Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2012, 23:51   #1
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Hallo liebe Retter,

ich habe mir durch Unachtsamkeit den BKA Screen eingefangen.
Nichts geht mehr, nur noch abgesicherter Modus im Win7 64 bit.

Habe nach der Anleitung "eröffnen Thema folgende Schritte gemacht:

1. Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop (CD/DVD-Emulatoren mit DeFogger deaktivieren).

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"....
......

2. Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Schliesse bitte nun alle Programme. (Wichtig)
Starte bitte die OTL.exe.
Klicke nun bitte auf den Quick Scan Button.
Wenn der Scan beendet wurde, werden 2 Textdokumente erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt in deinen Thread

OLT-Datei:

Code:
ATTFilter
OTL logfile created on: 31.07.2012 00:27:34 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Udoxxxxxx\Desktop\trojaner board
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,98% Memory free
8,00 Gb Paging File | 7,19 Gb Available in Paging File | 89,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,91 Gb Total Space | 46,85 Gb Free Space | 31,46% Space Free | Partition Type: NTFS
Drive D: | 160,77 Gb Total Space | 88,12 Gb Free Space | 54,81% Space Free | Partition Type: NTFS
Drive E: | 211,83 Gb Total Space | 40,91 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive G: | 181,52 Gb Total Space | 70,47 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive H: | 191,09 Gb Total Space | 1,22 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive M: | 1397,26 Gb Total Space | 28,87 Gb Free Space | 2,07% Space Free | Partition Type: NTFS
Drive N: | 1863,01 Gb Total Space | 556,45 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive W: | 0,27 Mb Total Space | 0,01 Mb Free Space | 2,55% Space Free | Partition Type: NTFS
Drive Y: | 29,83 Gb Total Space | 5,32 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive Z: | 48,83 Gb Total Space | 31,57 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
 
Computer Name: 7GAMER | User Name: Udoxxxxxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 00:25:51 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Udoxxxxxx\Desktop\trojaner board\OTL.exe
PRC - [2011.06.22 11:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 05:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.19 21:50:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 22:22:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 22:22:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.16 12:04:46 | 001,007,472 | ---- | M] () [Auto | Stopped] -- C:\Users\Udoxxxxxx\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011.11.14 00:42:54 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.11.14 00:42:52 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.11.13 22:49:40 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.11.11 13:59:30 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.02 15:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.02.19 22:21:19 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.12 06:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.02.22 19:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
SRV - [2004.06.14 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 22:22:39 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 22:22:39 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.05 21:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.11.14 00:43:36 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.11.14 00:42:40 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.11.14 00:42:12 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.11.13 22:33:56 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.11.13 22:33:56 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.11.10 05:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 04:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.08.08 15:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.13 00:48:56 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.02.19 23:03:45 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.02.19 22:21:20 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.02.19 22:21:18 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258)
DRV:64bit: - [2011.02.19 22:21:15 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.02.19 10:52:43 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.31 12:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.11.02 15:38:02 | 000,865,344 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2009.10.25 18:29:44 | 000,023,552 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2010\WNt500x64\sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 08:58:24 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.06 09:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009.04.06 09:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.04.23 13:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt)
DRV:64bit: - [2007.04.23 13:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007.04.23 13:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007.04.23 13:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007.04.23 13:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus)
DRV:64bit: - [2005.03.24 17:34:50 | 000,119,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2011.11.08 22:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.08.19 17:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.02.19 23:03:59 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.24 21:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 21:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:49:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Udoxxxxxx\AppData\Roaming\14001.006 [2012.07.28 21:28:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 21:50:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:49:38 | 000,000,000 | ---D | M]
 
