Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizeitrojaner Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 23.05.2013, 19:54   #1
xandl
 
Polizeitrojaner Windows 7 - Standard

Polizeitrojaner Windows 7



hallo,

ich habe ein problem mit einem polizeitrojaner unter windows 7

hier die entsprechenden logfiles:

OTL:
Code:
ATTFilter
OTL logfile created on: 23.05.2013 19:25:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moosi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT
 
Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.18 11:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.13 20:39:31 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.08.19 10:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 10:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B5B0A47-E6FC-43F1-89A4-C04C64916EA3}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109220&babsrc=SP_ss&mntrId=a03a8f6200000000000074f06d1a153d
IE - HKCU\..\SearchScopes\{21F7EF69-5C34-40C5-BAA3-E9CEE1F76C26}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.10 22:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.10 22:32:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.26 21:47:40 | 000,000,000 | ---D | M]
 
[2010.09.23 18:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Extensions
[2013.03.10 12:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\Firefox\Profiles\bhc369s5.default\extensions
[2012.07.29 16:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\gophoto@gophoto.it.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.01.26 21:47:32 | 000,002,422 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\mozilla\firefox\profiles\bhc369s5.default\searchplugins\babylon1.xml
[2011.12.19 19:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.09.23 18:22:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2013.03.10 12:50:13 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.26 21:47:24 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=109220&babsrc=HP_ss&mntrId=a03a8f6200000000000074f06d1a153d
CHR - Extension: No name found = C:\Users\Moosi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1FB09BA-161C-4ECE-9D32-300BC9A0165F}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Moosi\AppData\Roaming\skype.dat) - C:\Users\Moosi\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell - "" = AutoRun
O33 - MountPoints2\{aff8a662-de35-11e0-8181-6c626d4ee36f}\Shell\AutoRun\command - "" = J:\MMMTest.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 19:23:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
[2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Users\Moosi\AppData\Local\Cisco
[2013.05.20 18:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013.05.20 18:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 19:24:57 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.23 19:24:57 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.23 19:24:57 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.23 19:24:57 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.23 19:24:36 | 000,000,156 | ---- | M] () -- C:\Users\Moosi\defogger_reenable
[2013.05.23 19:20:06 | 000,377,856 | ---- | M] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe
[2013.05.23 19:19:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moosi\Desktop\OTL.exe
[2013.05.23 19:19:28 | 000,050,477 | ---- | M] () -- C:\Users\Moosi\Desktop\Defogger.exe
[2013.05.23 18:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 18:59:03 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.23 18:55:41 | 000,000,004 | ---- | M] () -- C:\Users\Moosi\AppData\Roaming\skype.ini
[2013.05.23 18:54:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.21 23:47:33 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 22:43:28 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.21 22:26:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.17 15:10:25 | 000,429,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.23 19:24:34 | 000,000,156 | ---- | C] () -- C:\Users\Moosi\defogger_reenable
[2013.05.23 19:23:56 | 000,377,856 | ---- | C] () -- C:\Users\Moosi\Desktop\gmer_2.1.19163.exe
[2013.05.23 19:23:56 | 000,050,477 | ---- | C] () -- C:\Users\Moosi\Desktop\Defogger.exe
[2013.05.21 23:47:33 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.20 23:05:40 | 000,000,004 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.ini
[2012.09.06 12:18:07 | 000,005,236 | ---- | C] () -- C:\Users\Moosi\AppData\Local\recently-used.xbel
[2012.07.04 22:32:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.01.11 20:00:55 | 000,098,304 | ---- | C] () -- C:\Users\Moosi\AppData\Roaming\skype.dat
[2011.12.21 22:55:16 | 000,003,584 | ---- | C] () -- C:\Users\Moosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.28 15:40:04 | 000,001,027 | ---- | C] () -- C:\Users\Moosi\Musik - Verknüpfung.lnk
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.30 11:38:49 | 000,000,000 | -HSD | M] -- C:\Users\Moosi\AppData\Roaming\.#
[2013.01.26 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\BabSolution
[2013.01.26 21:47:17 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Babylon
[2011.12.23 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\DAEMON Tools Lite
[2010.12.06 19:29:44 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\GrabIt
[2011.11.27 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\Leadertech
[2011.01.04 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\Moosi\AppData\Roaming\MAGIX
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2013 19:25:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moosi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 82,86% Memory free
6,50 Gb Paging File | 6,05 Gb Available in Paging File | 93,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 748,28 Gb Free Space | 82,19% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
Drive F: | 900,73 Mb Total Space | 840,00 Mb Free Space | 93,26% Space Free | Partition Type: FAT
 
