45 Gb Total Space | 87,69 Gb Free Space | 54,32% Space Free | Partition Type: NTFS
Drive F: | 161,45 Gb Total Space | 26,45 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive G: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TIM-PC | User Name: TIM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.01.06 16:32:34 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.09.30 13:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012.02.15 15:58:30 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto] -- E:\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files (x86)\CheckPoint\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.01.22 15:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- C:\Programme\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.09.11 06:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.10 01:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.06 16:32:12 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = freenet.de - E-Mail, Singles, Nachrichten & Services
IE - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\URLSearchHook: {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.02.19 22:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.02.19 21:58:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.5.1\FF [2012.02.19 12:50:44 | 000,000,000 | ---D | M]
 
[2012.02.19 21:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TIM\AppData\Roaming\mozilla\Firefox\extensions
[2012.02.19 21:57:59 | 000,000,000 | ---D | M] (ZoneAlarm Deutsch Community Toolbar) -- C:\Users\TIM\AppData\Roaming\mozilla\Firefox\extensions\{f361b100-73c5-4793-8bcc-6e5c41510210}
[2012.02.05 14:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ff88a983-649d-4207-9336-9b999280b436} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Deutsch Toolbar) - {f361b100-73c5-4793-8bcc-6e5c41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (no name) - {00725D68-069B-4095-9FF1-E7469C0E95DF} - No CLSID value found.
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (ZoneAlarm Deutsch Toolbar) - {F361B100-73C5-4793-8BCC-6E5C41510210} - C:\Program Files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EaseUs Watch] C:\Programme\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000..\Run: [AVMUSBFernanschluss] C:\Users\TIM\AppData\Local\Apps\2.0\AY82PH96.WAG\GV3C5JR4.1Y3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000..\Run: [msnmsgr]  File not found
O4 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000..\Run: [Steam] E:\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk = C:\Program Files (x86)\UltimateZip\uzqkst.exe (SWE von Schleusen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-2962486779-4126303749-2838823280-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{226ab52e-4687-11df-ac28-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{226ab52e-4687-11df-ac28-806e6f6e6963}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe -- [2005.07.16 22:36:50 | 000,240,128 | R--- | M] ()
O33 - MountPoints2\{4920723c-83b1-11e0-a28d-00262d83e392}\Shell - "" = AutoRun
O33 - MountPoints2\{4920723c-83b1-11e0-a28d-00262d83e392}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{99f2f62a-b3a4-11e0-8195-00262d83e392}\Shell - "" = AutoRun
O33 - MountPoints2\{99f2f62a-b3a4-11e0-8195-00262d83e392}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{e792844a-5aba-11df-a11b-00262d83e392}\Shell - "" = AutoRun
O33 - MountPoints2\{e792844a-5aba-11df-a11b-00262d83e392}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.19 21:57:59 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Roaming\Mozilla
[2012.02.19 21:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.02.19 21:57:57 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Local\Conduit
[2012.02.19 21:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Deutsch
[2012.02.19 21:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012.02.19 15:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.19 15:37:39 | 000,000,000 | -HSD | C] -- C:\BOOT
[2012.02.19 15:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Todo Backup Home 2.0
[2012.02.19 15:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Todo Backup 2.0
[2012.02.19 15:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.19 15:14:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.02.19 15:14:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.19 15:14:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.02.19 15:14:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.19 15:14:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.02.19 15:14:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.19 15:14:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.02.19 15:14:33 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.19 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.02.19 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012.02.19 14:33:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.02.19 13:20:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012.02.19 12:29:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.19 12:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.02.16 15:07:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
