Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ihr Computer wurde gesperrt - Bundespolizei

Ihr Computer wurde gesperrt - Bundespolizei


Plagegeister aller Art und deren Bekämpfung: Ihr Computer wurde gesperrt - Bundespolizei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.08.2012, 22:49   #1
freexfly
 
Ihr Computer wurde gesperrt - Bundespolizei - Standard

Ihr Computer wurde gesperrt - Bundespolizei


Hallo,

das ist alles neu für mich und ich hab das Forum über google gefunden.
Ich hab gerad ne Seite geöffnet und dann ging aufeinmal nichts mehr.
Jetzt erscheint mir eine Seite die sagt der Pc ist gesperrt.. Bundespolizei steht da.
Ist das echt???? Bekomm ich jetzt Ärger???
Da steht ich muss 100€ Zahlen?
Ich kenn mich ja nicht aus...

Was soll ich den jetzt machen? Ich brauch Hilfe

Linda

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 19.08.2012 00:27:56 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\S\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,12 Mb Total Physical Memory | 679,40 Mb Available Physical Memory | 66,41% Memory free
2,00 Gb Paging File | 1,69 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 66,02 Gb Free Space | 66,02% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,77 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: S-PC | User Name: S | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5489E214-FED5-4BEA-B44E-E29E3B7C7E38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{63A972DE-DBDC-49B8-B20F-4A9185DE0E12}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{6C56F02F-91B9-4B7E-BF48-03A9BD232FCF}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{760355D8-F435-49EC-AE09-7FCB9657B3C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A8064B-3E89-4FBC-951A-E70C77515C5E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{0879E29E-2E48-4497-959C-A3359C72F263}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{089C45D5-AF85-496F-8A2B-68BACAC2DADC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{14F114A9-5A55-4420-89A3-494AF34BE86B}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{2223651D-75FD-4013-9BC1-7A298A725AF5}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{2304A681-16AD-4B5B-A9BF-E4FED9112F29}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{2BEB514D-F9FD-4916-8E4D-56398DB4A6CD}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{47FC8672-0F3F-4D03-8F5D-26A656FF68AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{66598264-4A3A-4339-8E68-00F167C54D64}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{74B7B01E-93C4-4C95-A2FD-4E18397615CB}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{A6FCC3C2-822D-400C-8CC6-7A9C64975908}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A7467D7E-E34F-4593-B9ED-D680F8722552}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{A96B0989-F0F7-44EB-8911-E99124975E63}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{B27525C5-41FA-4867-BB7E-41B66185E832}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{C2B39A04-9C97-4FF8-B324-30DFB9DC87EF}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe | 
"{E5432BCE-ED1D-4CF1-B663-CA12843837E7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{EECFE890-7ED5-4DE5-97D2-F4D28AE938DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FD175F63-92C9-4858-B8AF-E48FF38E2A12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{2D22E708-2D77-4E6E-A545-7D9523CAF500}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{C0CFCD15-9D4D-4092-BD0C-EFCE9C88F9B5}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{590F54E8-D77B-487E-B5F4-F8B9F954E56B}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{DC87F9A4-88FF-44B3-BC52-8FFA326341DC}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}" = GraphicsSwitch
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EA6244A-C8E4-4C10-AA1D-037C0C12D4F5}" = calibre
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24EEBC42-E244-452E-81C8-7998CAD9F6C3}" = Lern-o-Mat
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 11.3.11
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"DAEMON Tools Lite" = DAEMON Tools Lite
"Eee Docking_is1" = Eee Docking 3.8.1
"Elantech" = ETDWare PS/2-x86 7.0.5.13_WHQL
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"JAP" = JAP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.01.1532" = Opera 12.01
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.06.2012 11:56:11 | Computer Name = S-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.06.2012 11:56:11 | Computer Name = S-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14711
 
Error - 28.06.2012 11:56:11 | Computer Name = S-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14711
 
Error - 30.07.2012 13:39:53 | Computer Name = S-PC | Source = Bonjour Service | ID = 100
Description = mDNS_Execute: mDNSPlatformRawTime went backwards by 1523945919 ticks;
 setting correction factor to 750533155
 
Error - 30.07.2012 13:47:15 | Computer Name = S-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13f4    Startzeit:
 01cd6e7b105c64f9    Endzeit: 234    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 93d91985-da6e-11e1-b845-bcaec541d004  
 