Computer Name: MOOSI-PC | User Name: Moosi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EE1441E-2B98-4015-93B6-C97F997F1C6F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1CB99D37-5903-44FB-AD6C-5FA294D0822B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{252AEF40-23BA-45AC-A5CD-BE7B34148DCC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2C29B114-9C81-49E7-9BC3-CF837BA143B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35147092-AE6E-40C1-8DE3-6CD0857ECCBF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3986147F-9D10-4FC2-AFB3-7CE85329BA67}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{727EA388-CEA3-4FFA-B033-F2738048880B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{75CBBD62-C7AF-49A1-966F-EC47BDED0704}" = lport=445 | protocol=6 | dir=in | app=system | 
"{88311290-C3A9-49D8-B9F9-62DE2010F09E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C73AAF57-23B4-4F24-B95C-0E90AD58A8C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CF9E3D6B-44AB-43CB-8D20-FDDDFA1392B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D8031C98-DAE9-4910-93B0-0A680D551E9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E8BFF9A2-2742-49ED-BC70-3B1D22326CAA}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{1D898DAE-2DDA-469D-8C7A-4D1014A15F41}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | 
"{2BDC0C5A-E6F4-4881-B14B-4A23F1A8DB1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{50933ACB-76DC-4BC2-84B3-0FEC618AC2D9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{731D7A7C-8350-4DCF-A968-852DD455EA7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A13E4A01-0C3E-4986-8F10-EADE9C25FDAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBE53DF1-89C7-4D34-B4AB-BAE1F40BECE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{CC741BA1-2D89-4560-A474-DEED886E0445}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{DB3060D5-19A4-4D0C-A7AD-83C99DABFE1E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E5EFDB5F-0061-4A31-8498-6C8573DDEBF5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5F1E9D0A-99DA-42C3-A7E2-CE02CD6CEE01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DC48926A-65EC-4241-9F57-7063E05706A0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F3A1E182-A325-4FAD-B07C-301B69FBD5CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A169C69-5012-DAD1-B26D-6AD81A3242A9}" = Catalyst Control Center Localization All
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B164BB-87C0-0E98-4B4B-867962CBB5EB}" = CCC Help Italian
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8FA9E6-DE47-98B1-B292-D5BD9D1AC5F4}" = Catalyst Control Center Graphics Previews Vista
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D07BB5D-7903-53B0-4EE0-F23FB43A3034}" = Catalyst Control Center Graphics Full New
"{5107CFE6-65DB-C1BE-A97B-68C22747AD4F}" = CCC Help English
"{518FBF0D-3BA6-BF84-C949-D301EEA09F08}" = ccc-core-static
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6A53AF94-FB62-528E-93D7-47D927FCBA89}" = Catalyst Control Center InstallProxy
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F276611-40A1-71AF-79B2-F896525FA898}" = CCC Help Danish
"{80186A32-8C10-9A90-409B-F83ED7823EA5}" = Catalyst Control Center Graphics Light
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{853E9CDB-711A-533C-E73F-1D87DCCAF5B6}" = Catalyst Control Center Graphics Full Existing
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8730DBBF-3817-FC91-3C5D-A42F535A0C75}" = Catalyst Control Center Core Implementation
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{45854A38-F4B0-4434-BB40-A8ED6FDDEEC9}" = 
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963911A3-E0E3-1D9B-CCF1-04607B415F9D}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4A90F5-B7F6-742C-C761-526AD050B601}" = CCC Help French
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DB2B2B1-464C-F7ED-2032-B80A1F2EEA69}" = CCC Help Japanese
"{9E422606-5F50-5D98-D89F-74AF10167A25}" = CCC Help Norwegian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADF60A14-CFC4-7174-D088-E1CFE6663EF3}" = ATI Catalyst Install Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C3B58DC8-B030-0AE4-87C2-7721A4A485FA}" = CCC Help German
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8A6E0DE-B25F-D008-C10F-81DB91224A41}" = ccc-utility
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2)
"{E8E25861-3B27-E2FE-877A-4E19B848EA31}" = CCC Help Spanish
"{E9D9AD46-011D-EC6D-180B-8A0C6835B778}" = CCC Help Swedish
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE6B2A1F-FFA0-9BD0-6C8E-BCA7AEDCFC5E}" = CCC Help Finnish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BabylonToolbar" = Babylon toolbar 
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deutsch 3 v1.2" = Deutsch 3 v1.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Gehirnjogging 3" = Gehirnjogging 3
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"Hofer Foto Manager Free D" = Hofer Foto Manager Free
"Hofer Foto Service D" = Hofer Foto Service
"Hofer Fotodruck Service" = Hofer Fotodruck Service 4.5
"Hofer Online Druck Service D" = Hofer Online Druck Service
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Loewe4" = Löwenzahn 4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"MEDION Fotos auf CD & DVD SE Hofer D" = MEDION Fotos auf CD & DVD SE Hofer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"QuickPar" = QuickPar 0.9
"QuickTime" = QuickTime
"SysInfo" = Creative Systeminformationen
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zahlenreise 3. Übungs-CD-ROM_is1" = Zahlenreise 3. Übungs-CD-ROM, V 1.0.2
"ZENcast Organizer" = ZENcast Organizer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2011 06:02:08 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 06:05:46 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 09:33:29 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 10:01:59 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 10:22:26 | Computer Name = Moosi-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 16.12.2011 11:14:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 14:03:02 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 15:13:27 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 16:13:58 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.12.2011 17:01:13 | Computer Name = Moosi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 20.05.2013 13:22:40 | Computer Name = Moosi-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 673 Invoked Function:
 ConnectMgr::initiateConnect Return Code: -29622263 (0xFE3C0009) Description: CONNECTMGR_ERROR_UNEXPECTED