[2011.02.19 15:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Udoxxxxxx\AppData\Roaming\mozilla\Extensions
[2012.07.19 21:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Udoxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\bal4x80q.default\extensions
[2012.06.13 20:42:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Udoxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\bal4x80q.default\extensions\foxmarks@kei.com
[2011.11.10 21:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.28 21:28:25 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\Udoxxxxxx\APPDATA\ROAMING\14001.006
[2012.07.19 21:50:31 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\Udoxxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BAL4X80Q.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.19 21:50:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.10 18:53:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 18:53:52 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.10 18:53:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.10.10 18:53:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 18:53:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 18:53:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.28 21:25:07 | 000,442,917 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	secure.tune-up.com
O1 - Hosts: 127.0.0.1       secure.tune-up.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [TerraTec Remote Control] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [hlRuESAqYEn6vel] C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe ()
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [MoneyAgent] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{090FB23F-476B-4527-AEFE-5561097C08CC}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{497A4B3C-DF71-4456-997E-FD17D04B4F75}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ff008e15-3c6b-11e0-a4a1-001fd09df48d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff008e15-3c6b-11e0-a4a1-001fd09df48d}\Shell\AutoRun\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 00:20:18 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\Desktop\trojaner board
[2012.07.30 22:03:22 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Roaming\Roaming
[2012.07.28 21:40:25 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Roaming\Pegasys Inc
[2012.07.28 21:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pegasys
[2012.07.28 21:28:25 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Roaming\14001.006
[2012.07.28 21:28:05 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Roaming\xmldm
[2012.07.28 21:28:03 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Roaming\kock
[2012.07.20 20:26:28 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\Desktop\DVDRIP
[2012.07.17 22:18:54 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\Desktop\Marius_mein Buch
[2012.07.11 22:09:44 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Local\ABBYY
[2012.07.11 22:09:23 | 000,050,456 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\SysNative\pxc40pma.dll
[2012.07.11 22:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY PDF Transformer 3.0
[2012.07.11 22:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0
[2012.07.11 22:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.07.09 22:28:46 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\Desktop\Archos
[2012.07.04 23:01:50 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\Desktop\Malle bilder
[2012.07.03 21:05:31 | 000,000,000 | ---D | C] -- C:\Users\Udoxxxxxx\AppData\Local\Macromedia
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Udoxxxxxx\AppData\Roaming\*.tmp files -> C:\Users\Udoxxxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 00:21:14 | 000,000,020 | ---- | M] () -- C:\Users\Udoxxxxxx\defogger_reenable
[2012.07.30 23:25:09 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.30 23:24:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 23:24:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.30 23:23:28 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 23:23:28 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 23:20:50 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.30 22:07:28 | 000,000,032 | ---- | M] () -- C:\Users\Udoxxxxxx\AppData\Roaming\urhtps.dat
[2012.07.30 22:03:16 | 000,213,359 | ---- | M] () -- C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe
[2012.07.30 21:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.29 00:06:30 | 000,001,189 | ---- | M] () -- C:\Users\Udoxxxxxx\AppData\Roaming\vso_ts_preview.xml
[2012.07.28 21:28:35 | 000,269,968 | ---- | M] () -- C:\Users\Udoxxxxxx\AppData\Roaming\AcroIEHelpe.dll
[2012.07.28 21:28:16 | 000,000,034 | ---- | M] () -- C:\Users\Udoxxxxxx\AppData\Roaming\blckdom.res
[2012.07.25 22:49:28 | 001,515,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.25 22:49:28 | 000,659,592 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.25 22:49:28 | 000,621,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.25 22:49:28 | 000,132,308 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.25 22:49:28 | 000,108,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.25 22:03:20 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.25 22:03:20 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.23 21:22:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2012.07.19 21:50:27 | 000,002,044 | ---- | M] () -- C:\Users\Udoxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.07.12 20:03:56 | 000,507,985 | ---- | M] () -- C:\Users\Udoxxxxxx\Desktop\pkk-aendern-postpaid.pdf
[2012.07.08 22:34:06 | 002,209,319 | ---- | M] () -- C:\Users\Udoxxxxxx\Documents\Veranstaltungstipps in und um Hamburg.pdf
[2012.07.05 22:06:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Udoxxxxxx\AppData\Roaming\*.tmp files -> C:\Users\Udoxxxxxx\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.31 00:21:13 | 000,000,020 | ---- | C] () -- C:\Users\Udoxxxxxx\defogger_reenable
[2012.07.30 23:25:09 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.30 22:03:18 | 000,213,359 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe
[2012.07.29 12:31:00 | 000,000,032 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Roaming\urhtps.dat
[2012.07.28 21:28:35 | 000,269,968 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Roaming\AcroIEHelpe.dll
[2012.07.28 21:28:16 | 000,000,034 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Roaming\blckdom.res
