Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Computer gesperrt durch Bundespolizei-Trojaner

Computer gesperrt durch Bundespolizei-Trojaner


Plagegeister aller Art und deren Bekämpfung: Computer gesperrt durch Bundespolizei-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.10.2012, 17:39   #1
ChrissiNash
 
Computer gesperrt durch Bundespolizei-Trojaner - Standard

Computer gesperrt durch Bundespolizei-Trojaner


Hallo zusammen.

Irgendwann mußte das ja passieren. Habe mir den Bundespolizei-Trojaner eingefangen

Konnte meinen Laptop (Windows 7, 64 bit) nur noch im abgesicherten Modus starten. Habe mir brav Malwarebytes Anti-Malware runtergeladen, diese aktualisiert und einen Komplett-Scan durchlaufen lassen. Ich konnte die Funde allerdings weder löschen noch in Quarantäne stecken wie bei euch beschrieben. Ich nehme an das liegt daran das ich keinen productkey eingeben konnte da ich das Programm ja nicht gekauft habe.
Komisch ist das drei Funde angezeigt wurden jedoch in der Log-Datei von nur 2 Funden berichtet wird. Der Dritte ist dann wohl der „Infizierte Registrierungswert“, oder?

Dann habe ich OTL runtergeladen und auf dem Desktop gespeichert, als Administrator durchgeführt, alles angeklickt was in Eurer Bilderanleitung angegeben war und Scan laufen lassen.

Anbei die drei Dateien. Und nun ?

1)
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.07.03

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Janine :: LAPTOP [Administrator]

07.10.2012 17:18:30
mbam-log-2012-10-07 (18-08-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368582
Laufzeit: 41 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dsyzkklcbeughug (Trojan.Winlock) -> Daten: C:\ProgramData\dsyzkklc.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\dsyzkklc.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.
C:\Users\Janine\AppData\Local\Temp\dRXXNsy.exe (Trojan.Winlock) -> Keine Aktion durchgeführt.


