Bundesministerium für Internetsicherheit - Kompromitierter Rechner

SuppiSuppenh · 06.05.2013, 17:41

Hallo Experten !

Ich habe den "Bundesministerium für Internetsicherheit"-Trojaner auf meinem Rechner.
Irgendwie habe ich es geschafft auf den Desktop Zugriff zu bekommen.

Meine Recherche hier im Board hat mich bereits auf die Scans mit Malwarebytes-Anti-Rootkit und OTD gebracht.

Hier die Logs:

Erster Durchlauf

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 17:30:06
mbar-log-2013-05-06 (17-30-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27029
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent.Gen) -> Data: C:\PROGRA~3\rundll32.exe C:\PROGRA~3\ijezdqe.dat,FG00 -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\n.) Good: (shell32.dll) -> Delete on reboot.

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 6
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot.
c:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$6b39cb7759c16d7e3f9be78c40b1bc1b\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

(end)

Zweiter Durchlauf

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 18:04:41
mbar-log-2013-05-06 (18-04-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27091
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
c:\ProgramData\ijezdqe.dat (Trojan.FakeMS) -> Delete on reboot.
c:\ProgramData\qfoni4.dat (Trojan.FakeMS) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-2975299611-2270659082-2690376731-1001\$RD25EEB70 (Trojan.FakeMS) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\icyoajc (Trojan.Zbot.ED) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\uoosuud.exe (Trojan.Agent.SZ) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\8jECD92.exe (Trojan.FakeMS) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\~!#35A1.tmp (Trojan.Agent.SZ) -> Delete on reboot.
c:\Users\Martin\AppData\Local\Temp\~!#DE4D.tmp (Trojan.Zbot.ED) -> Delete on reboot.
c:\ProgramData\rundll32.exe (Trojan.Agent.Gen) -> Delete on reboot.

(end)

Dritter Durchlauf

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

06.05.2013 18:14:44
mbar-log-2013-05-06 (18-14-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27022
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Dann habe ich OTD durchlaufen lassen.

Hier die Scans:

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 06.05.2013 18:16:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,09% Memory free
6,00 Gb Paging File | 4,66 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,59 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\Trojaner-Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
PRC - D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - D:\Programme\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - D:\Programme\Canon Image Mixer 3.1\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll ()
MOD - D:\Programme\ATI\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - D:\Programme\Canon Image Mixer 3.1\pxl_m17n_tool.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Winmgmt) -- C:\PROGRA~3\ijezdqe.dat File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- D:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AIDA64Driver) -- H:\aida64extreme_build_1114_b\kerneld.wnt File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssudobex) -- C:\Windows\System32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fwlanusb5) -- C:\Windows\System32\drivers\fwlanusb5.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_8) -- C:\PROGRA~2\MSI\MSIWDev\NTIOLib.sys (MSI)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\PROGRA~2\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 31 37 93 9A 45 CE 01  [binary data]
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledAddons: backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66%40mozillafirefoxextension:1.0.3
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.15.2.523
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\I-Tunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: D:\Programme\Veetle player\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.01.29 11:16:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.06 17:14:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2011.04.12 15:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.15 17:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions
[2013.04.15 17:30:32 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2012.02.13 17:05:10 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\1uxfjgzh.default\extensions\piclens@cooliris.com
[2011.10.05 16:22:58 | 000,027,678 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\backupfox_959a5970_ada3_11e0_9f1c_0800200c9a66@mozillafirefoxextension.xpi
[2013.03.21 16:31:01 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\1uxfjgzh.default\extensions\toolbar@web.de.xpi
[2013.04.12 15:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 15:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2013.04.12 15:52:23 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@web.de
[2013.04.12 15:52:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.16 11:41:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.16 11:41:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.16 11:41:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 11:41:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 11:41:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 11:41:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AdblockPro) - {04F2568A-3E7A-422D-A71E-DC088A635F7D} - C:\Users\Martin\AppData\Roaming\AdblockPro\IE\AdblockPro.dll (Adblock Pro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AdobeReader) - {AC6401E9-813B-46DA-B06F-A4FFA2F9AE6D} - C:\Users\Martin\AppData\Roaming\AdobeReader\IE\AdobeReader.dll (Adobe Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] D:\Programme\Content Tranfer 1.3\CT1.3_dl\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [DACSMiniApp] C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe (Mattel Inc.)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Programme\I-Tunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\Programme\QuickTimePlayer 24.03.2103\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Programme\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: []  File not found
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2975299611-2270659082-2690376731-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{465AF0CE-323F-4DB8-A6A8-0648F36EF922}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A309E58A-523F-4A3C-ABD9-D45FB6D60C05}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCECDB36-B776-45E9-AE46-1D80E87BD977}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.28 17:00:37 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{48fb6c4b-9ae1-11e2-91bc-002185163e7e}\Shell - "" = AutoRun
O33 - MountPoints2\{48fb6c4b-9ae1-11e2-91bc-002185163e7e}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{52477ca5-9104-11e0-8f0f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{52477ca5-9104-11e0-8f0f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.EXE -- [2008.01.28 17:00:42 | 001,912,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.06 17:41:00 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Trojaner-Board
[2013.05.06 17:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.04 13:04:27 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.04.22 16:25:43 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2013.04.22 16:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.04.22 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\LogMeIn Hamachi
[2013.04.12 15:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 14:21:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 14:21:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 14:20:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 14:20:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 14:20:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 14:20:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 14:20:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 14:20:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 13:36:12 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 13:36:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 13:36:06 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 13:36:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 13:36:02 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 13:36:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.06 18:13:24 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 18:13:24 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.06 18:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.06 18:05:57 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.06 17:25:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.06 16:46:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\eqdzeji.pad