 
Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostLocator::buildHostLocator File: .\Utility\HostLocator.cpp
Line:
 293 Invoked Function: CHostLocator::ResolveHostname Return Code: -28049397 (0xFE54000B)
Description:
 HOSTLOCATOR_ERROR_DNS_TIME_LIMIT_EXCEEDED 
 
Error - 20.05.2013 13:22:42 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processConnectNotification File: .\MainThread.cpp
Line:
 11462 Invoked Function: CMainThread::resolveSGHost Return Code: -32702442 (0xFE0D0016)
Description:
 MAINTHREAD_ERROR_DNS_RESOLUTION_FAILED 
 
Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CAutoProxy::GetAutoProxyStrings File: .\Proxy\AutoProxy.cpp
Line:
 139 Invoked Function: WinHttpGetProxyForUrl Return Code: 12180 (0x00002F94) Description:
 WINDOWS_ERROR_CODE SG URL https://univpn.univie.ac.at:443
 
Error - 20.05.2013 13:22:45 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
 1032 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
 kann die angegebene Datei nicht finden.   
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1790 Invoked Function: ::WSAGetOverlappedResult Return Code: 995 (0x000003E3) Description:
 Der E/A-Vorgang wurde wegen eines Threadendes oder einer Anwendungsanforderung 
abgebrochen.   
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1791 Invoked Function: ::WSARecv/::WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 895 Invoked Function: CSocketTransport::readSocket Return Code: -31588312 (0xFE1E0028)
Description:
 SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get result call for the socket
 failed. 
 