[2012.02.16 15:07:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.16 15:07:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.16 15:06:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2012.02.16 15:06:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2012.02.16 15:06:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.02.16 15:06:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 15:06:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.16 15:05:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 15:05:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012.02.16 15:05:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 15:05:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.13 18:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mail.Ru
[2012.02.12 17:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.11 14:14:38 | 000,000,000 | R--D | C] -- C:\Users\TIM\AppData\Roaming\Brother
[2012.02.05 23:13:50 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Local\Mozilla
[2012.02.05 15:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2012.02.05 14:32:54 | 000,000,000 | ---D | C] -- C:\Users\TIM\Documents\My Cheat Tables
[2012.02.05 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\TIM\AppData\Local\TempDIR
[2012.02.05 14:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2012.02.04 22:45:22 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.02.04 22:45:22 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc71.dll
[2012.02.04 22:45:21 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.dll
[2012.02.04 22:45:21 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP71.dll
[2012.02.01 17:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft PC Gamer Demo
[2009.11.05 04:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.20 20:06:32 | 000,000,346 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.02.20 20:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.20 20:05:29 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 21:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012.02.19 15:39:15 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.19 15:36:58 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Todo Backup Home 2.0.lnk
[2012.02.19 15:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Todo Backup Home 2.0
[2012.02.19 15:14:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.02.19 15:14:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.19 15:14:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.02.19 15:14:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.19 15:14:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.02.19 15:14:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.19 15:14:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.02.19 15:14:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.19 14:10:08 | 000,001,324 | ---- | M] () -- C:\Users\TIM\Documents\cc_20120219_140959.reg
[2012.02.19 13:58:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
[2012.02.19 13:58:20 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012.02.19 13:08:37 | 000,001,118 | ---- | M] () -- C:\prefs.js
[2012.02.19 12:50:35 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechForce
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre Studio X
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft PC Gamer Demo
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Einstellungstest-Trainer 6.0
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle of Endor v2.1
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2012.02.19 12:50:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012.02.19 12:26:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball Game
[2012.02.15 17:43:28 | 000,002,281 | ---- | M] () -- C:\Users\TIM\Documents\mcedit.ini
[2012.02.13 18:29:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.02.12 17:05:18 | 000,000,563 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.02.11 14:17:02 | 000,027,042 | ---- | M] () -- C:\Users\TIM\Documents\gescichte vortrag.odt
[2012.02.11 14:14:38 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.02.10 14:22:32 | 000,004,548 | ---- | M] () -- C:\Windows\ULEAD32.INI
[2012.02.08 14:18:56 | 000,340,625 | ---- | M] () -- C:\Users\TIM\Documents\sozi vortrag.odt
[2012.02.05 15:05:08 | 000,000,635 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.38.lnk
[2012.02.05 14:33:06 | 000,000,447 | ---- | M] () -- C:\user.js
 