Error - 30.07.2012 13:48:43 | Computer Name = S-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10fc    Startzeit:
 01cd6e7b6af4b228    Endzeit: 203    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 c9dfd7d0-da6e-11e1-b845-bcaec541d004  
 
Error - 08.08.2012 14:54:57 | Computer Name = S-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 5.0.0.34, 
Zeitstempel: 0x4e09f4e2  Name des fehlerhaften Moduls: trillian.exe, Version: 5.0.0.34,
 Zeitstempel: 0x4e09f4e2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0007075d  ID des fehlerhaften
 Prozesses: 0x958  Startzeit der fehlerhaften Anwendung: 0x01cd759748c385d9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Trillian\trillian.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Trillian\trillian.exe  Berichtskennung: 8b98edd4-e18a-11e1-b675-bcaec541d004
 
Error - 13.08.2012 18:03:43 | Computer Name = S-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 14.08.2012 04:16:12 | Computer Name = S-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 14.08.2012 11:30:25 | Computer Name = S-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
[ System Events ]
Error - 18.08.2012 18:22:47 | Computer Name = S-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
 Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 18.08.2012 18:22:49 | Computer Name = S-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AsUpIO  avipbb  avkmgr  discache  spldr  ssmdrv  Wanarpv6
 
Error - 18.08.2012 18:22:56 | Computer Name = S-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 18:23:02 | Computer Name = S-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 18:23:06 | Computer Name = S-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\windows\System32\bcmihvsrv.dll  Fehlercode: 21  
 