[2013.05.04 13:50:13 | 000,002,660 | ---- | M] () -- C:\ProgramData\eqdzeji.js
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.30 14:02:18 | 000,001,041 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.30 14:02:16 | 095,023,320 | ---- | M] () -- C:\ProgramData\4inofq.pad
[2013.04.25 18:41:32 | 001,828,931 | ---- | M] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2013.04.22 16:17:43 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.22 16:17:43 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.22 16:17:43 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.22 16:17:43 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.10 15:30:19 | 000,418,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.04 13:50:13 | 000,002,660 | ---- | C] () -- C:\ProgramData\eqdzeji.js
[2013.04.30 14:02:18 | 000,001,041 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
[2013.04.30 14:02:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\eqdzeji.pad
[2013.04.30 14:02:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\4inofq.pad
[2013.04.25 18:41:31 | 001,828,931 | ---- | C] () -- C:\Users\Martin\Desktop\Radrennen.pdf
[2012.08.22 19:32:20 | 000,000,153 | ---- | C] () -- C:\Windows\WLP.ini
[2012.06.07 19:00:42 | 000,000,064 | ---- | C] () -- C:\Windows\Felix1.ini
[2012.05.30 18:25:20 | 001,780,718 | ---- | C] () -- C:\Users\Martin\Mediathek.xml
[2011.11.10 04:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 04:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.04 20:21:37 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.10.03 20:07:32 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.03 12:57:47 | 000,000,079 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\default.pls
[2011.06.07 15:03:10 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.27 16:40:26 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys
[2011.05.27 16:40:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.05.27 16:40:22 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.05.27 16:39:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.15 14:11:19 | 000,003,584 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 09:06:22 | 000,001,024 | ---- | C] () -- C:\Users\Martin\.rnd
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.29 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2011.04.12 15:13:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AdblockPro
[2011.07.06 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Amazon
[2011.04.19 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon
[2012.12.27 16:23:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fisher-Price
[2011.06.23 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\KIDDINX
[2012.01.29 11:17:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Nokia
[2012.02.05 20:45:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PC Suite
[2011.04.12 15:57:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre
[2012.02.22 17:22:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PhotoFiltre 7
[2011.10.03 19:18:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RavensburgerTipToi
[2012.07.21 11:57:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Rovio
[2012.02.05 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPORE
[2011.04.12 15:25:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 06.05.2013 18:16:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop\Trojaner-Board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,09% Memory free
6,00 Gb Paging File | 4,66 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,60 Gb Total Space | 23,59 Gb Free Space | 23,93% Space Free | Partition Type: NTFS
Drive D: | 832,91 Gb Total Space | 645,48 Gb Free Space | 77,50% Space Free | Partition Type: NTFS
Drive E: | 690,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB36897-E10D-412D-AEFC-9A39BCB9F50C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15799C1D-95D2-4D6E-A952-177DC0388131}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{22C3A65B-AA6B-4A84-A0EB-AB5F5848DB13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C3B35EA-FA5F-4578-8ABA-29049F22CFC5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{418669D9-9A61-4AAA-A5CA-9A14FB265119}" = lport=445 | protocol=6 | dir=in | app=system | 
"{460D682C-B565-442B-8EDA-8610514443A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{520DFDCA-0181-41E6-AC17-14B523C66268}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56472A45-04CE-41CF-BD91-A7CBE6CA5F6C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6AD5333E-75D4-4DDE-9565-1AA5EB4CA18E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6BD075C6-D3AE-48FC-AE69-1FBBF688B985}" = lport=137 | protocol=17 | dir=in | app=system | 
"{764E57A4-21D2-4100-99A4-7AC80F91E69D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8E1D1B0E-4B9C-412D-A5BA-FE09804D515D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94367088-5A77-4C1F-8509-DBD0AE1042AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D65FEB7-E8EA-4C4D-8604-A63E4F7AB6FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F193A89-2AF6-4C14-963D-83AB9EA91E8B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BD05E1A1-96A5-426C-A62A-7DF01F14B03B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CAF49B4A-2E13-41E7-BBA3-2FF0A1F5F739}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{D0997995-1783-4701-B3BE-B5065A4F9A56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D69AB1FC-1632-4D99-B48A-62F9D9C61427}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DEA7550D-7B66-41C0-8D50-E8F5CC8EFD53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E243345A-01CC-497F-81DD-C6499F02A975}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8343362-07EE-470E-9CFA-97D510AB2BA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7B206AB-C2EB-42CB-9F3C-10F3BF783F1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FF712B1F-6687-42AC-941A-A5370181EA22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EC6A98-D280-4BAF-BDC5-8BCC9221B610}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{18923AD5-1DD5-4AB1-AB6F-83C3E90D87FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2740EC6C-F167-4F6F-BB8B-05B0558DF4BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{27E94C34-0034-46A8-8747-1642FD409422}" = protocol=6 | dir=out | app=system | 