2)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.10.2012 18:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Janine\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 75,17% Memory free
5,92 Gb Paging File | 5,34 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,13 Gb Total Space | 59,30 Gb Free Space | 43,89% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 97,18 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Office 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Office 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\OFFICE~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C936CF-BC94-4C12-9975-262028024841}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{03F7FE8F-8A74-4F45-B757-E16B3AEB1BB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{057E6A2C-F461-481F-88E6-5B0A5246A509}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1175B687-4B47-43B8-B98C-34253DA1C65A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17AE2DB8-063F-41CA-8EC6-B6C508F2B67B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{1B9CB1E8-6675-4CAC-A40A-F5A46178AA2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E37A435-06F9-4839-AB52-CF1C61F51921}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{238F83AB-DCA6-4B30-950B-BF8122AA1F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{323CD390-6227-4660-A4BE-72495D2B8A24}" = rport=137 | protocol=17 | dir=out | app=system | 
"{32CBAEDA-06F9-46A1-B280-6B1B372520E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37F656BD-B9CA-4B18-AA32-6BC97AC6F31D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B91559E-6E5F-448E-AF69-07C987BFA51D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4417189B-758F-4837-9836-5F7E1DCBB21D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{460088C0-AE6A-4351-98D9-E7121C9DBC77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{52867018-106E-48B2-8563-A74FF9931523}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{57FFA438-F23B-439D-A6C3-1A9E5B8F83A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5989FCA0-798C-4A81-A0BC-464E57F12DE2}" = lport=6004 | protocol=17 | dir=in | app=c:\office 2007\office12\outlook.exe | 
"{5E874F6B-D468-4CA6-B1CC-E4BDBBA77E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F491489-1148-4F66-BDC0-9C45BF4C6902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71DB02E1-AA9F-477A-B667-2819CC8E84E3}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{77273EFA-EF95-4D50-BBC9-51E40EA21C7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7BC61BD4-B11E-4F4F-B10B-0BB72D37128B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86CFD314-D87E-4CE5-A53D-3152B2A0CF4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9A6FD918-F206-4AB2-BE47-E2401720B0B3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9AB32541-9C47-432E-B70D-BE324880B083}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EB859FF-52F8-4253-9E87-53F568A725E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A017DCC1-D1CA-4C60-81C7-C158D817C2E3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A670CA15-D375-44B7-A8F3-61277621CC45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7F94692-D08C-4BF3-9123-A0C80531FEBC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BD28E3B5-BAE1-46D5-B04E-A04A02A9ED8E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C1B3CC65-2F52-406F-98F2-ECE06558BC62}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C2DEFACA-89E2-467F-9B47-F6C1F1FB7586}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C9129C36-ACDE-4B00-93A4-18561F7882F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCDAED6D-624C-487C-A255-94B9C46CBD2A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{E19DCEF6-AD23-44CC-AE8A-1A9AA5576069}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E4A86073-61A0-41E0-903F-7DE2F8CA32EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EFF935-7974-4CBF-9F2A-284AD734BC63}" = protocol=17 | dir=in | app=c:\program files (x86)\spellforce2.exe | 
"{0A6D8470-F746-4CD1-9D91-370AD9C9A322}" = protocol=6 | dir=in | app=c:\program files (x86)\spellforce2.exe | 
"{0B5FF1C6-F3C5-4684-8717-1F60ABD3B2DF}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{121A6A6E-8E55-4764-9EBE-4683627D926F}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{220C4127-C7B9-4CC3-8F96-64E90CC7292D}" = protocol=6 | dir=in | app=c:\office 2007\office12\onenote.exe | 
"{29FA81F1-34EB-4156-BD15-340DB885D827}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DADBFB3-DBEF-40C9-AE42-E08695EA8261}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2DDC3460-3856-417F-AA96-6532C4AC0C81}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{35170712-5292-4C01-A981-6D74BCEE158D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DB55FF8-F7CE-42F6-89BD-8BF190662509}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{44AD7E98-8E63-4675-A0F6-7CBB618BA8B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{48ED5C35-D26F-4245-80AA-27A5F66620DC}" = protocol=17 | dir=in | app=c:\office 2007\office12\onenote.exe | 
"{5DE279E0-F105-49B2-9155-E675B71A6104}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{69FDD781-2633-4C52-8A85-E5EAEE83FF0C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6B68CE46-A1BC-4146-8BC9-9996B5F915C1}" = protocol=6 | dir=in | app=d:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"{6CE7A276-9CD6-4BDA-A05C-A678B272C151}" = protocol=6 | dir=in | app=c:\office 2007\office12\groove.exe | 
"{75321078-60D2-4B5D-A04C-0C71551BEAE0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{75D25755-58B0-47C9-83C3-E63A6C731743}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C857511-611D-4D95-9296-2CC4B8B01FC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{843FAB44-453C-4FE8-AD10-BB736C0806F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8ADF9E56-D4CC-42BA-B74E-63ABDAEB276F}" = protocol=17 | dir=in | app=c:\program files (x86)\cultures\cultures.exe | 
"{96FF0634-E571-484A-BBDD-6A05316E0836}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A2257288-E100-45FA-9FF1-3D9ACF686B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{AA02210D-268C-4B2C-A649-804E48787893}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B324C24C-1CDC-4B43-A7E8-AE1E3032E408}" = protocol=17 | dir=in | app=d:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"{B3275F1F-D4DE-4F0B-8D32-3BFB354A58C4}" = protocol=6 | dir=in | app=c:\program files (x86)\cultures\cultures.exe | 