Error - 18.08.2012 18:23:07 | Computer Name = S-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 18:23:07 | Computer Name = S-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 18.08.2012 18:23:11 | Computer Name = S-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.08.2012 18:23:13 | Computer Name = S-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 18.08.2012 18:23:13 | Computer Name = S-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 19.08.2012 00:27:56 - Run 1
OTL by OldTimer - Version 3.2.58.0     Folder = C:\Users\S\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,12 Mb Total Physical Memory | 679,40 Mb Available Physical Memory | 66,41% Memory free
2,00 Gb Paging File | 1,69 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 66,02 Gb Free Space | 66,02% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 117,77 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: S-PC | User Name: S | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.19 00:27:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.05.14 22:29:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.05.21 13:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.19 03:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.07.31 18:45:45 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.27 20:57:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.22 13:37:38 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dsl-start.computerbild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.comhxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.comhxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://dsl-start.computerbild.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "InnoGames Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&q="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4001
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 4001
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4001
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 4001
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.14 22:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.08.16 13:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Extensions
[2011.08.29 11:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2011.08.29 11:05:44 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2011.08.29 11:05:42 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2011.08.29 11:05:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.08.29 11:05:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.08.29 11:05:49 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2011.08.29 11:05:48 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
[2012.08.17 14:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\vvbkh38v.default\extensions
[2012.08.06 09:55:23 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\S\AppData\Roaming\mozilla\Firefox\Profiles\vvbkh38v.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2012.08.11 19:25:01 | 000,000,853 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\11-suche.xml
[2012.04.25 00:29:20 | 000,000,921 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\conduit.xml
[2012.08.11 19:25:01 | 000,002,209 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\englische-ergebnisse.xml
[2012.08.11 19:25:00 | 000,010,506 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\gmx-suche.xml
[2012.08.11 19:25:01 | 000,002,368 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\lastminute.xml
[2012.08.11 19:25:00 | 000,005,489 | ---- | M] () -- C:\Users\S\AppData\Roaming\Mozilla\Firefox\Profiles\vvbkh38v.default\searchplugins\webde-suche.xml
[2012.08.02 10:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.08.02 10:01:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.17 14:36:04 | 000,195,972 | ---- | M] () (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VVBKH38V.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012.08.11 19:24:41 | 000,526,409 | ---- | M] () (No name found) -- C:\USERS\S\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VVBKH38V.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.05.14 22:29:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [GraphicsSwitch] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [zavsagldfzmbxnj] C:\ProgramData\zavsagld.exe ()
O4 - Startup: C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A093ABBC-9B80-4CC7-8984-6ED87E78F92C}: DhcpNameServer = 192.129.28.9 10.11.0.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7183008-71F4-4807-BE20-89E5D5E2F77C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA3F77F3-5849-46BC-BD02-F36D05AEE2BD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a80213ec-bb90-11e0-ba5f-bcaec541d004}\Shell - "" = AutoRun
O33 - MountPoints2\{a80213ec-bb90-11e0-ba5f-bcaec541d004}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{a80213ec-bb90-11e0-ba5f-bcaec541d004}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.01 15:52:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.08.19 00:27:32 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.08.19 00:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.18 23:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\qnluopfrfkhsefg
[2012.08.18 10:43:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.17 21:37:24 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\Avira
[2012.08.17 21:30:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.08.17 21:30:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.08.17 21:30:53 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.08.17 21:30:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.08.17 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.17 21:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.15 18:13:28 | 000,000,000 | ---D | C] -- C:\Users\S\Documents\Therapiemotivation
[2012.08.13 22:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.08.12 21:23:54 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Local\SoftGrid Client
[2012.08.12 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\SoftGrid Client
[2012.08.12 21:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.08.12 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.08.12 21:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012.08.06 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.08.06 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\WindSolutions
[2012.08.06 18:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.08.02 10:01:34 | 000,000,000 | ---D | C] -- C:\Users\S\AppData\Roaming\Skype
[2012.08.02 10:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.02 10:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.08.02 10:01:11 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.08.02 10:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.08.02 09:59:48 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\S\Documents\SkypeSetup.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.19 00:27:32 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\S\Desktop\OTL.exe
[2012.08.19 00:26:36 | 000,000,156 | ---- | M] () -- C:\Users\S\defogger_reenable
[2012.08.19 00:26:09 | 000,050,477 | ---- | M] () -- C:\Users\S\Desktop\Defogger.exe
[2012.08.19 00:22:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.08.19 00:22:33 | 804,610,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 00:20:41 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 00:20:41 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 00:12:03 | 000,001,084 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.18 23:29:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\njfxbyhejxmllqw