"{34F6DB5E-DB68-47D5-B479-6212C095A776}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{376CC586-BB36-48F9-9EF9-853F6BF82454}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{383D8D31-E847-4863-88D5-839B979E0181}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D2B7DB2-8D04-4A17-9A51-812353C5606E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{564D6367-784E-4F89-B732-6F181D6DA1C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60AF4940-4772-42CF-B5A2-BA9E0B4F5782}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{78A49817-F5BA-479B-8695-3ACBC38C4FE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{811BABE3-5B18-4AAD-AA2B-1088D2058B26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{86B5282A-4A2B-4594-B0C8-73DC8537618C}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{87EAA304-88A4-43E9-B03F-CE3F66D0F168}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{88C7F71D-0C90-4C1C-BA62-8CBD333DD0E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E058CBA-E9E9-4BB5-A921-8B9611F000E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{984CDD36-BE12-4570-AF98-18C2D2C11EBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{99EA9D16-6B8A-4755-92BE-66B6A5731064}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A239222F-74BA-4AFD-B2D3-3EE3C86DC3CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A9E815F4-D89F-4BA0-9B38-3E18D1D15D18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3C25694-2E54-4514-8692-B3141A27127B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8FB1B54-A257-4681-A59F-9777623299DD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CA31DF7A-BE7A-4C0F-9474-4200E2875301}" = dir=in | app=d:\programme\i-tunes\itunes.exe | 
"{D3793604-0E92-4C12-878E-3C5F8F8E2A1B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E69C3512-07C2-425A-B75B-ACCE4B76CBFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69BB6BA-C615-47AF-8F38-BFC9B7C2466C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{08D8F2DF-D401-4877-8E3E-F4FD994B1536}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2143ADD7-620B-4798-AD8E-93A1999B27D9}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{ADA08954-5708-45D9-9BFE-E7A235796970}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{AE07DC3D-105A-4871-AC29-37C8769EC402}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EBF99B8C-8979-449C-B15E-A2622BEBBE24}D:\programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"TCP Query User{ED6EA784-4156-40D8-824E-C409DC0ACB0F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{11EB7881-FA02-44ED-BEAD-FB09AA0E10F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{29074744-A52B-4B8C-BDB6-1C31FFAFE68E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{2F266BB9-7482-49F8-845E-C233FF86AD9F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{4ABBD26F-C419-4F84-8BC9-3427DA3ED32A}D:\programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=d:\programme\java\bin\javaw.exe | 
"UDP Query User{4FB80F03-88DA-4DAD-9640-5029D184D93C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A4217134-1787-4B22-B476-15CCA678AB5B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{0A5F80AA-FCA7-41C5-BF1C-74727ECE1031}" = Nero 8 Essentials
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2985C5E6-8009-44BB-A84E-7685F4BC709D}" = The Digital Arts and Crafts Studio
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}" = ImageMixer 3 SE Ver.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40FDC018-23A6-4618-B30A-A8EFCAA22A3D}" = Wildlife Park
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8331C0-C7CE-11D5-9A6D-A8FD74C70A01}" = Pinball Ten
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CBE9636-B985-4ACB-9CC7-D7E79FDADEA8}" = Angry Birds
"{8695082B-3A98-44AB-AF56-0DA70A0146F1}" = SpaceInvadersAnniversary
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A23AADDA-3DBF-11E2-A6F2-984BE15F174E}" = Evernote v. 4.6
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A81D3EB9-20E6-A6E3-2537-26964CE91417}" = AMD Drag and Drop Transcoding
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AA373850-5233-4DA2-98AE-790091A20415}" = Tous ensemble 1 Sprachtrainer Kommunikation
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48756D1-A348-2DA5-B59B-DF39F293F750}" = AMD Media Foundation Decoders
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DV CIG Guide" = CANON IMAGE GATEWAY Registrierungsanleitung
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Grundschule Lernspass mit Albert E. Englisch Klasse 3+4" = Grundschule Lernspass mit Albert E. Englisch Klasse 3+4
"Kommissar Kugelblitz 1" = Kommissar Kugelblitz 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"Nokia Suite" = Nokia Suite
"Ravensburger tiptoi" = Ravensburger tiptoi
"Veetle TV" = Veetle TV 0.9.18
"Winmail Opener" = Winmail Opener 1.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2975299611-2270659082-2690376731-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre 7" = PhotoFiltre 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.04.2013 13:24:49 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2995
 
Error - 21.04.2013 13:24:49 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2995
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
 
Error - 21.04.2013 13:24:50 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077561
 
Error - 21.04.2013 13:42:43 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1077561
 
Error - 27.04.2013 04:14:29 | Computer Name = Martin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0x14a0  Startzeit der fehlerhaften Anwendung: 0x01ce431e4a0e30a9  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: 7b60f781-af12-11e2-9fb3-002185163e7e
 
Error - 28.04.2013 13:22:43 | Computer Name = Martin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\programme\mozilla
 backup 1.4.9\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\programme\mozilla backup 1.4.9\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der 
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.05.2013 11:36:14 | Computer Name = Martin-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 06.05.2013 12:17:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:18:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:18:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:19:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:19:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:20:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:20:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:21:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:21:36 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 06.05.2013 12:22:06 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
 
< End of report >

Kann mir bitte jemand weiterhelfen ?

Gruß,
Suppi

Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Log-Analyse und Auswertung: Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Bundesministerium für Internetsicherheit - Kompromitierter Rechner

Ähnliche Themen: Bundesministerium für Internetsicherheit - Kompromitierter Rechner