[2012.07.23 21:22:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2012.07.12 20:03:54 | 000,507,985 | ---- | C] () -- C:\Users\Udoxxxxxx\Desktop\pkk-aendern-postpaid.pdf
[2012.07.08 22:34:13 | 002,209,319 | ---- | C] () -- C:\Users\Udoxxxxxx\Documents\Veranstaltungstipps in und um Hamburg.pdf
[2012.07.05 22:06:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.06.15 22:17:33 | 000,000,218 | ---- | C] () -- C:\Users\Udoxxxxxx\.recently-used.xbel
[2012.06.15 00:01:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.06.12 23:47:01 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.28 11:03:10 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2012.05.18 07:32:35 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012.05.18 07:32:35 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012.05.18 07:32:35 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012.05.18 07:32:35 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012.05.18 07:32:35 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2012.04.14 16:49:22 | 000,004,608 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.22 21:28:52 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.02.06 21:56:09 | 012,177,408 | ---- | C] () -- C:\ProgramData\sandra.mda
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.25 21:53:42 | 000,000,115 | ---- | C] () -- C:\Windows\RelictEPG.INI
[2011.12.22 22:38:46 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI
[2011.12.22 22:37:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011.11.13 22:52:40 | 000,017,408 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Local\WebpageIcons.db
[2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.27 23:11:16 | 000,001,189 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Roaming\vso_ts_preview.xml
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.04 23:44:24 | 001,535,498 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.24 22:17:01 | 000,007,608 | ---- | C] () -- C:\Users\Udoxxxxxx\AppData\Local\Resmon.ResmonCfg
[2011.04.24 21:31:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.23 22:04:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.23 22:04:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.03.19 22:41:37 | 000,000,300 | ---- | C] () -- C:\Windows\WINCMD.INI
[2011.02.19 23:42:04 | 000,000,888 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.02.19 23:42:04 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.02.19 23:41:46 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2011.02.19 23:41:37 | 000,000,469 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.02.19 23:41:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.02.19 23:40:31 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011.02.19 23:40:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.02.19 23:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.02.19 19:27:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.19 15:17:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2012.07.28 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\14001.006
[2011.02.19 23:36:24 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Acronis
[2011.03.19 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\cpuid
[2011.02.20 01:22:35 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.07.24 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\FileZilla
[2011.05.25 23:25:50 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Foxit Software
[2012.03.28 23:25:00 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\FRITZ!
[2012.03.09 23:54:29 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\GoPal Assistant
[2011.07.25 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\GrabPro
[2011.07.12 20:21:57 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\gtk-2.0
[2012.03.11 02:14:36 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\HateML
[2011.02.19 20:41:52 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\HEXelon
[2012.06.15 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\inkscape
[2012.07.28 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\kock
[2011.10.17 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Leadertech
[2011.04.24 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Leawo
[2011.03.19 23:12:51 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\LockHunter
[2012.03.11 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Mikogo 4
[2011.04.24 21:32:54 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Moyea
[2011.06.19 01:57:08 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\MyPhoneExplorer
[2012.07.23 23:53:58 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Orbit
[2012.03.28 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\PC-FAX TX
[2012.07.28 21:40:25 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Pegasys Inc
[2011.07.25 22:33:22 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\ProgSense
[2011.06.19 15:30:41 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\RavensburgerTipToi
[2012.07.30 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Roaming
[2012.04.10 23:09:06 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Samsung
[2012.05.28 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\SAP
[2011.02.19 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\SumatraPDF
[2012.03.12 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\TeamViewer
[2012.06.05 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Temp
[2012.01.26 00:45:06 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\TerraTec
[2011.12.14 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\TuneUp Software
[2011.12.11 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\TuneUp Software-BackupByTuneUpPortable
[2012.05.23 15:52:32 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\uTorrent
[2012.07.29 00:06:30 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Vso
[2011.03.05 14:43:05 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\WinAVI
[2012.06.09 15:22:09 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\WindSolutions
[2011.04.24 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\Xilisoft
[2012.07.30 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\xmldm
[2012.02.25 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Udoxxxxxx\AppData\Roaming\XnView
[2012.07.30 23:25:09 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.07 21:25:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras-Datei:

Code:
ATTFilter
OTL Extras logfile created on: 31.07.2012 00:27:34 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Udoxxxxxx\Desktop\trojaner board
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,98% Memory free
8,00 Gb Paging File | 7,19 Gb Available in Paging File | 89,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,91 Gb Total Space | 46,85 Gb Free Space | 31,46% Space Free | Partition Type: NTFS
Drive D: | 160,77 Gb Total Space | 88,12 Gb Free Space | 54,81% Space Free | Partition Type: NTFS
Drive E: | 211,83 Gb Total Space | 40,91 Gb Free Space | 19,31% Space Free | Partition Type: NTFS
Drive G: | 181,52 Gb Total Space | 70,47 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive H: | 191,09 Gb Total Space | 1,22 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive M: | 1397,26 Gb Total Space | 28,87 Gb Free Space | 2,07% Space Free | Partition Type: NTFS
Drive N: | 1863,01 Gb Total Space | 556,45 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive W: | 0,27 Mb Total Space | 0,01 Mb Free Space | 2,55% Space Free | Partition Type: NTFS
Drive Y: | 29,83 Gb Total Space | 5,32 Gb Free Space | 17,84% Space Free | Partition Type: NTFS
Drive Z: | 48,83 Gb Total Space | 31,57 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
 
