Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer wurde gesperrt - "Polizei" Trojaner/Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 08.05.2013, 11:29   #1
RSX
 
Computer wurde gesperrt - "Polizei" Trojaner/Virus - Standard

Computer wurde gesperrt - "Polizei" Trojaner/Virus



Guten Tag,

gestern ist bei mir eine Meldung erschienen auf der stand das mein Computer von der "Polizei" wegen illegalen downloads gesperrt wurde und ich einen Betrag per Paysafecard überweisen soll.

Auf meinem anderen PC habe ich dann gegoogelt und ein paar Ratschläge befolgt (Neustart > F8 etc. etc.)
Das alles hat aber nichts gebracht, immer wenn mein PC hochgefahren ist und ich das Passwort eingegeben habe um zum Desktop zu kommen erschien nach ca. 10 sek. immer wieder diese Meldung von der "Polizei".

Also habe ich ein wenig improvisiert:
Ich habe meinen PC vom Netz genommen und es nochmal versucht (Neustart).
Beim ersten mal kam die Meldung aber trotzdem, beim 2. Versuch (und auch bis jetzt) kam die Meldung nicht mehr (auch nicht mit Internet an).

Nachdem die Meldung nicht mehr erschien habe ich trotzdem den Virenscanner und Malwarebytes durchgehen lassen.

Avast fand:
C:\ProgramData\bveq0.js

Malware fand 4 mal "Trojan.Winlock" unter:

C:\ProgramData\trv2.dat
C:\ProgramData\brcow.dat
C:\ProgramData\0qevb.dat
C:\ProgramData\triijfo.dat

Danach alles gelöscht und in Quarantäne verschoben.
Mit CCleaner noch PC gereinigt.
Und zuletzt habe ich auch noch meinen PC (Windows 7) um ein paar Stunden zurückgesetzt.

Ich weis leider nicht ob damit der Trojaner verschwunden ist oder nicht und hoffe ihr könnt mir weiterhelfen, vielen dank im voraus!

Ab hier findet ihr die gewünschten infos:

Defogger:
Das habe ich benutzt und laut eurer Guide gescannt nur erforderte das Programm keinen Neustart und nach beendigung des Scans kam überhaupt keine Meldung.

OTL
Code:
ATTFilter
OTL logfile created on: 08.05.2013 08:16:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aco\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,58% Memory free
3,98 Gb Paging File | 2,81 Gb Available in Paging File | 70,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,70 Gb Total Space | 414,24 Gb Free Space | 90,90% Space Free | Partition Type: NTFS
 
