Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Trojaner / System gesperrt

Bundespolizei Trojaner / System gesperrt


Log-Analyse und Auswertung: Bundespolizei Trojaner / System gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.08.2012, 13:39   #1
koenig53
 
Bundespolizei Trojaner / System gesperrt - Icon26

Bundespolizei Trojaner / System gesperrt


hallo,

Mich hats jetzt auch erwischt und zwar meinen laptop(windows vista).

Ich bitte um hilfe.

Ich habe heute Malwarebytes Anti-Malware geholt und ausgeführt (Version 1.62). Es wurden 3 Dateien gefunden. Die hab ich entfernt und die Logs gesichert.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gast :: WEB-PC [limited]

Protection: Enabled

03.08.2012 11:26:46
mbam-log-2012-08-03 (11-26-46).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 140294
Time elapsed: 1 hour(s), 5 minute(s), 2 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Gast\AppData\Local\{9579f682-1fdb-988c-8b83-cc51a3e96cb6}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Users\Gast\AppData\Local\{9579f682-1fdb-988c-8b83-cc51a3e96cb6}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Gast\AppData\Local\{9579f682-1fdb-988c-8b83-cc51a3e96cb6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


Danach ich habe die otl.exe geholt und ausgefürt hier die logs:

log otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.08.2012 13:15:03 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,90% Memory free
6,16 Gb Paging File | 4,82 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 77,11 Gb Free Space | 54,27% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 142,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,62 Gb Free Space | 87,31% Space Free | Partition Type: FAT
 
Computer Name: WEB-PC | User Name: rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gast\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3358.38458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ROCKEYNT) -- C:\Windows\System32\drivers\Rockey4.sys (Feitian Technologies Co., Ltd.)
DRV - (Rockey_USB) -- C:\Windows\System32\drivers\Rockey4USB.sys (Feitian Technologies Co., Ltd.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{DA33DA68-C978-4031-9C30-E6094553C4F8}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:20980
 
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-326891830-3036340036-2452681849-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 10:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.22 16:23:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 10:19:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.22 16:23:39 | 000,000,000 | ---D | M]
 