Computer Name: 7GAMER | User Name: Udoxxxxxx | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2492135271-2406455883-830153439-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ADDB303-AE45-46CE-B667-78AFDE4213CE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B9DD34E-FBD0-4234-AF23-CA5CE4C423C8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E179027-76D0-4C68-A128-DA977DB781AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2AED3752-653C-45B0-A17E-361F55564B21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3CAAE8EB-3189-4881-9A97-D539C9262C03}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5BB7CFCA-6D5B-4D70-8C77-5758CA067CAC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6AAEE11B-9A57-43AE-9143-1D603DEB0B37}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8F501E67-7E85-4AB9-ACDF-7BB7E2C1CB4A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A32ADC9F-D624-407B-84E0-251212E22BBF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AF0EFF0E-E6D9-489C-8B52-6402765AE64B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B8C4A30E-8897-459C-BFAB-0169314AA640}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CBBB140F-9E4E-4EA8-B44B-19E68C72EDC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16894654-C3CF-43B4-A731-2D014E6A96A0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{20D73FB6-FAD0-4DDA-99C5-53B59768F6A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{269BF5F1-7E92-420E-877D-FCD7FFD87E38}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{293AD216-35E5-49F5-9525-76082B45D8A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7729EC77-75DC-403F-8DCB-32C1A6F9F46C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7B1D8541-72CB-46F2-9F93-10C824718C6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{816D0F61-E939-4F6E-9A3C-F4263470E890}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9D93AC63-FEF7-45AD-8294-7CBE020BA4E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9DFBFDEF-0AAA-467B-9FAC-575D30F0E9D2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B72183E1-32D1-427B-AEBD-830371C91531}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BB46B333-7B8A-4F80-A427-A1F1B82F7A40}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C3234BD2-2573-4B3D-9A36-22AFD1CFFDE9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CF6DD76C-CCD0-4C2D-90F4-CF9A72905E75}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E3290670-DCD9-4D71-A7A4-340F1129AACF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F09E28F5-B476-4CBA-A6D5-A1D011BF3B38}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FCF77D0A-D844-4424-BAF0-21FA079C1CE9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF7953B9-2A18-457C-AB09-CDB91F594013}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{26CC580B-4BD8-4043-BE9D-16E5A85022AC}C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"TCP Query User{27B74EB3-62F6-4739-842D-69F2912DC396}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{5B2F725F-6D81-46C1-908D-74EF6D0B418B}C:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\sapinst.exe" = protocol=6 | dir=in | app=c:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\sapinst.exe | 
"TCP Query User{CAB7471A-B9D3-4288-832A-C49B6A9BD8C3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F2A2894E-C8AA-4C87-88AC-2A6CF4E1E2DD}C:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\jre\bin\java.exe | 
"TCP Query User{F593E7A7-D49A-4251-A5A5-48319DDF445C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{0A99A289-F958-416B-8A02-A1158A509AC8}C:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\jre\bin\java.exe | 
"UDP Query User{1437E5C6-D12A-4E72-BCB7-4A9AB2164884}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{1F77A8F7-33AD-4B79-8A82-6F5E0641604A}C:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"UDP Query User{7412411D-B6A2-4FE2-8562-FC9D44DB6626}C:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\sapinst.exe" = protocol=17 | dir=in | app=c:\users\Udoxxxxxx\appdata\local\temp\sapinst_exe.3080.1336855925\sapinst.exe | 
"UDP Query User{85250C70-0809-4B87-8632-16AB4D0159EA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B7DBD5F9-FC77-406A-A1B6-8726E492AAE1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{23170F69-40C1-2702-0909-000001000000}" = 7-Zip 9.09 (x64 edition)
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}" = BOINC
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Home 2010
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.30
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E73284F-4184-4D0C-9517-FB7D01F33BCC}" = Theme Generator Smartphone
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" =  Leawo AVI Converter version  3.1.0.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A3021ECE-1567-4B54-9C22-5F654C04A858}" = Samsung Mobile Firmware Downloader Lite
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite MFC-425CN
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE9F9FBC-5253-46D2-9883-09E55003D794}" = TechniSat DVB-PC TV Star
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.10.348
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Assistant" = Assistant 5.05.013
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Bink and Smacker" = Bink and Smacker
"Boot-US" = Boot-US
"Call of Duty: Modern Warfare 3 Full-Rip_is1" = Call of Duty Modern Warfare 3
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"CloneDVD2" = CloneDVD2
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fast CD Ripper_is1" = Fast CD Ripper version 2.0
"FormatFactory" = FormatFactory 2.95
"Foxit Reader" = Foxit Reader
"Game Booster_is1" = Game Booster
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Medion GoPal Assistant" = Medion GoPal Assistant 4.00.0047
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSMONEYV80" = Microsoft Money 2000
"Nano" = Nano 1.1.1
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PRJPRO" = Microsoft Office Project Professional 2007
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAPGUI710" = SAP GUI for Windows 7.20
"SYBEX Lexikon der 1000 Motorräder_is1" = SYBEX Lexikon der 1000 Motorräder
"Synergy" = Synergy
"TC UP" = Total Commander Ultima Prime 5.3.0.0
"VLC media player" = VLC media player 1.1.10
"VMware_Player" = VMware Player
"WinAVI Video Converter" = WinAVI Video Converter
"winscp3_is1" = WinSCP 4.3.8
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2492135271-2406455883-830153439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f58f3889281ea80b" = ContainerEx Decrypter
"Mikogo 4" = Mikogo 4
"MyFreeCodec" = MyFreeCodec
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2012 15:31:05 | Computer Name = 7Gamer | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 09.07.2012 15:18:17 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition:
 NFD,type="win32",version="5.0.0.0".  Verwenden Sie das Programm "sxstrace.exe" für
 eine detaillierte Diagnose.
 