Error - 20.05.2013 13:24:13 | Computer Name = Moosi-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 1047 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31588312
 (0xFE1E0028) Description: SOCKETTRANSPORT_ERROR_GET_RESULT_FAILURE:The system get
 result call for the socket failed. 
 
[ OSession Events ]
Error - 21.10.2010 17:33:45 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5883
 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error - 13.04.2011 14:04:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 13864
 seconds with 6420 seconds of active time.  This session ended with a crash.
 
Error - 13.04.2011 14:14:41 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 614
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 15.05.2011 13:36:05 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 2489
 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error - 31.05.2011 15:38:36 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 5951
 seconds with 5520 seconds of active time.  This session ended with a crash.
 
Error - 09.06.2011 13:44:14 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 106
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.06.2011 13:57:23 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 778
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2011 15:51:15 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 1858
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 04.01.2013 18:05:01 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 9039
 seconds with 4560 seconds of active time.  This session ended with a crash.
 
Error - 13.03.2013 17:27:28 | Computer Name = Moosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 10842
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:04 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.05.2013 13:00:05 | Computer Name = Moosi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
GMER:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 20:46:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000053 WDC_WD10 rev.80.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Moosi\AppData\Local\Temp\pwdoypoc.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                        82842A09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                          8287C1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                        fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Moosi\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                                                           unknown MBR code

---- EOF - GMER 2.1 ----
         
während des GMER scans sind fehlermeldungen ala "device kann nicht gefunden werden" angezeigt worden, ich habe diese weggeklickt.

bitte um hilfe =)

danke und lg

 

Themen zu Polizeitrojaner Windows 7
1clickdownload, autorun, babylontoolbar, bho, browserprotect.dll, canon, defender, error, explorer, failed, fehler, firefox, flash player, format, gophoto, helper, home, iexplore.exe, install.exe, lws.exe, musik, pdfforge toolbar, plug-in, problem, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, udp, windows, windows 7. polizeitrojaner




Ähnliche Themen: Polizeitrojaner Windows 7


  1. Windows XP: Sperrschirm nach Polizeitrojaner
    Log-Analyse und Auswertung - 16.02.2014 (8)
  2. Polizeitrojaner Österreich auf Windows XP eingefangen
    Log-Analyse und Auswertung - 18.10.2013 (5)
  3. Polizeitrojaner/Bundesamttrojaner
    Log-Analyse und Auswertung - 31.07.2013 (15)
  4. Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.07.2013 (5)
  5. Polizeitrojaner - logs
    Log-Analyse und Auswertung - 11.06.2013 (2)
  6. Polizeitrojaner
    Log-Analyse und Auswertung - 07.06.2013 (9)
  7. Österreichischer Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (10)
  8. Polizeitrojaner
    Log-Analyse und Auswertung - 13.02.2013 (22)
  9. Polizeitrojaner, Weißer Bildschirm, Kein Abgesicherter Modus, Windows 7
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (13)
  10. Polizeitrojaner
    Log-Analyse und Auswertung - 16.11.2012 (20)
  11. Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (29)
  12. Polizeitrojaner auch bei mir
    Log-Analyse und Auswertung - 07.11.2012 (14)
  13. Polizeitrojaner 5.2
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (4)
  14. polizeitrojaner 5.2
    Log-Analyse und Auswertung - 13.10.2012 (2)
  15. Polizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  16. polizeitrojaner CH
    Log-Analyse und Auswertung - 25.09.2012 (5)
  17. Österreichischer Polizeitrojaner auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (29)

Zum Thema Polizeitrojaner Windows 7 - hallo, ich habe ein problem mit einem polizeitrojaner unter windows 7 hier die entsprechenden logfiles: OTL: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 23.05.2013 19:25:49 - Run 1 - Polizeitrojaner Windows 7...
Archiv
Du betrachtest: Polizeitrojaner Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.