Computer Name: ZLOCO | User Name: Aco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 08:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aco\Desktop\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.09.07 18:17:12 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-547 revA\wirelesscm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.06 17:15:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-547 revA\WlanDll.dll
MOD - [2009.07.06 15:11:34 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-547 revA\WlanWPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.18 07:55:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 10:03:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.26 20:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe -- (jswpsapi)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.09.23 06:20:20 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.23 18:37:04 | 001,483,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.12 07:48:26 | 000,406,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.05.15 04:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.05.15 04:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {694E9944-1DAE-44FC-9485-99449F16D10D}
IE:64bit: - HKLM\..\SearchScopes\{694E9944-1DAE-44FC-9485-99449F16D10D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AB55BC4D-6CC8-4137-AFAE-2E2C932CC514}
IE - HKLM\..\SearchScopes\{AB55BC4D-6CC8-4137-AFAE-2E2C932CC514}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 70 BA 4F 85 B2 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AB55BC4D-6CC8-4137-AFAE-2E2C932CC514}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.at/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\BalancedWorlds.com/WebLauncher: C:\Users\Aco\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.03.19 08:48:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 10:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 10:03:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.09 08:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aco\AppData\Roaming\mozilla\Extensions
[2012.10.25 10:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aco\AppData\Roaming\mozilla\Firefox\Profiles\va0sfs9x.default\extensions
[2013.05.07 11:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 10:03:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 10:03:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.02 08:24:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 09:13:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.02 08:24:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.02 08:24:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.02 08:24:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.02 08:24:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EBB4D02-F6EC-4761-A9CA-568C04160C44}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 08:14:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aco\Desktop\OTL.exe
[2013.05.07 11:56:14 | 000,000,000 | ---D | C] -- C:\Users\Aco\AppData\Roaming\Malwarebytes
[2013.05.07 11:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.07 11:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.07 11:55:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.05.07 11:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.07 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Aco\AppData\Local\Programs
[2013.05.07 11:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.07 11:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.12 10:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.12 08:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.04.12 08:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[13 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 08:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aco\Desktop\OTL.exe
[2013.05.08 08:13:14 | 000,000,000 | ---- | M] () -- C:\Users\Aco\defogger_reenable
[2013.05.08 08:12:08 | 000,050,477 | ---- | M] () -- C:\Users\Aco\Desktop\Defogger.exe
[2013.05.08 08:10:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 07:58:28 | 000,014,816 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 07:58:28 | 000,014,816 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 07:55:36 | 001,613,412 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.05.08 07:55:36 | 000,696,848 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.05.08 07:55:36 | 000,652,166 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.05.08 07:55:36 | 000,148,144 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.05.08 07:55:36 | 000,121,098 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.05.08 07:51:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.08 07:51:08 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.07 11:55:59 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.07 10:25:55 | 095,023,320 | ---- | M] () -- C:\ProgramData\bveq0.pad
[2013.05.07 09:54:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\2vrt.pad
[2013.05.07 09:54:13 | 095,023,320 | ---- | M] () -- C:\ProgramData\ofjirt.pad
[2013.05.07 09:54:08 | 095,023,320 | ---- | M] () -- C:\ProgramData\wocrb.pad
[2013.04.11 07:52:34 | 000,383,072 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[13 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.08 08:13:14 | 000,000,000 | ---- | C] () -- C:\Users\Aco\defogger_reenable
[2013.05.08 08:12:06 | 000,050,477 | ---- | C] () -- C:\Users\Aco\Desktop\Defogger.exe
[2013.05.07 11:55:59 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.07 09:54:00 | 095,023,320 | ---- | C] () -- C:\ProgramData\ofjirt.pad
[2013.05.07 09:53:57 | 095,023,320 | ---- | C] () -- C:\ProgramData\wocrb.pad
[2013.05.07 09:53:55 | 095,023,320 | ---- | C] () -- C:\ProgramData\2vrt.pad
[2013.05.07 09:53:46 | 095,023,320 | ---- | C] () -- C:\ProgramData\bveq0.pad
[2013.04.12 08:17:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.01 12:02:31 | 001,590,370 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.09.26 08:55:47 | 000,000,000 | ---D | M] -- C:\Users\Aco\AppData\Roaming\pdfforge
 
========== Purity Check ==========
 
 

< End of report >
         
Extras
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2013 08:16:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Aco\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,58% Memory free
3,98 Gb Paging File | 2,81 Gb Available in Paging File | 70,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,70 Gb Total Space | 414,24 Gb Free Space | 90,90% Space Free | Partition Type: NTFS
 
