Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
bka Trojaner entfernt durch windowszurückstellung?

bka Trojaner entfernt durch windowszurückstellung?


Log-Analyse und Auswertung: bka Trojaner entfernt durch windowszurückstellung?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.07.2012, 18:45   #1
codephantom
 
bka Trojaner entfernt durch windowszurückstellung? - Standard

bka Trojaner entfernt durch windowszurückstellung?


Hallo Leute,

mein Problem begann mit kinox.to, beidem ich mir einen

(https://www.bsi.bund.de/ContentBSI/Presse/Kurzmitteilungen/Kurzmit2012/Schadsoftware_mit_BSI-Logo_nach_wie_vor_im_Umlauf_09072012.html)

Trojaner gefangen habe, also war mein Bildschirm gesperrt und die berühmte Meldung kam, dass ich doch bitte hundert Euro zu zahlen hätte. Die Webcam war auch angezapft.

Nach einem kurzen schreck hab ich per strg-alt-entferner ein anderes profil aufgerufen und avira antivirus vollständigen suchlauf gestartet der hat 2.5 stunden gebraucht, aber nichts gefunden.

nachdem ich eine windowszurückstellung auf ein früheres datum gemacht habe, funktioniert mein altes profil wieder. Der Bildschirm ist entsperrt und der Virus zeigt sich nicht mehr.

Meine Frage ist, ist mein Computer jetzt virenfrei.

Logfiles:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 19:16:32 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,13% Memory free
6,15 Gb Paging File | 4,59 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 265,32 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 32,21 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ABD1E7-6DD7-45B7-9017-F0C816628430}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{0C637AF3-A4AA-4099-A3F3-DEA6BA10B30F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{50E1AD44-814A-4EFA-A6BC-A71BFF7BD859}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6E7B44E8-892A-4E78-A988-27A99BA74792}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B9E71249-F8DC-49D8-A1E4-D8B74C939873}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{7169A970-1942-4F71-B166-0F26CCB52970}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{87374E13-3164-4CAE-981C-7DB74BAB8E80}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFCA83F3-C229-4FDD-8F85-8DA0D993A4C8}" = Falk Navigator 4
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Badaboom" = Badaboom 1.2.1.40
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fragen-Lern-CD" = Fragen-Lern-CD
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.11.504
"GIMP-2_is1" = GIMP 2.8.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"Steam App 72850" = The Elder Scrolls V: Skyrim
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4" = GeoGebra 4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.07.2012 17:08:09 | Computer Name = ***| Source = Microsoft-Windows-CAPI2 | ID = 131329
Description = 
 
Error - 30.07.2012 17:35:17 | Computer Name = ***| Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:36:43 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:38:19 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:41:23 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:48:00 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:50:59 | Computer Name = **** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 17:55:03 | Computer Name = ***| Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 30.07.2012 18:35:15 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 31.07.2012 12:32:42 | Computer Name = *** | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
[ System Events ]
Error - 28.05.2010 18:19:28 | Computer Name = ***| Source = HTTP | ID = 15016
Description = 
 
Error - 28.05.2010 18:21:04 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.05.2010 03:16:34 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 29.05.2010 03:18:11 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.05.2010 05:46:59 | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.05.2010 um 10:11:24 unerwartet heruntergefahren.
 
Error - 29.05.2010 05:47:03 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 29.05.2010 05:48:39 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.05.2010 07:59:27 | Computer Name = *** | Source = HTTP | ID = 15016
Description = 
 
Error - 29.05.2010 08:00:55 | Computer Name = ** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.05.2010 14:29:55 | Computer Name = ***| Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2012 19:16:32 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,13% Memory free
6,15 Gb Paging File | 4,59 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 433,53 Gb Total Space | 265,32 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 32,22 Gb Total Space | 32,21 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Adrian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\steam.exe (Valve Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 9C 5F 5D 5E 57 CD 01  [binary data]
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 E3 14 72 A3 3D CD 01  [binary data]
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 FB CF 22 D2 48 CD 01  [binary data]
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4332060-711648869-1464409593-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/?sc=de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 14:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.29 16:05:40 | 000,000,000 | ---D | M]
 
[2010.02.08 17:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions
[2011.06.24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\3npi2eko.csd-11608\extensions
[2011.06.24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\3npi2eko.csd-11608\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.24 21:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\3npi2eko.csd-11608\extensions\staged-xpis
[2011.10.24 07:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\7uqs9dhr.csd-12413\extensions
[2011.10.24 07:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\7uqs9dhr.csd-12413\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.24 07:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\7uqs9dhr.csd-12413\extensions\staged-xpis
[2011.06.26 15:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\grrsf8c4.csd-9027\extensions
[2011.06.26 15:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\grrsf8c4.csd-9027\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.26 15:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\grrsf8c4.csd-9027\extensions\staged-xpis
[2011.06.26 15:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k9uxkf7b.csd-23180\extensions
[2011.06.26 15:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k9uxkf7b.csd-23180\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.26 15:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\k9uxkf7b.csd-23180\extensions\staged-xpis
[2012.06.10 22:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\ldvtypyl.default\extensions
[2011.06.24 21:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\n2kv7o4z.default\extensions
[2010.02.27 13:09:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\n2kv7o4z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.24 21:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\rm0s4hvl.csd-22915\extensions
[2011.06.24 21:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\rm0s4hvl.csd-22915\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.24 21:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\rm0s4hvl.csd-22915\extensions\staged-xpis
[2012.05.20 19:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.22 14:35:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.22 17:07:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.20 19:14:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.20 19:14:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.20 19:14:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.20 19:14:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.20 19:14:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.20 19:14:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4332060-711648869-1464409593-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4332060-711648869-1464409593-1002\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4332060-711648869-1464409593-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4332060-711648869-1464409593-1002..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4332060-711648869-1464409593-1002..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKU\S-1-5-21-4332060-711648869-1464409593-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKU\S-1-5-21-4332060-711648869-1464409593-1004..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4332060-711648869-1464409593-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://*****/CACHE/sdesktop/install/binaries/instweb.cab (*****/ *****)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C821A8D3-99A5-4CC7-950D-5BFD64822494}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 00:29:13 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.31 00:26:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.31 00:26:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.31 00:26:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.31 00:26:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.31 00:26:42 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.31 00:26:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.31 00:26:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.30 23:22:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.30 18:28:09 | 000,000,000 | ---D | C] -- C:\archive_db
[2012.07.30 18:25:25 | 000,000,000 | ---D | C] -- C:\arc_300712162320222
[2012.07.30 18:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\backup
[2012.07.30 18:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2012.07.30 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2012.07.30 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 19:18:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81548F27-4443-4D18-B448-C38E38F21E7F}.job
[2012.07.31 18:48:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 18:48:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.31 18:48:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.31 18:32:38 | 000,114,078 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.31 18:32:34 | 000,114,078 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.31 18:32:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.31 18:32:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:32:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 18:32:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 00:35:09 | 003,626,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.31 00:22:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 23:55:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.30 23:55:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.30 23:55:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.30 23:55:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 13:50:01 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
 