"{B403781E-1201-4806-9474-7EDF77B21930}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B7A3D401-6069-40AA-8A2C-EFC0E4FECD7E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAB316E9-ECB2-4311-8923-8F048A398AF2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C802AD5F-8A56-4811-B144-72EC48B393DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9FE538D-4572-4470-B9EB-002C2B4B03C4}" = protocol=6 | dir=out | app=system | 
"{DCD3411E-9846-4E9C-9F45-E1063A222769}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8549E98-BAE0-472B-92D5-2DBC587C494C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EE621DC4-E802-460E-B4D1-978A296FA7EA}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{F3C5F8F7-0C0B-4E13-8EC4-1774113253CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F6846385-1CEC-4BE0-AD9E-F375235497E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F73640C3-FF36-443C-B122-7FDB8E5D0E0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FA1076C8-FD94-4C9A-BCA8-67AC1F00264F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FB9272D9-2EB3-4DE5-91EB-D23AE14D3968}" = protocol=17 | dir=in | app=c:\office 2007\office12\groove.exe | 
"TCP Query User{31EFABD3-8876-47E4-8C3C-0803C2E5A9C5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{3D24102B-8639-449F-B88F-7DE9701DB4F6}C:\program files (x86)\spellforce2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spellforce2.exe | 
"TCP Query User{3E11C75A-5EDC-4EC3-887A-CA6FB1EBDEF4}C:\program files (x86)\spss\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spss\jre\bin\javaw.exe | 
"TCP Query User{4BEA3155-3509-4756-AD00-C659281E685D}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{4F595769-E103-4724-9463-7911030122E5}C:\program files (x86)\logitech\vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe | 
"TCP Query User{68DF0E62-CEA7-424D-AA9E-25316F79FB6E}C:\program files (x86)\cultures\cultures.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cultures\cultures.exe | 
"TCP Query User{732432A0-FC97-418B-A6B2-CA36D49A34DF}C:\program files (x86)\spss\stats.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spss\stats.exe | 
"TCP Query User{7CBB57CA-42D1-463A-B70D-DCE0632F0042}D:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=d:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{89CB5E95-EC2F-47ED-8E53-B5CBF45037CA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B39339BE-0AE2-48DE-A982-F4EBD3E30759}D:\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=6 | dir=in | app=d:\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe | 
"TCP Query User{C08EE2DA-DF78-496E-8202-4638E20B4E7D}C:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the guild 2 - renaissance\guildii.exe | 
"TCP Query User{CF928C44-0EA8-41A6-9279-0EE66336CB5B}C:\program files (x86)\spss\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spss\jre\bin\javaw.exe | 
"TCP Query User{D778EDFF-25D2-4EAD-B943-E99043E217E2}C:\program files (x86)\spellforce 2\spellforce2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spellforce 2\spellforce2.exe | 
"TCP Query User{FF648421-39F4-4E60-B631-D06427443B21}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{1CDA5C73-2D8C-4C34-A593-6C0D66CBF039}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{26E2AA73-1E57-4C36-8922-D724B69370D7}C:\program files (x86)\spellforce 2\spellforce2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spellforce 2\spellforce2.exe | 
"UDP Query User{2860B4C6-4905-40B4-8098-111EB6DB8E50}C:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the guild 2 - renaissance\guildii.exe | 
"UDP Query User{42BD1237-EEEA-40D4-B5B9-0898FD7F4692}C:\program files (x86)\logitech\vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe | 
"UDP Query User{4950D01B-F77D-41CE-9C21-2068CDEB54D2}D:\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=d:\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{81467AC4-DDA6-43F5-A1EF-FD763EBDB6EE}C:\program files (x86)\spss\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spss\jre\bin\javaw.exe | 
"UDP Query User{8DA0FCCC-F308-4BDE-AA29-765BA8858EFE}C:\program files (x86)\spellforce2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spellforce2.exe | 
"UDP Query User{A4842C22-BA23-41C0-A119-C0EBC20644AA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CE22EBFB-9934-4066-9417-8DA86A3C5D36}C:\program files (x86)\cultures\cultures.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cultures\cultures.exe | 
"UDP Query User{CEAD5EC7-0224-4096-B108-1C700ACC5CF7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{E43490A5-C4CC-4D53-9282-0A5510EFFFD4}C:\program files (x86)\spss\stats.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spss\stats.exe | 
"UDP Query User{E85F6C1E-62CD-4559-B05D-DEE3A32D5DD0}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{EE90F99C-EB34-47C7-AC33-6702D4A51F74}D:\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe" = protocol=17 | dir=in | app=d:\die siedler - das erbe der könige - gold edition\extra1\bin\settlershok.exe | 
"UDP Query User{F9F9B04B-6091-4A6F-B626-538607F7B5F2}C:\program files (x86)\spss\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spss\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC19A2BC-9698-430E-AD50-456B837B1BCD}" = GoGear SA018 Device Manager
"{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Huawei Modems" = Huawei modem
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"SpellForce" = SpellForce
"ULTIMATER" = Microsoft Office Ultimate 2007
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2012 11:17:08 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.09.2012 13:01:40 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.09.2012 08:51:50 | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.4518.1014 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 718    Startzeit: 01cd972ea021829e    Endzeit: 5070    Anwendungspfad:
 C:\Office 2007\Office12\WINWORD.EXE    Berichts-ID: eb7df712-0321-11e2-816e-a4badbb4fcb1