========== Files Created - No Company Name ==========
 
[2012.02.19 15:39:15 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.19 15:36:58 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Todo Backup Home 2.0.lnk
[2012.02.19 14:10:06 | 000,001,324 | ---- | C] () -- C:\Users\TIM\Documents\cc_20120219_140959.reg
[2012.02.12 19:47:53 | 006,074,778 | ---- | C] () -- C:\Users\TIM\Desktop\Mondotek - Alive - .mp3
[2012.02.08 18:14:51 | 000,027,042 | ---- | C] () -- C:\Users\TIM\Documents\gescichte vortrag.odt
[2012.02.08 14:20:01 | 000,340,625 | ---- | C] () -- C:\Users\TIM\Documents\sozi vortrag.odt
[2012.02.05 15:05:08 | 000,000,635 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.38.lnk
[2012.02.05 14:33:06 | 000,000,447 | ---- | C] () -- C:\user.js
[2012.02.05 00:02:38 | 004,726,964 | ---- | C] () -- C:\Users\TIM\Desktop\Bangbros - Happy Hour.mp3
[2011.11.23 20:30:19 | 000,000,000 | ---- | C] () -- C:\Users\TIM\AppData\Local\{1A4FCFC8-5813-48F0-81B1-C3E63AE043C0}
[2011.11.19 20:20:40 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.11.19 20:20:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.11.19 20:19:41 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI
[2011.11.19 20:19:07 | 000,000,346 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.11.18 20:37:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.10.26 14:13:33 | 000,000,000 | ---- | C] () -- C:\Users\TIM\AppData\Local\{65CFDF9B-7F59-4718-BBAB-2D1726358D4E}
[2011.10.22 15:23:29 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.10.13 14:57:39 | 000,000,260 | ---- | C] () -- C:\Windows\cod2demo.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.03 10:21:55 | 000,007,168 | ---- | C] () -- C:\Users\TIM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.31 11:32:03 | 000,000,091 | ---- | C] () -- C:\Users\TIM\AppData\Local\fusioncache.dat
[2010.07.30 17:55:00 | 001,541,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.06 21:46:57 | 000,004,548 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.07.06 21:46:56 | 000,034,816 | ---- | C] () -- C:\Windows\UPI41023.DLL
[2010.07.06 21:46:56 | 000,017,408 | ---- | C] () -- C:\Windows\PI4UN.dll
[2010.07.06 21:46:56 | 000,016,896 | ---- | C] () -- C:\Windows\UPI41024.DLL
[2010.06.13 09:40:23 | 000,000,000 | ---- | C] () -- C:\Users\TIM\AppData\Roaming\wklnhst.dat
[2010.05.15 10:47:27 | 000,000,119 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.05.09 02:28:21 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2010.04.13 09:21:55 | 000,001,744 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.04.13 00:12:35 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.04.13 00:12:35 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.04.13 00:12:35 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010.04.13 00:12:35 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2010.04.13 00:05:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.05 01:21:23 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 01:21:23 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 01:21:23 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.22 16:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.04.22 16:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.22 16:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.22 16:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2005.01.17 07:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
 
========== LOP Check ==========
 
[2011.10.08 14:14:50 | 000,000,000 | -HSD | M] -- C:\Users\TIM\AppData\Roaming\.#
[2012.02.20 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\.minecraft
[2012.02.19 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Audacity
[2011.09.27 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Babylon
[2011.10.18 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\CheckPoint
[2011.12.22 13:22:30 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\DVDVideoSoft
[2011.12.22 13:21:31 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.17 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\GameConsole
[2010.04.15 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\ImgBurn
[2010.06.12 14:01:25 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\LG Electronics
[2012.02.19 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\minecraft
[2010.09.04 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\NCH Swift Sound
[2011.09.17 18:13:09 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Notepad++
[2012.01.21 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\OpenOffice.org
[2012.02.19 12:50:18 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\PhotoFiltre Studio X
[2010.07.04 10:14:07 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\PowerCinema
[2011.10.02 13:55:34 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\pymclevel
[2011.12.29 17:26:37 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\Sierra
[2010.07.05 08:55:15 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\SoftDMA
[2011.09.26 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\TIM\AppData\Roaming\uTorrent
[2009.11.05 01:49:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer
[2009.11.05 05:16:17 | 000,000,000 | ---D | M] -- C:\ProgramData\AmUStor
[2010.04.13 00:07:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011.09.27 19:50:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2009.11.05 04:32:27 | 000,000,000 | ---D | M] -- C:\ProgramData\BackupManager
[2010.07.31 11:19:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Broderbund Software
[2012.02.19 21:57:43 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.04.13 00:07:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.04.13 00:09:19 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009.11.05 05:16:17 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010.04.13 00:07:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.10.17 13:41:43 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2010.04.13 00:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2011.10.30 10:30:49 | 000,000,000 | ---D | M] -- C:\ProgramData\metier2000Apps
[2010.09.04 15:53:58 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2010.04.13 00:17:46 | 000,000,000 | ---D | M] -- C:\ProgramData\OEM
[2010.04.14 20:46:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Partner
[2011.07.21 17:53:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2011.10.17 13:36:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2010.05.15 10:16:12 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2011.10.17 11:59:39 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.07.31 11:32:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Riverdeep Interactive Learning Limited
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.04.13 00:07:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.10.17 13:37:04 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2011.01.20 18:33:21 | 000,000,000 | ---D | M] -- C:\ProgramData\SWTCWRH
[2011.12.22 18:32:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TechSmith
[2010.07.04 10:19:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010.04.13 00:07:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.02.19 12:50:35 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
[2012.02.19 12:50:34 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2E51849B-6C53-4B47-9E70-462912833018}
[2012.01.21 18:16:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---
__________________
Alt 21.02.2012, 11:47   #4
markusg
/// Malware-holic
 