========== Files Created - No Company Name ==========
 
[2012.07.30 13:27:40 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.04.22 16:34:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.10.06 19:24:21 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 12:23:01 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.02.09 16:07:08 | 000,000,680 | RHS- | C] () -- C:\Users\\ntuser.pol
[2010.02.08 18:10:00 | 000,114,078 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.08 18:09:54 | 000,114,078 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.02.08 17:39:53 | 000,001,024 | ---- | C] () -- C:\Users\****\.rnd
[2010.02.08 17:12:30 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.12.01 23:09:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.26 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\****AppData\Roaming\OpenOffice.org
[2012.06.18 14:19:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Stellarium
[2011.06.24 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cisco
[2011.05.08 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2011.10.26 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011.05.24 04:00:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer
[2011.05.23 23:40:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.31 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2011.05.24 11:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.07.31 00:38:15 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.31 19:18:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81548F27-4443-4D18-B448-C38E38F21E7F}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
Danke im voraus das codephantom
Geändert von codephantom (31.07.2012 um 19:12 Uhr) Grund: Privater Name

 

Themen zu bka Trojaner entfernt durch windowszurückstellung?
7-zip, avira, bho, bka - trojaner, bka bundeskriminalamt virus, canon, converter, desktop, euro, flash player, frage, gebraucht, google, google earth, home, install.exe, kinox.to, langs, mozilla, plug-in, problem, realtek, registry, rundll, scan, security, trojaner, trojaner - ihr computer wurde gesperrt, usb, vista


« Rundll32 wird aufgrund eines Problems nicht mehr richtig ausgeführt | GVU Trojaner auf 2 Rechnern im Netzwerk »


Ähnliche Themen: bka Trojaner entfernt durch windowszurückstellung?


  1. TR/BProtector.gen2 durch Quarantäne und Systemwiederherstellung entfernt? [Windows 7]
    Log-Analyse und Auswertung - 10.04.2014 (7)
  2. Windows 8.1 Startfenster durch vlc.de, entfernt, aber Firefox langsamer?
    Log-Analyse und Auswertung - 11.03.2014 (10)
  3. Advanced System Protector und RegClean- durch einfaches deinstallieren entfernt?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2013 (15)
  4. Nach GVU Trojaner (bereits entfernt durch euch), möglicherweise noch Rootkit auf meinem Rechner?
    Log-Analyse und Auswertung - 10.01.2013 (11)
  5. Suisa 2.03 Virus durch Windowszurücksetzung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (6)
  6. Bundestrojaner durch Systemwiederherstellung entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (20)
  7. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  8. Trojaner entfernt durch Eingriff in Registry - Fehlermeldung
    Log-Analyse und Auswertung - 21.04.2012 (1)
  9. w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen
    Log-Analyse und Auswertung - 20.11.2011 (24)
  10. [doppelt]rootkit w7 64 bit whistler, durch ein kaps tool entfernt.
    Mülltonne - 17.11.2011 (3)
  11. BKA-Trojaner ist entfernt. PC startet nicht durch.
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (2)
  12. Security Shild entfernt, trotzdem Fund durch SUPERAntiSpyware
    Log-Analyse und Auswertung - 14.02.2011 (19)
  13. Rechner lahmgelegt durch "kb.dll" - Wie kann der Trojaner entfernt werden? Arbeiten kaum möglich :-(
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (17)
  14. Antimalware Doctor durch Systemwiederherstellung entfernt?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (14)
  15. computer zeigt probleme nachdem sdra64 durch malwarebytes entfernt wurde
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (4)
  16. TR7Dropper.Gen durch neu Installation entfernt?
    Mülltonne - 05.12.2008 (0)
  17. TR/Vundo.DST - kann nicht (durch mich) entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 19.12.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema bka Trojaner entfernt durch windowszurückstellung? - Hallo Leute, mein Problem begann mit kinox.to, beidem ich mir einen (https://www.bsi.bund.de/ContentBSI/Presse/Kurzmitteilungen/Kurzmit2012/Schadsoftware_mit_BSI-Logo_nach_wie_vor_im_Umlauf_09072012.html) Trojaner gefangen habe, also war mein Bildschirm gesperrt und die berühmte Meldung kam, dass ich doch bitte hundert - bka Trojaner entfernt durch windowszurückstellung?...
Archiv
Du betrachtest: bka Trojaner entfernt durch windowszurückstellung? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131