Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Vista: Bundespolizei-Virus!

Windows Vista: Bundespolizei-Virus!


Log-Analyse und Auswertung: Windows Vista: Bundespolizei-Virus!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.10.2013, 22:07   #1
virus6610
 
Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!


Habe leider seit heute morgen den Bundespolizei-Virus auf dem Rechner. Abgesicherter Modus funktioniert nicht (fährt runter bzw. normal hoch kurz bevor der abgesicherte Modus kommt) und normal komme ich natürlich auch nicht rein.

Habe die .txt-Dateien die ich nach dem OTLPE-Scan bekommen habe in den Anhang gepackt, ich hoffe jemand kann mir helfen

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 10/20/2013 11:33:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576.15 Gb Total Space | 251.67 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 12.38 Gb Free Space | 61.87% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/10/20 11:53:16 | 000,264,664 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\h2jzi7h.plz -- (Winmgmt)
SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/15 13:01:16 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/17 10:01:50 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 08:43:20 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/26 08:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/01/29 16:11:54 | 000,050,504 | ---- | M] (VoiceFive Networks, Inc.) [Auto] -- C:\Program Files\PremierOpinion\pmservice.exe -- (PremierOpinion)
SRV - [2008/11/24 08:10:31 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/07 11:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/08 11:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (upperdev)
DRV - File not found [Kernel | System] --  -- (sysaro)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (djlzwpnvwg)
DRV - [2011/08/29 18:54:22 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011/05/31 01:14:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/23 04:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/06 11:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/01/06 16:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2003/10/15 12:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=f54a70ce-3952-11e1-9a63-0021853e7754
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://windiwsfsearch.com/search?q=%s
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://windiwsfsearch.com/search?q=%s
IE - HKU\*****_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\*****_ON_C\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKU\*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\System32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 07:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\PremierOpinion [2010/03/27 09:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/07 10:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/07 10:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/16 15:38:36 | 000,000,000 | ---D | M]
 