[2009.08.24 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rainer\AppData\Roaming\mozilla\Extensions
[2012.07.06 15:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rainer\AppData\Roaming\mozilla\Firefox\Profiles\o3prh5zu.default\extensions
[2010.04.27 09:41:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rainer\AppData\Roaming\mozilla\Firefox\Profiles\o3prh5zu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.30 15:06:18 | 000,000,853 | ---- | M] () -- C:\Users\rainer\AppData\Roaming\Mozilla\Firefox\Profiles\o3prh5zu.default\searchplugins\11-suche.xml
[2012.06.30 15:06:19 | 000,002,209 | ---- | M] () -- C:\Users\rainer\AppData\Roaming\Mozilla\Firefox\Profiles\o3prh5zu.default\searchplugins\englische-ergebnisse.xml
[2012.06.30 15:06:18 | 000,010,506 | ---- | M] () -- C:\Users\rainer\AppData\Roaming\Mozilla\Firefox\Profiles\o3prh5zu.default\searchplugins\gmx-suche.xml
[2012.06.30 15:06:19 | 000,002,368 | ---- | M] () -- C:\Users\rainer\AppData\Roaming\Mozilla\Firefox\Profiles\o3prh5zu.default\searchplugins\lastminute.xml
[2012.06.30 15:06:18 | 000,005,489 | ---- | M] () -- C:\Users\rainer\AppData\Roaming\Mozilla\Firefox\Profiles\o3prh5zu.default\searchplugins\webde-suche.xml
[2012.03.18 19:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.20 20:37:27 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.07.06 15:06:37 | 000,395,892 | ---- | M] () (No name found) -- C:\USERS\RAINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O3PRH5ZU.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2012.06.30 15:06:07 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\RAINER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O3PRH5ZU.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.07.20 10:19:43 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.05 15:37:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.05 22:44:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.05 22:44:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.05 22:44:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.05 22:44:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 22:44:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.05 22:44:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 09:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003..\Run: [|16196BEA-CDBC-1C2F-261C-CF19F14B0291}] C:\Users\rainer\AppData\Roaming\Eqbaa\labao.exe (Belkin)
O4 - HKU\S-1-5-21-326891830-3036340036-2452681849-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-326891830-3036340036-2452681849-501..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-VNUHA.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1182E39A-2576-41B0-9F03-17318447B695}: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA6BD6BE-EDD7-419F-87D4-04CA3431EFBD}: DhcpNameServer = 91.89.91.89 91.89.89.94
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\SamsungEco2_1366x768.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\SamsungEco2_1366x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 09:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 09:51:36 | 000,000,000 | ---D | C] -- C:\Users\rainer\AppData\Roaming\Oxyh
[2012.08.03 09:51:36 | 000,000,000 | ---D | C] -- C:\Users\rainer\AppData\Roaming\Eqbaa
[2012.07.11 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\rainer\AppData\Roaming\Malwarebytes
[2012.07.11 18:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 18:58:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.11 18:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 18:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.03 13:14:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 13:14:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 12:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.03 12:25:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 11:15:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 11:14:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 11:13:47 | 3184,119,808 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 11:13:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.03 11:12:54 | 000,711,240 | ---- | M] () -- C:\Windows\is-VNUHA.exe
[2012.08.03 11:12:54 | 000,012,842 | ---- | M] () -- C:\Windows\is-VNUHA.msg
[2012.08.03 11:12:54 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 11:12:54 | 000,000,422 | ---- | M] () -- C:\Windows\is-VNUHA.lst
[2012.08.01 17:33:33 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.29 18:28:23 | 010,354,807 | ---- | M] () -- C:\Users\rainer\Documents\alice_mueller_LM_06_2012.mov
[2012.07.29 18:23:43 | 010,449,541 | ---- | M] () -- C:\Users\rainer\Documents\akyria_LM_02_2012.mov
[2012.07.29 18:17:56 | 013,613,035 | ---- | M] () -- C:\Users\rainer\Documents\anne_engbert_beauty_LMCUBES.mov
[2012.07.29 18:12:47 | 009,136,265 | ---- | M] () -- C:\Users\rainer\Documents\anne_lise_moeberg_12_2011.mov
[2012.07.29 18:11:32 | 010,880,917 | ---- | M] () -- C:\Users\rainer\Documents\anna_zotova_LM_07_2012.mov
[2012.07.29 18:07:49 | 008,145,447 | ---- | M] () -- C:\Users\rainer\Documents\anastasiya_antonyuk_LM_06_2012.mov
[2012.07.29 18:05:54 | 007,723,773 | ---- | M] () -- C:\Users\rainer\Documents\alliny_gomes_LM_08_2011.mov
[2012.07.29 18:04:54 | 006,081,153 | ---- | M] () -- C:\Users\rainer\Documents\alisa_znaroka_LM2010.mov
[2012.07.29 18:00:32 | 006,785,183 | ---- | M] () -- C:\Users\rainer\Documents\alessia_d_alessandro.mov
[2012.07.29 17:59:12 | 011,080,767 | ---- | M] () -- C:\Users\rainer\Documents\alessia_d_alessandro_french_LM2010.mov
[2012.07.13 20:24:18 | 000,000,022 | ---- | M] () -- C:\Users\rainer\Documents\sesam.fxc
[2012.07.12 11:01:22 | 000,394,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 17:18:07 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
 
========== Files Created - No Company Name ==========
 
[2012.08.03 11:12:54 | 000,711,240 | ---- | C] () -- C:\Windows\is-VNUHA.exe
[2012.08.03 11:12:54 | 000,012,842 | ---- | C] () -- C:\Windows\is-VNUHA.msg
[2012.08.03 11:12:54 | 000,000,422 | ---- | C] () -- C:\Windows\is-VNUHA.lst
[2012.07.29 18:28:22 | 010,354,807 | ---- | C] () -- C:\Users\rainer\Documents\alice_mueller_LM_06_2012.mov
[2012.07.29 18:23:42 | 010,449,541 | ---- | C] () -- C:\Users\rainer\Documents\akyria_LM_02_2012.mov
[2012.07.29 18:17:55 | 013,613,035 | ---- | C] () -- C:\Users\rainer\Documents\anne_engbert_beauty_LMCUBES.mov
[2012.07.29 18:12:46 | 009,136,265 | ---- | C] () -- C:\Users\rainer\Documents\anne_lise_moeberg_12_2011.mov
[2012.07.29 18:11:31 | 010,880,917 | ---- | C] () -- C:\Users\rainer\Documents\anna_zotova_LM_07_2012.mov
[2012.07.29 18:07:48 | 008,145,447 | ---- | C] () -- C:\Users\rainer\Documents\anastasiya_antonyuk_LM_06_2012.mov
[2012.07.29 18:05:54 | 007,723,773 | ---- | C] () -- C:\Users\rainer\Documents\alliny_gomes_LM_08_2011.mov
[2012.07.29 18:04:53 | 006,081,153 | ---- | C] () -- C:\Users\rainer\Documents\alisa_znaroka_LM2010.mov
[2012.07.29 18:00:31 | 006,785,183 | ---- | C] () -- C:\Users\rainer\Documents\alessia_d_alessandro.mov
[2012.07.29 17:59:10 | 011,080,767 | ---- | C] () -- C:\Users\rainer\Documents\alessia_d_alessandro_french_LM2010.mov
[2012.07.13 20:24:17 | 000,000,022 | ---- | C] () -- C:\Users\rainer\Documents\sesam.fxc
[2012.07.11 18:58:12 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 14:55:43 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.02.29 10:58:07 | 000,002,048 | -HS- | C] () -- C:\Users\Gast\AppData\Local\ea558371\@
[2012.01.11 18:20:52 | 000,002,048 | -HS- | C] () -- C:\Users\Gast\AppData\Local\{9579f682-1fdb-988c-8b83-cc51a3e96cb6}\@
[2009.11.24 07:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.26 14:49:48 | 000,003,584 | ---- | C] () -- C:\Users\rainer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.20 15:45:18 | 000,023,888 | ---- | C] () -- C:\Users\rainer\AppData\Roaming\UserTile.png
 