Computer Name: ZLOCO | User Name: Aco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056231FB-FE74-40FC-8AA9-30E89B5438A4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1CBABC3A-35C9-4674-85C0-88E5137E7B3F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3AE34A70-8229-4911-8967-4A0CDA56AD59}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{44955700-F9AA-4630-BEC2-58954CF066A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C6FBE25-63A8-4EFC-A314-B8F32717DA6D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5278ADD3-B190-4F6E-9870-00F5454F783D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A6CE007-D9A6-440D-93F5-E256958E8F63}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5B6238D2-670D-470B-995C-AAFFF38E5375}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{666CD1E9-0E53-4B6B-BD2E-545E9AC2CD4C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6DB53882-0BA4-4511-A0E0-2A55CE36B5A7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{766646BE-B707-4A23-BD74-2EDD3A4C9F6B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B24214EB-C87A-4A82-9345-DDBA42BEF0BE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DED9D657-FE9F-4A3B-A057-2AF6636FDD45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E943A3A7-12C2-4816-97AF-26A1B641C879}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016C0DE8-5D55-477A-AF32-235781A55DE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0A406F15-0CF7-408C-911E-59DFFA17ED62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35E143BE-B134-4F41-B5D1-0FA9EBB9E543}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{54854AED-B64B-498F-8DB9-E80DAB97884C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68780158-E604-429E-B086-1F58634A074A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B6E87E4C-1636-4457-BB0A-1C53A353C377}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F7F5B2C3-8CDE-4E91-8074-56EDB47E970A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{0CD98952-E947-479E-AD1C-81E8834F80E0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{325F7A72-CD82-4D76-9C1E-A87B7C06E8DC}C:\windows\splwow64.exe" = protocol=6 | dir=in | app=c:\windows\splwow64.exe | 
"UDP Query User{1003C542-142A-4B1F-BB3C-277659D9F318}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{1361027F-AE92-4DD5-9CE7-0BB8076B4F42}C:\windows\splwow64.exe" = protocol=17 | dir=in | app=c:\windows\splwow64.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-547
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = ESENT | ID = 455
Description = Windows (2020) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003B.log.
 
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 21.03.2013 04:41:32 | Computer Name = Zloco | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 21.03.2013 04:41:34 | Computer Name = Zloco | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 21.03.2013 04:41:34 | Computer Name = Zloco | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 21.03.2013 04:41:34 | Computer Name = Zloco | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 21.03.2013 04:41:34 | Computer Name = Zloco | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 30.03.2012 01:58:15 | Computer Name = Zloco | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2012 um 12:00:44 unerwartet heruntergefahren.
 
 
< End of report >
         
INFO: GMER kann ich leider nicht posten (zu viele Zeichen!).

 

Themen zu Computer wurde gesperrt - "Polizei" Trojaner/Virus
7-zip, aswrvrt.sys, avast, ccleaner, computer, desktop, gelöscht, gesperrt, guten, infos, install.exe, internet, malwarebytes, meldung, neustart, passwort, plug-in, programm, quarantäne, scanner, trojan.winlock, trojaner, trojaner/virus, verschwunden, virenscan, virenscanner, windows, windows 7




Ähnliche Themen: Computer wurde gesperrt - "Polizei" Trojaner/Virus


  1. Trojaner: "Zugang zu ihrem Computer wurde aus folgenden Gründen gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (17)
  2. Win XP (SP3) Trojaner: "Computer wurde von Bundesamt gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (11)
  3. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  4. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (15)
  5. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (7)
  6. "Ihr Computer wurde gesperrt" Trojaner (User:Landvoigt)
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (18)
  7. "Ihr Computer wurde gesperrt"-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (11)
  8. GVU Trojaner "Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 22.12.2012 (13)
  9. "Ihr Computer wurde gesperrt" Trojaner eingefangen - Hilfe :(
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  10. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  11. Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  12. Trojaner "Ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (4)
  13. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  14. Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100
    Log-Analyse und Auswertung - 14.07.2012 (5)
  15. Malware/Trojaner "Achtung! Ihr Computer wurde gesperrt!"
    Log-Analyse und Auswertung - 02.05.2012 (19)
  16. Virus: "Windows Security Center Achtung! Ihr Computer wurde gesperrt!"
    Log-Analyse und Auswertung - 11.04.2012 (1)
  17. Virus? "Achtung! Ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (1)

Zum Thema Computer wurde gesperrt - "Polizei" Trojaner/Virus - Guten Tag, gestern ist bei mir eine Meldung erschienen auf der stand das mein Computer von der "Polizei" wegen illegalen downloads gesperrt wurde und ich einen Betrag per Paysafecard überweisen - Computer wurde gesperrt - "Polizei" Trojaner/Virus...
Archiv
Du betrachtest: Computer wurde gesperrt - "Polizei" Trojaner/Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.