Weißer Bildschirm "50€-Trojaner" - Standard

Weißer Bildschirm "50€-Trojaner"


dann kopiere auf deinen stick folgendes programm:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

stick in den pc, abgesicherter modus mit eingabeaufforderung, schreibe:
d:\combofix.exe
enter
falls das nicht klappt
e:\combofix.exe
enter, bis du das richtige laufwerk hast.
dann, falls ein laufendes antimalware programm angezeigt wird, bestätigen, scan durchlaufen lassen, in den normalen modus starten log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.02.2012, 19:18   #5
KaleuVIIc
 
Weißer Bildschirm "50€-Trojaner" - Standard

Weißer Bildschirm "50€-Trojaner"


hallo, soweit so gut. hatte den virenscanner ausgeschaltet aber eine meldung kam trotzdem. ich hoffe, es hat den scan nicht beeinträchtigt. anbei das ergebnis:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-21.02 - TIM 21.02.2012  18:35:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2619 [GMT 1:00]
ausgeführt von:: I:\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Pro Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\TIM\AppData\Local\Temp\IswTmp\WH\0
c:\users\TIM\AppData\Local\TempDIR
c:\users\TIM\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\TIM\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-21 bis 2012-02-21  ))))))))))))))))))))))))))))))
.
.
2012-02-21 17:43 . 2012-02-21 17:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-20 22:24 . 2012-02-20 22:24	--------	d-----w-	c:\users\TIM\AppData\Roaming\Avira
2012-02-20 22:11 . 2012-01-31 07:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-20 22:11 . 2012-01-31 07:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-20 22:11 . 2011-09-16 15:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-20 22:11 . 2012-02-20 22:11	--------	d-----w-	c:\programdata\Avira
2012-02-20 22:11 . 2012-02-20 22:11	--------	d-----w-	c:\program files (x86)\Avira
2012-02-19 20:57 . 2012-02-19 20:57	--------	d-----w-	c:\program files (x86)\Conduit
2012-02-19 20:57 . 2012-02-19 20:57	--------	d-----w-	c:\users\TIM\AppData\Local\Conduit
2012-02-19 20:57 . 2012-02-19 20:57	--------	d-----w-	c:\program files (x86)\ZoneAlarm_Deutsch
2012-02-19 14:39 . 2012-02-19 14:39	--------	d-----w-	c:\program files\CCleaner
2012-02-19 14:37 . 2012-02-19 14:37	--------	d-----w-	C:\BOOT
2012-02-19 14:36 . 2011-01-22 14:58	26504	----a-w-	c:\windows\system32\drivers\eufs.sys
2012-02-19 14:36 . 2011-01-22 14:58	17800	----a-w-	c:\windows\system32\drivers\eudskacs.sys
2012-02-19 14:36 . 2011-01-22 14:58	36232	----a-w-	c:\windows\system32\drivers\eubakup.sys
2012-02-19 14:36 . 2011-01-22 14:58	193416	----a-w-	c:\windows\system32\drivers\EuDisk.sys
2012-02-19 14:36 . 2011-01-22 14:58	23432	----a-w-	c:\windows\system32\fbnative.exe
2012-02-19 14:36 . 2012-02-19 14:36	--------	d-----w-	c:\program files\Todo Backup 2.0
2012-02-19 14:18 . 2012-02-19 14:18	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-02-19 14:14 . 2012-02-19 14:14	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-02-19 14:14 . 2012-02-19 14:14	--------	d-----w-	c:\program files (x86)\Java
2012-02-19 13:52 . 2012-02-19 20:57	--------	d-----w-	c:\program files (x86)\CheckPoint
2012-02-19 13:33 . 2012-02-19 13:33	--------	d-----w-	c:\windows\PCHEALTH
2012-02-19 12:20 . 2012-02-19 12:20	--------	d-----w-	c:\windows\Options
2012-02-19 11:04 . 2012-02-19 11:04	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-02-16 14:07 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-16 14:07 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-16 14:07 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-16 14:07 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-16 14:07 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-16 14:07 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-16 14:05 . 2011-12-16 08:45	451072	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2012-02-16 14:05 . 2011-12-16 07:52	163328	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2012-02-16 14:05 . 2011-12-16 06:44	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-16 14:05 . 2011-12-16 06:09	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-02-13 17:22 . 2012-02-19 12:52	--------	d-----w-	c:\program files (x86)\Mail.Ru