[2012.08.18 23:29:29 | 000,057,344 | ---- | M] () -- C:\ProgramData\zavsagld.exe
[2012.08.18 23:29:29 | 000,057,344 | ---- | M] () -- C:\Users\S\0.48882446010349323.exe
[2012.08.18 19:59:01 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.18 08:57:42 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.08.18 08:57:42 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.08.18 08:57:42 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.08.18 08:57:42 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.08.17 23:45:13 | 000,088,287 | ---- | M] () -- C:\Users\S\Documents\Statistik.pdf
[2012.08.17 22:35:56 | 000,827,058 | ---- | M] () -- C:\Users\S\Documents\Grange, Jean-Christophe - Der Ursprung des Boesen.epub
[2012.08.17 22:32:47 | 003,392,492 | ---- | M] () -- C:\Users\S\Documents\Laudan, Andreas - Das Geflecht.epub
[2012.08.17 19:40:47 | 090,199,272 | ---- | M] () -- C:\Users\S\Documents\avira_free_antivirus_de.exe
[2012.08.17 12:36:59 | 000,762,986 | ---- | M] () -- C:\Users\S\Documents\Schmid, Michael - Fragmente des Wahns.epub
[2012.08.15 21:21:15 | 000,009,120 | ---- | M] () -- C:\Users\S\Documents\text.html
[2012.08.15 18:14:22 | 000,346,938 | ---- | M] () -- C:\Users\S\Documents\Berufliche Belastungen und.pdf
[2012.08.15 18:01:26 | 000,287,136 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.08.15 17:56:15 | 000,606,476 | ---- | M] () -- C:\Users\S\Documents\Hayes, Sam - Der fremde Sohn.epub
[2012.08.13 23:15:01 | 000,385,965 | ---- | M] () -- C:\Users\S\Documents\Fielding, Joy - Das Herz des Boesen.epub
[2012.08.12 22:35:52 | 000,829,969 | ---- | M] () -- C:\Users\S\Documents\Bottini, Oliver - Im Auftrag der Vaeter.epub
[2012.08.12 22:33:26 | 000,329,711 | ---- | M] () -- C:\Users\S\Documents\Smith, Mark Allen - Der Spezialist.epub
[2012.08.12 22:31:09 | 002,388,285 | ---- | M] () -- C:\Users\S\Documents\Williams, Amanda Kyle - Cut.epub
[2012.08.11 10:48:56 | 000,368,529 | ---- | M] () -- C:\Users\S\Documents\Banks, Maya - KGI - Dunkle Stunde.epub
[2012.08.11 10:41:43 | 000,459,323 | ---- | M] () -- C:\Users\S\Documents\Krist, Martin - Die Maedchenwiese.epub
[2012.08.10 19:39:58 | 000,432,629 | ---- | M] () -- C:\Users\S\Documents\Novak, Brenda - Watch Me - Blutige Spur.epub
[2012.08.09 16:11:52 | 000,586,952 | ---- | M] () -- C:\Users\S\Documents\AntiBundestrojaner_Globell_V_1_3_3.zip
[2012.08.07 17:26:59 | 000,025,316 | ---- | M] () -- C:\Users\S\Documents\Unbenannt 1.odt
[2012.08.07 17:03:25 | 034,909,420 | ---- | M] () -- C:\Users\S\Documents\3831719829ii.pdf
[2012.08.07 16:58:26 | 000,024,803 | ---- | M] () -- C:\Users\S\Documents\Unbenannt 1.pdf
[2012.08.06 22:52:25 | 000,174,900 | ---- | M] () -- C:\Users\S\Documents\Angelique, Pule - Ich schau dir zu.epub
[2012.08.06 22:50:41 | 000,350,702 | ---- | M] () -- C:\Users\S\Documents\Kent, Alison - Gewagte Spiele.epub
[2012.08.03 17:46:30 | 000,370,926 | ---- | M] () -- C:\Users\S\Documents\Kava, Alex - Knochenpfade.epub
[2012.08.02 09:59:48 | 000,946,352 | ---- | M] (Skype Technologies S.A.) -- C:\Users\S\Documents\SkypeSetup.exe
[2012.07.30 19:56:21 | 000,001,791 | ---- | M] () -- C:\Users\S\Desktop\Opera.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2030.01.01 15:52:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.08.19 00:26:35 | 000,000,156 | ---- | C] () -- C:\Users\S\defogger_reenable
[2012.08.19 00:26:09 | 000,050,477 | ---- | C] () -- C:\Users\S\Desktop\Defogger.exe
[2012.08.18 23:29:47 | 000,057,344 | ---- | C] () -- C:\ProgramData\zavsagld.exe
[2012.08.18 23:29:33 | 000,000,051 | ---- | C] () -- C:\ProgramData\njfxbyhejxmllqw
[2012.08.18 23:29:29 | 000,057,344 | ---- | C] () -- C:\Users\S\0.48882446010349323.exe
[2012.08.17 23:45:13 | 000,088,287 | ---- | C] () -- C:\Users\S\Documents\Statistik.pdf
[2012.08.17 22:35:56 | 000,827,058 | ---- | C] () -- C:\Users\S\Documents\Grange, Jean-Christophe - Der Ursprung des Boesen.epub
[2012.08.17 22:32:38 | 003,392,492 | ---- | C] () -- C:\Users\S\Documents\Laudan, Andreas - Das Geflecht.epub
[2012.08.17 19:38:21 | 090,199,272 | ---- | C] () -- C:\Users\S\Documents\avira_free_antivirus_de.exe
[2012.08.17 12:36:57 | 000,762,986 | ---- | C] () -- C:\Users\S\Documents\Schmid, Michael - Fragmente des Wahns.epub
[2012.08.15 21:21:14 | 000,009,120 | ---- | C] () -- C:\Users\S\Documents\text.html
[2012.08.15 18:14:22 | 000,346,938 | ---- | C] () -- C:\Users\S\Documents\Berufliche Belastungen und.pdf
[2012.08.15 17:56:09 | 000,606,476 | ---- | C] () -- C:\Users\S\Documents\Hayes, Sam - Der fremde Sohn.epub
[2012.08.13 23:08:46 | 000,385,965 | ---- | C] () -- C:\Users\S\Documents\Fielding, Joy - Das Herz des Boesen.epub
[2012.08.12 22:34:08 | 000,829,969 | ---- | C] () -- C:\Users\S\Documents\Bottini, Oliver - Im Auftrag der Vaeter.epub
[2012.08.12 22:32:16 | 000,329,711 | ---- | C] () -- C:\Users\S\Documents\Smith, Mark Allen - Der Spezialist.epub
[2012.08.12 22:18:19 | 002,388,285 | ---- | C] () -- C:\Users\S\Documents\Williams, Amanda Kyle - Cut.epub
[2012.08.11 10:42:27 | 000,368,529 | ---- | C] () -- C:\Users\S\Documents\Banks, Maya - KGI - Dunkle Stunde.epub
[2012.08.11 10:40:00 | 000,459,323 | ---- | C] () -- C:\Users\S\Documents\Krist, Martin - Die Maedchenwiese.epub
[2012.08.10 19:38:31 | 000,432,629 | ---- | C] () -- C:\Users\S\Documents\Novak, Brenda - Watch Me - Blutige Spur.epub
[2012.08.09 16:10:28 | 000,586,952 | ---- | C] () -- C:\Users\S\Documents\AntiBundestrojaner_Globell_V_1_3_3.zip
[2012.08.07 17:26:57 | 000,025,316 | ---- | C] () -- C:\Users\S\Documents\Unbenannt 1.odt
[2012.08.07 17:03:12 | 034,909,420 | ---- | C] () -- C:\Users\S\Documents\3831719829ii.pdf
[2012.08.07 16:58:22 | 000,024,803 | ---- | C] () -- C:\Users\S\Documents\Unbenannt 1.pdf
[2012.08.06 22:52:24 | 000,174,900 | ---- | C] () -- C:\Users\S\Documents\Angelique, Pule - Ich schau dir zu.epub
[2012.08.06 22:50:41 | 000,350,702 | ---- | C] () -- C:\Users\S\Documents\Kent, Alison - Gewagte Spiele.epub
[2012.08.03 17:46:29 | 000,370,926 | ---- | C] () -- C:\Users\S\Documents\Kava, Alex - Knochenpfade.epub
[2012.07.30 19:56:21 | 000,001,791 | ---- | C] () -- C:\Users\S\Desktop\Opera.lnk
[2011.08.16 13:11:56 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011.07.31 09:48:02 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2011.07.31 09:47:31 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.07.31 09:43:27 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011.07.31 09:43:27 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011.07.21 18:46:57 | 021,073,936 | ---- | C] () -- C:\Users\S\vlc-1.1.11-win32.exe
[2011.07.15 17:29:24 | 000,438,323 | ---- | C] () -- C:\Users\S\FLT_VHC7CN1061_0.pdf
[2011.06.23 13:00:02 | 001,532,839 | ---- | C] () -- C:\Users\S\Selbsthilfebuch.pdf
[2011.04.08 23:04:42 | 001,632,911 | ---- | C] () -- C:\Users\S\Franz Petermann & Sandra Winkel - Selbstverletzendes Verhalten.pdf
[2011.01.22 17:20:47 | 000,266,885 | ---- | C] () -- C:\Users\S\reader.pdf
[2010.11.11 23:52:41 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.11.11 23:52:41 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.11.11 23:49:23 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.11.11 23:46:56 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.11.11 23:45:47 | 000,000,399 | ---- | C] () -- C:\windows\Reboot.ini
[2010.11.11 23:42:08 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
 