========== LOP Check ==========
 
[2012.04.18 10:03:52 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2009.11.18 21:31:45 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2012.08.03 11:02:14 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\TeamViewer
[2009.11.09 05:24:25 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012.08.03 09:51:36 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\Eqbaa
[2010.04.06 02:45:06 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\EurekaLog
[2011.03.01 16:20:20 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\kreawi
[2009.11.02 07:47:19 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\OpenOffice.org
[2012.08.03 09:53:13 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\Oxyh
[2010.06.28 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\rainer\AppData\Roaming\SF Software
[2012.08.03 11:13:10 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.08.2012 13:00:07 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Gast\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 52,40% Memory free
6,16 Gb Paging File | 4,69 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 77,11 Gb Free Space | 54,27% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 142,91 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,62 Gb Free Space | 87,31% Space Free | Partition Type: FAT
 
Computer Name: WEB-PC | User Name: rainer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2BE5DDE6-3222-4B3E-A4DA-190A2B2F5F37}" = rport=137 | protocol=17 | dir=out | app=system | 
"{38D7F6D3-2F0C-4506-AE75-BD6896EEC83E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50204B2F-829B-4B87-85D4-F6B929E93A5A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{563F8A80-33DF-4780-80D3-4B3480EFC789}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5CE5C468-9641-44D5-804A-040A4B76BD9C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{626EEAB6-CD02-4048-8DD1-E6ED902B0E73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6E79A02B-EC88-417B-966D-EC0933A3CC93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{81780412-7DC7-4E6A-9EE1-21BA93666696}" = lport=445 | protocol=6 | dir=in | app=system | 
"{97DEF3C7-7D38-475A-8120-AD15D9090E00}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ACBDDD68-2BDD-4188-BADF-A346EEC7F01C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E844359D-952C-4E27-8EB3-1896CE835E37}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10CC88AB-E478-4025-A4E8-982212F18133}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1F9B32BF-4B3F-442A-B857-31985B936F49}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A7482EE-8A62-4881-9C80-4D539ACF5933}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{65BDDA06-C361-4C73-8A2C-9E3CD8F821AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7154374E-4021-40E4-BD4C-FDD63BAE8888}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A3C22CD9-48D6-44ED-9D65-3FC234257C99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8C49885-5C0C-4AE6-9F5B-FB88078BEA24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C6BEC6FA-7C91-4710-B593-146B91B42E64}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{0B63441D-FC04-44F6-8439-B6173EED6FDD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{41D46FE4-EFB2-4D43-8BF4-965F5E3493DE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{B6EC5C3D-C8C2-44C0-ADE2-637A4324AF03}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"TCP Query User{BEB052FA-BD70-4644-A007-F6D5B2751AFD}C:\users\public\documents\sesam\sesam_backup2.exe" = protocol=6 | dir=in | app=c:\users\public\documents\sesam\sesam_backup2.exe | 
"UDP Query User{37AED5BE-08FE-4DB1-9978-A71DAFCE6A3D}C:\users\public\documents\sesam\sesam_backup2.exe" = protocol=17 | dir=in | app=c:\users\public\documents\sesam\sesam_backup2.exe | 
"UDP Query User{59FD7427-D0FF-44C6-B048-98A263C8B4A8}C:\program files\openoffice.org 3\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.bin | 
"UDP Query User{5A89D3E3-9AF6-4014-BD7F-3D4E2B6E206E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{FACD20C6-B365-4010-BE61-A21BCFC77F25}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"PhotoStitch" = Canon Utilities PhotoStitch
"Sesam" = Sesam
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XMind" = XMind
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"kreawi Prüfungstrainer" = kreawi Prüfungstrainer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2012 02:33:38 | Computer Name = Web-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 02.08.2012 22:12:36 | Computer Name = Web-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 17:30:00 | Computer Name = Web-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 17:54:59 | Computer Name = Web-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1318  Anfangszeit: 01cd71c22ed20ffa  Zeitpunkt
 der Beendigung: 7
 