Error - 09.07.2012 15:18:17 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 12.07.2012 14:03:36 | Computer Name = 7Gamer | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12cc    Startzeit:
 01cd605730ff68bf    Endzeit: 25    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 e521dabd-cc4b-11e1-b579-005056c00008  
 
Error - 12.07.2012 14:28:05 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition:
 NFD,type="win32",version="5.0.0.0".  Verwenden Sie das Programm "sxstrace.exe" für
 eine detaillierte Diagnose.
 
Error - 12.07.2012 14:28:05 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 14.07.2012 18:46:58 | Computer Name = 7Gamer | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 16.07.2012 17:58:25 | Computer Name = 7Gamer | Source = Application Hang | ID = 1002
Description = Programm orbitdm.exe, Version 4.1.0.2 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 578    Startzeit: 
01cd638cd6e36e96    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

Berichts-ID:
 5bc0e772-cf91-11e1-a727-005056c00008  
 
Error - 21.07.2012 17:13:45 | Computer Name = 7Gamer | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 28.07.2012 14:01:34 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition:
 NFD,type="win32",version="5.0.0.0".  Verwenden Sie das Programm "sxstrace.exe" für
 eine detaillierte Diagnose.
 
Error - 28.07.2012 14:01:34 | Computer Name = 7Gamer | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
[ System Events ]
Error - 30.07.2012 18:21:59 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:24:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:24:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:24:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:29:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:29:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:29:07 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:31:13 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:31:13 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 30.07.2012 18:31:13 | Computer Name = 7Gamer | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

3. Malwarebytes - fullscan

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.10

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Udoxxxxx ::  [Administrator]

30.07.2012 23:29:25
mbam-log-2012-07-31 (00-22-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402010
Laufzeit: 44 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hlRuESAqYEn6vel (Exploit.Drop.COD) -> Daten: C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt.
C:\Users\Udoxxxxxx\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Udoxxxxxx\AppData\Local\Temp\deo0_sar.exe (Exploit.Drop.COD) -> Keine Aktion durchgeführt.
C:\Users\Udoxxxxxx\AppData\Local\Temp\is-8H2LR.tmp\bi.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
C:\Users\Udoxxxxxx\Desktop\USB Windows\Windowscd\WPI\Install\Tools\Unlocker\unlocker.exe (Adware.Clicker) -> Keine Aktion durchgeführt.
C:\Users\Udoxxxxxx\Desktop\USB Windows\Windowscd\WPI\Install\Voice\Ventrilo\2.1.4\ventrilo214.exe (Trojan.Dropper) -> Keine Aktion durchgeführt.

(Ende)
         
Wie gesagt, es geht nur noch im abgesicherten Modus.

ICh habe ein ige Threads ghelesen, aber nicht wirklich verstanden und ableiten können für mein Problem.

Bitte helft mir.

Vielen Dank und Grüße
Udo

Hallo liebes Forum,

habe ich etwas nicht verstanden?
Was ist falsch?
Kann mir keiner helfen?

Vielen Dank und Grüße

Udo

Alt 31.07.2012, 11:55   #2
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2492135271-2406455883-830153439-1000..\Run: [hlRuESAqYEn6vel] C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe ()
 :Files
C:\Users\Udoxxxxxx\AppData\Roaming\EHeO58kG.exe
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
__________________

__________________

Alt 31.07.2012, 12:04   #3
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Vielen Dank,

ich were es zu Huase gleich ausprobieren....

Bis nachher und Grüße

Udo
__________________

Alt 31.07.2012, 12:15   #4
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



bitte unterlasse solche zwischenposts, da wir das forum so eingestellt haben, das alle weiteren antworten an diesen angehängt werden muss ich sonst immer unnötigerweise hier rein gucken :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 21:14   #5
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



moin markusg,
der upload hat funktioniert.