 
Error - 20.09.2012 15:44:52 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.09.2012 10:13:10 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 23.09.2012 05:11:05 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.09.2012 07:57:24 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.09.2012 07:54:04 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.10.2012 14:41:15 | Computer Name = Laptop | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 159c    Startzeit: 01cd9fffb1b29309    Endzeit: 96    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 05.10.2012 03:08:15 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgnt.exe, Version: 10.0.13.18, Zeitstempel:
 0x4beab9be  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001528e  ID des fehlerhaften Prozesses:
 0xf34  Startzeit der fehlerhaften Anwendung: 0x01cda2c82ed067ff  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 6de20149-0ebb-11e2-aacd-a4badbb4fcb1
 
Error - 05.10.2012 10:09:03 | Computer Name = Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\heroes of might and magic 6 demo\might & magic heroes vi - game official 
demo\OffscreenGecko.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 07.10.2012 12:15:19 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:15:31 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:15:31 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:15:31 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:17:39 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:17:39 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:17:39 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:20:45 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:20:45 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 07.10.2012 12:20:45 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
  
< End of report >
--- --- ---

3)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.10.2012 18:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Janine\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 75,17% Memory free
5,92 Gb Paging File | 5,34 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,13 Gb Total Space | 59,30 Gb Free Space | 43,89% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 97,18 Gb Free Space | 99,51% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Janine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Office 2007\Office12\WINWORD.EXE (Microsoft Corporation)
  
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
 
 ========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Office 2007\Office12\GrooveAuditService.exe (Microsoft Corporation)
  
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
  
========== Standard Registry (SafeList) ==========
  
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.freemail.de/
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 1F CE B1 78 CF CB 01  [binary data]
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\..\SearchScopes,DefaultScope = {081EDB05-CF54-4D64-97EC-8F4C38EDBB41}
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\..\SearchScopes\{081EDB05-CF54-4D64-97EC-8F4C38EDBB41}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\..\SearchScopes\{576FFF45-E126-4CC6-A3AB-674BFD27188D}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-1110527559-201205940-1175240766-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.freemail.de"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.06.19 13:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Firefox\components [2012.09.24 19:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
 
[2011.02.18 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Extensions
[2012.09.24 19:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Firefox\Profiles\b0p8d396.default\extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Office 2007\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1110527559-201205940-1175240766-1001..\Run: [dsyzkklcbeughug] C:\ProgramData\dsyzkklc.exe ()
O4 - HKU\S-1-5-21-1110527559-201205940-1175240766-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1110527559-201205940-1175240766-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1110527559-201205940-1175240766-1001..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Avira\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Janine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Janine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43495467-B1DE-4B94-914D-F7370F5A0146}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC75D58-5A71-44AA-8785-154518C429C8}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Office 2007\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Office 2007\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{151a383e-acb6-11e0-aa7c-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{151a383e-acb6-11e0-aa7c-a4badbb4fcb1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{151a384c-acb6-11e0-aa7c-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{151a384c-acb6-11e0-aa7c-a4badbb4fcb1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{3c0175c4-703f-11e1-88a8-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{3c0175c4-703f-11e1-88a8-001e101fb681}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{837e513d-0558-11e1-a615-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{837e513d-0558-11e1-a615-a4badbb4fcb1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{91d7eb7a-ef5b-11e0-aaeb-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{91d7eb7a-ef5b-11e0-aaeb-a4badbb4fcb1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{91d7ec8e-ef5b-11e0-aaeb-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{91d7ec8e-ef5b-11e0-aaeb-a4badbb4fcb1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{de16ce55-3b5e-11e0-aea5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de16ce55-3b5e-11e0-aea5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoRcd.exe
O33 - MountPoints2\{ea24385d-f7cf-11e0-86df-a4badbb4fcb1}\Shell - "" = AutoRun
O33 - MountPoints2\{ea24385d-f7cf-11e0-86df-a4badbb4fcb1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 17:25:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.10.07 17:13:07 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Malwarebytes
[2012.10.07 17:12:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.07 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.07 16:31:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.10.07 16:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ihorcbhubfdrssf
[2012.10.06 11:21:43 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Avira
[2012.10.06 11:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.06 11:16:14 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.06 11:16:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.06 11:16:13 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.06 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.06 11:03:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.06 10:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.06 10:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.06 10:18:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.03 19:03:40 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Ziwo
[2012.10.03 19:03:40 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Ozrewe
[2012.10.03 19:03:40 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Duibh
[2012.09.24 19:14:19 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.24 19:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.09.22 22:47:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.22 22:47:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.22 22:47:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.22 22:47:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.22 22:47:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.22 22:47:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.22 22:47:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.22 22:47:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.22 22:47:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.22 22:47:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.22 22:47:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.22 22:47:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.22 22:47:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.22 22:47:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.22 22:47:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 17:25:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe
[2012.10.07 17:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 17:03:48 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.07 16:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.07 16:39:58 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 16:39:58 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 16:31:44 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2012.10.07 16:22:47 | 000,076,360 | ---- | M] () -- C:\ProgramData\hpaongphdqeedjp
[2012.10.07 16:22:42 | 000,103,424 | ---- | M] () -- C:\ProgramData\dsyzkklc.exe
[2012.10.06 11:12:16 | 000,411,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.05 10:56:29 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.05 10:56:29 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.05 10:56:29 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.05 10:56:29 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.05 10:56:29 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.25 09:20:32 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.25 09:20:32 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.09.13 15:52:59 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.07 16:31:44 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012.10.07 16:22:47 | 000,103,424 | ---- | C] () -- C:\ProgramData\dsyzkklc.exe
[2012.10.07 16:22:42 | 000,076,360 | ---- | C] () -- C:\ProgramData\hpaongphdqeedjp
[2012.09.25 09:20:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.24 19:17:17 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.13 22:45:43 | 000,003,584 | ---- | C] () -- C:\Users\Janine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.05 16:27:12 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011.07.06 14:33:07 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.06.16 11:08:40 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.03 20:08:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.13 12:46:45 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011.04.13 12:46:45 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011.04.13 12:46:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2011.04.13 12:46:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2011.04.13 12:46:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2011.04.13 12:46:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2011.04.13 12:45:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.04.13 12:45:49 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.23 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\calibre
[2012.10.05 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Duibh
[2012.09.24 19:14:57 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\DVDVideoSoft
[2012.09.24 19:14:19 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.03 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Leadertech
[2012.10.05 09:40:01 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Ozrewe
[2011.07.01 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Samsung
[2011.06.19 13:54:30 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Swiss Academic Software
[2011.07.03 09:06:41 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Temp
[2012.10.03 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\Janine\AppData\Roaming\Ziwo
 