========== LOP Check ==========
 
[2010.11.12 00:14:04 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ASUS WebStorage
[2012.01.09 00:07:56 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\calibre
[2012.05.17 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\DAEMON Tools Lite
[2012.03.11 00:11:21 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\FileZilla
[2012.05.17 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\ICQ
[2012.02.20 22:56:01 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\JonDo
[2012.05.12 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Lern-o-Mat
[2011.08.27 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\OpenOffice.org
[2012.02.22 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Opera
[2012.08.18 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\SoftGrid Client
[2012.05.17 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Spotify
[2011.08.19 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Sync App Settings
[2012.08.12 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\TP
[2011.08.16 14:05:40 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Trillian
[2011.08.31 09:18:39 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\Windows Live Writer
[2012.08.06 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\S\AppData\Roaming\WindSolutions
[2012.08.11 22:02:59 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.08.19 00:10:09 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʒ
[2012.08.19 00:10:09 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʒ
[2011.07.31 09:48:25 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʝ
[2011.07.31 09:48:25 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʝ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E22BBE8

< End of report >
Und hier laut dem Schritt noch GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-19 09:34:09
Windows 6.1.7601 Service Pack 1 
Running: o7ixnein.exe; Driver: C:\Users\S\AppData\Local\Temp\pxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         824773C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           824B0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004c                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \FileSystem\fastfat \Fat                                                                         81D25130

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab1478                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbf85b9                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbf85b9@88c663cccd47         0xEE 0xFD 0x03 0x77 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab1478 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbf85b9 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbf85b9@88c663cccd47             0xEE 0xFD 0x03 0x77 ...