Die Schriite sind durchgeführt und der Rechner ist wieder zu bedienen.

Bis hierher erstmal Danke


Alt 31.07.2012, 21:39   #6
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



ok ich hab ihn.
danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus

Alt 31.07.2012, 22:16   #7
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Guten Abend,

anbei der Inhalt von Combofix.

Code:
ATTFilter
ComboFix 12-07-30.03 - Udoxxxxxx 31.07.2012  22:59:27.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.4094.1715 [GMT 2:00]
ausgeführt von:: c:\users\Udoxxxxxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hosts
c:\programdata\xml2665.tmp
c:\programdata\xml2D29.tmp
c:\programdata\xml2DE5.tmp
c:\programdata\xml4231.tmp
c:\users\UDOXXX~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Udoxxxxxx\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Udoxxxxxx\AppData\Roaming\AcroIEHelpe.txt
c:\users\Udoxxxxxx\AppData\Roaming\Help\coredb\storage
c:\users\Udoxxxxxx\AppData\Roaming\Roaming
c:\users\Udoxxxxxx\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#schnueffelbande2.com\settings.sol
c:\users\Udoxxxxxx\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\users\Udoxxxxxx\AppData\Roaming\srvblck5.tmp
c:\users\Udoxxxxxx\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-28 bis 2012-07-31  ))))))))))))))))))))))))))))))
.
.
2012-07-31 21:04 . 2012-07-31 21:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-31 20:48 . 2012-07-31 20:48	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Local\Secunia PSI
2012-07-31 20:48 . 2012-07-31 20:48	--------	d-----w-	c:\program files (x86)\Secunia
2012-07-31 20:38 . 2012-07-31 20:38	--------	d-----w-	c:\programdata\Panda Security
2012-07-31 20:37 . 2012-07-31 20:37	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2012-07-31 20:33 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-07-31 20:33 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-07-31 20:33 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-07-31 20:33 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-07-31 20:33 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-07-31 20:33 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-07-31 20:33 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-07-31 20:32 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-07-31 20:32 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-07-31 20:00 . 2012-07-31 20:11	--------	d-----w-	C:\_OTL
2012-07-28 19:40 . 2012-07-28 19:40	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Roaming\Pegasys Inc
2012-07-28 19:36 . 2012-07-28 19:36	--------	d-----w-	c:\program files (x86)\Pegasys
2012-07-28 19:28 . 2012-07-28 19:28	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Roaming\14001.006
2012-07-28 19:28 . 2012-07-30 19:16	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Roaming\xmldm
2012-07-28 19:28 . 2012-07-28 19:28	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Roaming\kock
2012-07-11 20:09 . 2012-07-11 20:09	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Local\ABBYY
2012-07-11 20:09 . 2009-11-09 02:01	50456	----a-w-	c:\windows\system32\pxc40pma.dll
2012-07-11 20:05 . 2012-07-31 20:37	--------	d-----w-	c:\program files (x86)\ABBYY PDF Transformer 3.0
2012-07-11 20:05 . 2012-07-11 20:05	--------	d-----w-	c:\programdata\ABBYY
2012-07-03 19:05 . 2012-07-03 19:05	--------	d-----w-	c:\users\Udoxxxxxx\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 19:09 . 2012-03-30 10:50	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 19:09 . 2011-05-26 17:13	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-03-07 22:44	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-09 20:22 . 2011-10-19 21:47	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-09 20:22 . 2011-10-19 21:47	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2006-05-03 09:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-04-19 1710664]
"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [1999-08-03 122944]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-12-16 220744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"RemoteControl11"=c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R1 VD_FileDisk;VD_FileDisk; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RTCore64;RTCore64;f:\usb-sicherung\CPU_TOOLS_BIOS\RAM_INFO\RTCore64.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2010\RpcAgentSrv.exe [2009-08-24 93336]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-10-03 117040]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-19 834544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-02-19 69376]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2011-02-19 1477728]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-19 2480048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 M4-Service;M4-Service;c:\users\Udoxxxxxx\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe [2011-11-11 1510720]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-02-19 251488]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-04-30 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-04-30 15128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 17:40]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"TerraTec Remote Control"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-04-19 1710664]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-04-04 5853872]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2012-04-04 70832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Udoxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\bal4x80q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Boot-US - c:\windows\system32\GKSUI20.EXE
AddRemove-WinSetupFromUSB - c:\winsetupfromusb\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2492135271-2406455883-830153439-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T*r*a*u*Á*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2492135271-2406455883-830153439-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T*r*a*u*è*˜Q\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2492135271-2406455883-830153439-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*T*r*a*u*ÝÉ÷T\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\brsvc01a.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\brss01a.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\users\Udoxxxxxx\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-31  23:15:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-31 21:15
.
Vor Suchlauf: 18 Verzeichnis(se), 48.877.719.552 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 48.200.896.512 Bytes frei
.
- - End Of File - - C4189A44735E8F481B0BB5D9AD0BAB77
         