========== Purity Check ==========
 
< End of report >
--- --- ---
 

Themen zu Computer gesperrt durch Bundespolizei-Trojaner
avira, bho, bonjour, computer, converter, desktop, error, excel, firefox, flash player, google, helper, home, iexplore.exe, install.exe, log-datei, logfile, mozilla, mp3, office 2007, plug-in, programm, registry, security, senden, server, software, svchost.exe, windows


« T-Online meldet Infektion mit Torpig/Sinowal und Mebroot - 3 PCs, welcher hats? | Fund: Trojan.Ransom.Gen und Roper0dun.exe Fehlermeldung beim Start von Windows »


Ähnliche Themen: Computer gesperrt durch Bundespolizei-Trojaner


  1. hp computer durch interpol Trojaner gesperrt
    Log-Analyse und Auswertung - 20.09.2014 (1)
  2. Computer gesperrt durch Interpol Trojaner
    Log-Analyse und Auswertung - 01.04.2014 (1)
  3. Win 8 Browser durch Bundespolizei(Trojaner?) gesperrt, was tun ?
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (1)
  4. Computer gesperrt durch Trojaner - Interpol
    Log-Analyse und Auswertung - 07.10.2013 (15)
  5. Trojaner - Computer gesperrt, Meldung angeblich von der Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (27)
  6. computer gesperrt durch bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (2)
  7. Bundespolizei Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (30)
  8. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Log-Analyse und Auswertung - 03.11.2012 (16)
  9. Trojaner: Ihr Computer wurde gesperrt Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (10)
  10. Computer gesperrt durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (35)
  11. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  12. Computer gesperrt durch Bundespolizei
    Log-Analyse und Auswertung - 06.09.2012 (8)
  13. Ihr Computer wurde gesperrt - Bundespolizei Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (10)
  14. Computer gesperrt Bundespolizei 100 Euro Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (14)
  15. Computer gesperrt durch BKA o.Ä. Trojaner, 100€ zahlen etc.
    Log-Analyse und Auswertung - 01.08.2012 (17)
  16. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt - Bundespolizei
    Log-Analyse und Auswertung - 15.06.2012 (1)
  17. Trojaner der Bundespolizei, 100 Euro, Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Computer gesperrt durch Bundespolizei-Trojaner - Hallo zusammen. Irgendwann mußte das ja passieren. Habe mir den Bundespolizei-Trojaner eingefangen Konnte meinen Laptop (Windows 7, 64 bit) nur noch im abgesicherten Modus starten. Habe mir brav Malwarebytes Anti-Malware - Computer gesperrt durch Bundespolizei-Trojaner...
Archiv
Du betrachtest: Computer gesperrt durch Bundespolizei-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131