[2012/10/16 15:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/14 14:41:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/08/26 18:30:33 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/07 08:22:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/19 09:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/05/29 17:18:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/14 03:36:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/15 15:12:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/10/27 07:56:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/10/16 15:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/01/07 08:21:57 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/01/07 08:21:57 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2010/07/05 16:09:02 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/07/13 09:47:22 | 000,174,592 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files\mozilla firefox\plugins\libcurl.dll
[2009/04/06 20:29:00 | 001,044,480 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/04/06 20:28:36 | 001,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/01/07 08:22:02 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 15:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012/03/07 10:46:38 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/03/07 10:47:05 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/03/07 10:46:33 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/10/09 09:48:38 | 000,083,456 | ---- | M] (Sobee) -- C:\Program Files\mozilla firefox\plugins\NPSobeeICFLauncherMOZ.dll
[2010/03/01 08:37:48 | 000,018,432 | ---- | M] (Sobee) -- C:\Program Files\mozilla firefox\plugins\NPSobeeICFLauncherMOZ36.dll
[2011/10/27 09:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2009/04/06 20:29:00 | 000,200,704 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2011/01/07 08:22:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/04/12 08:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/01/07 08:22:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/01/07 08:22:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/07/05 16:09:03 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2011/01/07 08:22:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/01/07 08:22:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/01/07 08:22:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Sobee.ICFLauncherIE.Launcher) - {95a0101d-f8f8-4063-9545-0edd223b7819} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKU\*****_ON_C\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\*****_ON_C..\Run: [Google Update] C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\*****_ON_C..\Run: [Spotify Web Helper] C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://www.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\*****_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/20 11:53:16 | 000,264,664 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\h2jzi7h.plz
[2013/10/18 10:10:50 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner
[2013/09/21 12:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(10)
[2013/09/21 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(11)
[2013/09/21 12:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(61)
[2013/06/12 06:52:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\qe7loqe.dat
[2013/06/12 06:52:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/20 14:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 14:25:21 | 277,482,642 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/20 14:23:35 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 14:23:35 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 14:19:40 | 095,025,368 | ---- | M] () -- C:\ProgramData\h7izj2h.pff
[2013/10/20 14:19:33 | 000,000,000 | ---- | M] () -- C:\ProgramData\h7izj2h.ctrl
[2013/10/20 13:17:18 | 001,593,856 | ---- | M] () -- C:\ProgramData\h7izj2h.fki
[2013/10/20 11:53:27 | 000,000,874 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7izj2h.lnk
[2013/10/20 11:53:16 | 000,264,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\h2jzi7h.plz
[2013/10/20 11:14:24 | 000,699,572 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/20 11:14:24 | 000,655,734 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/20 11:14:24 | 000,156,896 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/20 11:14:24 | 000,128,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/18 13:33:17 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA1ce82d78bb0d16b.job
[2013/10/18 08:33:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core1ce82d78b24604b.job
[2013/10/16 22:39:38 | 000,042,953 | ---- | M] () -- C:\Users\*****\Desktop\ste.JPG
[2013/10/16 21:44:40 | 000,000,216 | ---- | M] () -- C:\Users\*****\Desktop\Football Manager 2014.url
[2013/10/08 09:37:51 | 000,000,004 | ---- | M] () -- C:\Users\*****\AppData\Roaming\settings.ini
[2013/10/03 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/20 11:58:08 | 001,593,856 | ---- | C] () -- C:\ProgramData\h7izj2h.fki
[2013/10/20 11:53:27 | 000,000,874 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7izj2h.lnk
[2013/10/20 11:53:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\h7izj2h.ctrl
[2013/10/20 11:53:25 | 095,025,368 | ---- | C] () -- C:\ProgramData\h7izj2h.pff
[2013/10/16 22:39:34 | 000,042,953 | ---- | C] () -- C:\Users\*****\Desktop\ste.JPG
[2013/10/16 21:44:40 | 000,000,216 | ---- | C] () -- C:\Users\*****\Desktop\Football Manager 2014.url
[2013/10/08 09:37:11 | 000,000,004 | ---- | C] () -- C:\Users\*****\AppData\Roaming\settings.ini
[2013/09/14 12:45:53 | 000,181,113 | ---- | C] () -- C:\Users\*****\AppData\Local\7813e97f-519c-4e1c-8e0a-4aba8d383d10
[2013/06/12 07:18:45 | 000,001,152 | ---- | C] () -- C:\ProgramData\eqol7eq.js
[2013/06/12 06:52:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\eqol7eq.pad
[2012/07/09 11:08:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/30 19:13:57 | 000,000,912 | ---- | C] () -- C:\Users\*****\AppData\Roaming\EasyToolz.ini
[2010/12/27 18:51:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/10/09 14:26:07 | 000,001,356 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2010/10/09 14:19:21 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010/10/09 14:16:49 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/10 02:24:55 | 000,117,800 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/07/02 16:41:11 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/03/25 10:27:52 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010/03/25 10:27:51 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010/03/25 10:27:51 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010/01/26 14:25:46 | 000,280,376 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr_nav.dat
[2010/01/26 14:25:46 | 000,003,423 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr.dat
[2010/01/26 14:25:46 | 000,001,735 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr_navps.dat
[2009/09/24 08:20:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:20:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/02 10:06:56 | 000,000,088 | ---- | C] () -- C:\Users\*****\AppData\Local\bdaoknj.bat
[2009/02/03 10:33:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/03 10:33:43 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009/02/03 10:12:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/11/06 14:34:55 | 000,000,093 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2008/10/05 11:55:19 | 000,013,504 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2008/09/29 10:16:28 | 000,000,583 | ---- | C] () -- C:\Windows\eReg.dat
[2008/09/29 07:19:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/29 06:38:26 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/29 06:38:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/29 06:38:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/29 06:38:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/29 06:38:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/29 06:38:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/29 06:38:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/29 06:38:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/29 06:38:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/29 06:38:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/29 06:38:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/09/29 06:38:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/29 06:38:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/29 06:38:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/29 06:38:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/29 06:38:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/29 06:38:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/09/29 06:38:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/09/29 06:38:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/29 06:34:25 | 000,077,312 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/29 06:32:39 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/08/08 09:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/04 09:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 06:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/01/30 22:03:26 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/01/21 03:15:58 | 000,699,572 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,156,896 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,732,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,655,734 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,128,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2013/08/25 18:32:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2009/09/27 07:28:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BraCa_Soft
[2008/09/29 06:52:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service GmbH
[2011/05/31 01:19:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2012/10/29 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Das Fussball Studio
[2012/09/10 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2011/09/25 15:30:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/09/30 12:37:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EA
[2008/11/03 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EasyMangosHandler
[2012/11/07 08:44:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FMRTE13
[2009/09/02 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FunkyEmoticons
[2008/11/01 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRight
[2012/12/06 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2013/09/18 06:46:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010/02/01 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2012/08/10 08:28:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2009/04/08 06:07:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MobMapUpdater
[2012/04/29 14:41:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MotioninJoy
[2008/11/20 17:22:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2008/11/20 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NSeries
[2011/03/13 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\nswb
[2012/02/14 03:41:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2008/12/12 13:10:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2009/02/03 10:11:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2013/08/05 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2008/11/20 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2012/07/09 11:05:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC
[2010/02/28 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2008/11/28 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SecondLife
[2010/02/28 00:29:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2012/11/03 05:39:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sports Interactive
[2013/10/20 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify
[2011/09/06 10:44:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2010/02/28 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp
[2009/01/27 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2010/12/08 17:09:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2008/11/02 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2008/11/06 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Turbine
[2008/09/29 06:52:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2009/11/07 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2013/10/03 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/21 12:42:48 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(61)
[2012/05/15 15:05:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/05/15 21:04:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2008/09/29 06:52:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/05/31 01:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2012/10/29 12:42:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Das Fussball Studio
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/27 18:33:56 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2010/09/17 11:15:28 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/10/21 17:47:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/09/29 06:37:51 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/08/08 09:17:49 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2010/11/13 12:13:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2008/11/20 17:54:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/04/25 18:09:58 | 000,000,000 | ---D | M] -- C:\ProgramData\KONAMI
[2010/04/11 09:03:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2008/11/20 18:14:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2013/07/23 14:17:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2008/11/20 17:55:44 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/07/02 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/02/28 00:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2012/04/25 13:12:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/01/04 11:13:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/17 10:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/10/15 16:09:19 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/08/04 07:07:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/12/10 10:32:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/04 08:07:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/09/02 18:49:08 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/27 17:41:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/17 10:00:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/06/12 07:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2013/06/08 17:57:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core.job
[2013/06/11 14:57:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA.job
[2013/10/20 14:03:00 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal (1).mp4:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >

 

Themen zu Windows Vista: Bundespolizei-Virus!
ad-aware, antivirus, autorun, avast, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, helper, home, logfile, plug-in, realtek, registry, rundll, schannel.dll, searchsettings.dll, security, senden, software, spotify web helper, vista, windows


« externe Festplatte gescannt - Malwarebytes hat 4 Funde - pup.removewga | Windows 8: Befall mit Lyricxeeker »


Ähnliche Themen: Windows Vista: Bundespolizei-Virus!


  1. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  2. Windows XP: Sperrschirm nach Bundespolizei-Virus
    Log-Analyse und Auswertung - 02.02.2014 (9)
  3. Windows Vista - Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  4. Bundespolizei Virus - Windows Vista
    Log-Analyse und Auswertung - 13.11.2013 (11)
  5. Windows Vista: Fake-nachricht Bundespolizei - jetzt weißer Bildschirm beim hochfahren
    Log-Analyse und Auswertung - 07.08.2013 (15)
  6. Bundespolizei Virus / Windows 7 PC
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (29)
  7. GVU/Bundespolizei Trojaner - Windows Vista Home Version
    Log-Analyse und Auswertung - 15.10.2012 (3)
  8. Bundespolizei Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (25)
  9. Bundespolizei Virus - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. bundespolizei virus windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  11. AKM Virus Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (4)
  12. Windows System blockiert - Virus Windows Vista
    Log-Analyse und Auswertung - 17.02.2012 (13)
  13. Bundespolizei-Virus....OTL-logs im Anhang....windows.exe?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (3)
  14. Trojaner Bundespolizei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (6)
  15. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  16. Bundespolizei-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  17. Bundespolizei-Virus: Sicherung der Daten (Vista)
    Plagegeister aller Art und deren Bekämpfung - 29.07.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Vista: Bundespolizei-Virus! - Habe leider seit heute morgen den Bundespolizei-Virus auf dem Rechner. Abgesicherter Modus funktioniert nicht (fährt runter bzw. normal hoch kurz bevor der abgesicherte Modus kommt) und normal komme ich natürlich - Windows Vista: Bundespolizei-Virus!...
Archiv
Du betrachtest: Windows Vista: Bundespolizei-Virus! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131