2012-02-11 13:14 . 2012-02-11 13:14	--------	d-----r-	c:\users\TIM\AppData\Roaming\Brother
2012-02-05 22:13 . 2012-02-05 22:13	--------	d-----w-	c:\users\TIM\AppData\Local\Mozilla
2012-02-05 18:11 . 2012-02-19 11:50	--------	d-----w-	c:\users\TIM\SecurityScans
2012-02-05 13:33 . 2012-02-05 13:33	447	----a-w-	C:\user.js
2012-02-04 21:45 . 2006-07-11 17:43	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-02-04 21:45 . 2006-07-11 17:35	503808	----a-w-	c:\windows\SysWow64\MSVCP71.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
"{f361b100-73c5-4793-8bcc-6e5c41510210}"= "c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f361b100-73c5-4793-8bcc-6e5c41510210}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-07-09 19:33	2736736	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVD1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 16:21	1299248	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f361b100-73c5-4793-8bcc-6e5c41510210}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-03-28 16:22	176936	----a-w-	c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVD1.dll" [2010-07-09 2736736]
"{f361b100-73c5-4793-8bcc-6e5c41510210}"= "c:\program files (x86)\ZoneAlarm_Deutsch\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{f361b100-73c5-4793-8bcc-6e5c41510210}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\Steam.exe" [2011-11-16 1242448]
"AVMUSBFernanschluss"="c:\users\TIM\AppData\Local\Apps\2.0\AY82PH96.WAG\GV3C5JR4.1Y3\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-11-17 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2010-01-18 181480]
"Adobe Reader Speed Launcher"="c:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"LogMeIn Hamachi Ui"="e:\logmein hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"EaseUs Watch"="c:\programme\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\TIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
UltimateZip Quick Start.lnk - c:\program files (x86)\UltimateZip\uzqkst.exe [2001-9-5 229888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-4-13 708608]
Event Reminder.lnk - d:\programme\Printmaster16\PrintMaster 16\pmremind.exe [2006-10-29 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 EASEUS Agent;EASEUS Agent;c:\programme\Todo Backup 2.0\bin\Agent.exe [2011-01-22 55688]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;e:\logmein hamachi\hamachi-2.exe [2012-02-07 2343816]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-01-06 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-01-06 827520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.freenet.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\TIM\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-!{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-!{ff88a983-649d-4207-9336-9b999280b436} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Toolbar-!{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Toolbar-!{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-!{ff88a983-649d-4207-9336-9b999280b436} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{00725D68-069B-4095-9FF1-E7469C0E95DF} - (no file)
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{FF88A983-649D-4207-9336-9B999280B436} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{F361B100-73C5-4793-8BCC-6E5C41510210} - (no file)
HKLM-Run-ISW - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Forgotten Elements - c:\windows\system32\javaws.exe
AddRemove-PhotoFiltre Studio X - e:\photofiltre studio x\Uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2962486779-4126303749-2838823280-1000\Software\SecuROM\License information*]
"datasecu"=hex:93,32,35,cd,b9,9c,42,32,6e,0f,04,b9,78,2e,1e,9a,f9,b7,90,c9,0a,
   54,ef,14,86,0a,43,ae,c4,e2,58,4f,ad,88,a5,54,98,7e,ab,41,23,a6,81,4c,47,6e,\
"rkeysecu"=hex:92,9b,d3,1c,a2,61,dc,35,02,83,f5,ac,94,27,3e,74
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-21  18:52:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-21 17:52
.
Vor Suchlauf: 13 Verzeichnis(se), 11.776.983.040 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 12.734.529.536 Bytes frei
.
- - End Of File - - 7FFB9EBCB89F87BA5E9C25679D2D4D3E
--- --- ---
Antwort