---- EOF - GMER 1.0.15 ----
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.19.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
S :: S-PC [Administrator]

19.08.2012 09:47:44
mbam-log-2012-08-19 (09-47-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322360
Laufzeit: 42 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\S\0.48882446010349323.exe (Exploit.Drop.UR.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Infizierte Datei im Malwarebytes gelöscht, neugestartet.
Dann AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/19/2012 at 10:44:49
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : S - S-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\S\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

-\\ Opera v12.1.1532.0

*************************

AdwCleaner[R1].txt - [650 octets] - [19/08/2012 10:44:49]

########## EOF - C:\AdwCleaner[R1].txt - [777 octets] ##########

Alt 19.08.2012, 17:55   #2
t'john
/// Helfer-Team
 
Ihr Computer wurde gesperrt - Bundespolizei - Standard

Ihr Computer wurde gesperrt - Bundespolizei




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultthis.engineName: "InnoGames Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://web.de/" 
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2682599&q=" 
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.ftp_port: 4001 
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.socks_port: 4001 
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" 
FF - prefs.js..network.proxy.backup.ssl_port: 4001 
FF - prefs.js..network.proxy.ftp: "127.0.0.1" 
FF - prefs.js..network.proxy.ftp_port: 4001 
FF - prefs.js..network.proxy.http: "127.0.0.1" 
FF - prefs.js..network.proxy.http_port: 4001 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "127.0.0.1" 
FF - prefs.js..network.proxy.socks_port: 4001 
FF - prefs.js..network.proxy.ssl: "127.0.0.1" 
FF - prefs.js..network.proxy.ssl_port: 4001 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O4 - HKCU..\Run: [zavsagldfzmbxnj] C:\ProgramData\zavsagld.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{a80213ec-bb90-11e0-ba5f-bcaec541d004}\Shell - "" = AutoRun 
O33 - MountPoints2\{a80213ec-bb90-11e0-ba5f-bcaec541d004}\Shell\AutoRun\command - "" = F:\autorun.exe 
 
[2012.08.18 23:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\qnluopfrfkhsefg 

[2012.08.18 23:29:47 | 000,000,051 | ---- | M] () -- C:\ProgramData\njfxbyhejxmllqw 
[2012.08.18 23:29:29 | 000,057,344 | ---- | M] () -- C:\ProgramData\zavsagld.exe 
[2012.08.18 23:29:29 | 000,057,344 | ---- | M] () -- C:\Users\S\0.48882446010349323.exe 

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:A724744F 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E22BBE8 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 29.09.2012, 20:53   #3
t'john
/// Helfer-Team
 
Ihr Computer wurde gesperrt - Bundespolizei - Standard

Ihr Computer wurde gesperrt - Bundespolizei


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________
Antwort

Themen zu Ihr Computer wurde gesperrt - Bundespolizei
100€ zahlen, 32 bit, 7-zip, adblock, adwcleaner, aufeinmal, auftrag, bingbar, brauch, bundespolizei, compu, computer, computer wurde gesperrt, erschein, erscheint, forum, gefunde, gesperrt, google, ihr computer wurde gesperrt, install.exe, locker, microsoft office starter 2010, neu, nichts, plug-in, seite, super, windows 7 starter, wrapper, zahlen


« Computer lässt sich nicht mehr booten. | Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt" »


Ähnliche Themen: Ihr Computer wurde gesperrt - Bundespolizei


  1. Ihr Computer wurde automatisch gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  2. Ihr Computer wurde gesperrt - Bundespolizei - UKASH
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (22)
  3. Bundespolizei Virus:Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (13)
  4. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (6)
  5. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  6. Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (51)
  7. Computer wurde gesperrt von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  8. Bundespolizei- Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (7)
  9. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 22.08.2012 (12)
  10. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  11. BUNDESPOLIZEI / Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (31)
  12. Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 20.07.2012 (9)
  13. Ihr Computer wurde gesperrt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (5)
  14. Bundespolizei - Computer wurde gesperrt
    Log-Analyse und Auswertung - 09.07.2012 (1)
  15. Bundespolizei - Ihr Computer wurde gesperrt, Ukash
    Log-Analyse und Auswertung - 06.07.2012 (32)
  16. Ihr computer wurde gesperrt - bundespolizei - ukash
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  17. BUNDESPOLIZEI - Ihr Computer wurde gesperrt
    Anleitungen, FAQs & Links - 29.05.2012 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ihr Computer wurde gesperrt - Bundespolizei - Hallo, das ist alles neu für mich und ich hab das Forum über google gefunden. Ich hab gerad ne Seite geöffnet und dann ging aufeinmal nichts mehr. Jetzt erscheint mir - Ihr Computer wurde gesperrt - Bundespolizei...
Archiv
Du betrachtest: Ihr Computer wurde gesperrt - Bundespolizei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19