Error - 03.08.2012 17:55:27 | Computer Name = Web-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.08.2012 17:56:09 | Computer Name = Web-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCC.exe, Version 2.0.0.0, Zeitstempel 0x494a943f,
 fehlerhaftes Modul mscorwks.dll, Version 2.0.50727.4223, Zeitstempel 0x4ef6c9ac,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0010545e,  Prozess-ID 0xÔåD ÔåD  , Anwendungsstartzeit
 ÔåD ÔåD  .
 
Error - 03.08.2012 17:59:24 | Computer Name = Web-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.08.2012 18:25:15 | Computer Name = Web-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 18:29:21 | Computer Name = Web-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 03.08.2012 19:15:35 | Computer Name = Web-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.08.2012 17:38:45 | Computer Name = Web-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 03.08.2012 17:38:45 | Computer Name = Web-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.08.2012 17:38:45 | Computer Name = Web-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description = 
 
Error - 03.08.2012 18:25:16 | Computer Name = Web-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2012 18:25:50 | Computer Name = Web-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 03.08.2012 18:26:45 | Computer Name = Web-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.08.2012 19:15:36 | Computer Name = Web-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2012 19:15:36 | Computer Name = Web-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.08.2012 19:16:55 | Computer Name = Web-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.08.2012 19:18:35 | Computer Name = Web-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
--- --- ---
--- --- ---

 

Themen zu Bundespolizei Trojaner / System gesperrt
80000000.@, 800000cb.@, antivir, autorun, avira, bho, bonjour, branding, canon, ccc.exe, desktop, error, firefox, flash player, format, home, iexplore.exe, install.exe, logfile, microsoft office 2003, office 2007, plug-in, realtek, registry, rundll, security, server, software, system, trojaner, udp, usb, vista, windows


« Windows security Alert POPUP. Malwerfund: Trojan.Obfuscated auf externer Platte | "Der Computer ist für die Verletzung der Gesetze der [BRD] wurde blockiert" »


Ähnliche Themen: Bundespolizei Trojaner / System gesperrt


  1. Win 8 Browser durch Bundespolizei(Trojaner?) gesperrt, was tun ?
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (1)
  2. Bundespolizei Trojaner? Firefox gesperrt?
    Log-Analyse und Auswertung - 20.11.2013 (1)
  3. Trojaner von Bundespolizei, Browser gesperrt
    Plagegeister aller Art und deren Bekämpfung - 19.09.2013 (15)
  4. Bundespolizei, Trojaner, Windows 7, Browser gesperrt
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (7)
  5. Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (27)
  6. Bundespolizei Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (30)
  7. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 03.11.2012 (16)
  8. Computer gesperrt durch Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (19)
  9. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  10. BUNDESPOLIZEI - durch das System der automatischen Informationskontrolle gesperrt(Exploit.Drop.UR.2)
    Log-Analyse und Auswertung - 23.08.2012 (15)
  11. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  12. Einheit 5.2 Trojaner (Bundespolizei hat Internet gesperrt)!
    Log-Analyse und Auswertung - 08.08.2012 (4)
  13. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (14)
  14. Bundespolizei-Trojaner hat Netbook (ohne CD-Laufwerk!) gesperrt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (1)
  15. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 15.06.2012 (1)
  16. Trojaner der Bundespolizei, 100 Euro, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
  17. Problem nach Youtube besuch Warnung bundespolizei system wurde gesperrt
    Log-Analyse und Auswertung - 17.07.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Trojaner / System gesperrt - hallo, Mich hats jetzt auch erwischt und zwar meinen laptop(windows vista). Ich bitte um hilfe. Ich habe heute Malwarebytes Anti-Malware geholt und ausgeführt (Version 1.62). Es wurden 3 Dateien gefunden. - Bundespolizei Trojaner / System gesperrt...
Archiv
Du betrachtest: Bundespolizei Trojaner / System gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19