Themen zu Weißer Bildschirm "50€-Trojaner"
abgesicherten, bildschirm, bitte warten, bluescreen, boot-cd, datei, funktioniert, hallo zusammen, heute, hilfreiche, hinweis, home, internet, logfiles, meldung, modus, opfer, problem, rechner, scan, scheibe, starten, verbindung, weiße, windows, xp home, zusammen


« Gema Paysafe Trojaner 50 Euro | Computer durch Windows Security Center gesperrt »


Ähnliche Themen: Weißer Bildschirm "50€-Trojaner"


  1. "BKA-Trojaner" auf Windows Vista - weißer Bildschirm nach dem Booten
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (12)
  2. "BKA-Trojaner" im abgesicherten Modus nur weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  3. Trojaner Ransom-D / Weißer Bildschirm: "Diese Website kann nicht angezeigt werden"
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (39)
  4. Weißer Bildschirm und:"es konnte keine Internetverbindung hergestellt werden"
    Log-Analyse und Auswertung - 24.10.2012 (1)
  5. weißer Bildschirm mit Text " Website kann nicht angezeigt werden" -> Avast meldete Trojaner Ransom-D
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (25)
  6. weißer bildschirm und:"es konnte keine Internetverbindung hergestellt werden"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (19)
  7. "weißer Bildschirm" Trojaner
    Log-Analyse und Auswertung - 17.09.2012 (38)
  8. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  9. Trojaner - "Weißer Bildschirm mit Verbindung wird hergestellt."
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (47)
  10. Trojaner: weißer Bildschirm "Bitte warten Sie während die Verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (30)
  11. Blauer Bildschirm beim booten von USB (Bekämpfung d."Weißer Bildschirm-please wait")
    Log-Analyse und Auswertung - 08.07.2012 (6)
  12. Weißer Bildschirm "Warten sie während die Verbindung aufgebaut wird"
    Log-Analyse und Auswertung - 01.05.2012 (20)
  13. Weißer Bildschirm "Warten sie während die Verbindung aufgebaut wird" u. "Please wait while the conne
    Log-Analyse und Auswertung - 24.04.2012 (9)
  14. Weißer Bildschirm: "Warten während die Verbindung hergestellt wird." Win 7
    Log-Analyse und Auswertung - 18.04.2012 (4)
  15. Trojaner Weißer Bildschirm + "Connection is beeing established"
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (8)
  16. Trojaner - Weißer Bildschirm - "Warten Sie bis Verbindung..."
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (29)
  17. Weißer Bildschirm und :"warten sie während die verbindung hergestellt wird"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Weißer Bildschirm "50€-Trojaner" - Hallo zusammen, mein Sohn hat seit gestern Abend nur noch einen weißen Bildschirm mit der Meldung: "Bitte warten Sie bis die Verbindung zum Internet hergestellt wird". Heute Vormittag hatte er - Weißer Bildschirm "50€-Trojaner"...
Archiv
Du betrachtest: Weißer Bildschirm "50€-Trojaner" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131