Grüße Udo

Alt 01.08.2012, 19:02   #8
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 01.08.2012, 20:45   #9
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Moin Moin markusg,

anbei die Programmliste:
Code:
ATTFilter
7-Zip 9.09 (x64 edition)	Igor Pavlov	19.02.2011	4,27MB	9.09.00.0	notwendig
ABBYY PDF Transformer 3.0	ABBYY	11.07.2012		3.00.317.68010	notwendig
Acronis*Disk Director Suite	Acronis	11.07.2011	64,2MB	10.0.2160	notwendig
Acronis*True*Image*Home	Acronis	19.02.2011	152MB	13.0.6053	notwendig
Ad-Aware	Lavasoft	19.02.2011			notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	17.07.2012	6,00MB	11.3.300.265	notwendig
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	28.05.2012	167MB	10.01.2003	notwendig
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	01.05.2012	26,2MB	3.0.868.0	notwendig
AnyDVD	SlySoft	22.02.2012		6.8.8.0	notwendig
Apple Application Support	Apple Inc.	07.06.2012	61,2MB	02.01.2006	notwendig
Apple Mobile Device Support	Apple Inc.	07.06.2012	24,8MB	4.0.0.97	notwendig
Apple Software Update	Apple Inc.	08.06.2012	2,38MB	2.1.3.127	notwendig
Assistant 5.05.013	Medion	09.03.2012		5.5.13.0	notwendig
Audiograbber 1.83 SE	Audiograbber Deutschland	12.06.2012		1.83 SE	notwendig
Avira Free Antivirus	Avira	09.05.2012	104MB	12.0.0.1125	notwendig
AVS Update Manager 1.0	Online Media Technologies Ltd.	24.04.2011			notwendig
AVS Video Converter 7	Online Media Technologies Ltd.	24.04.2011			notwendig
AVS4YOU Software Navigator 1.4	Online Media Technologies Ltd.	24.04.2011			notwendig
Bink and Smacker		06.03.2011			notwendig
BOINC	Space Sciences Laboratory, U.C. Berkeley	20.04.2012	20,4MB	7.0.25	notwendig
Bonjour	Apple Inc.	05.06.2012	2,00MB	3.0.0.10	notwendig
Boot-US	ustraub	22.12.2011		02.01.2008	notwendig
Brother MFL-Pro Suite MFC-425CN	Brother Industries, Ltd.	19.02.2011		1.0.1.0	notwendig
Call of Duty Modern Warfare 3		07.12.2011		1.0.0	notwendig
CCleaner	Piriform	24.07.2012		Mrz 21	notwendig
Cinergy T USB XXS V2.03.03.29		25.01.2012		2.03.03.29	notwendig
CloneDVD2	Elaborate Bytes	22.02.2012		2.9.3.0	notwendig
Cole2k Media - Codec Pack (Advanced) 7.9.0	Cole2k Media	19.02.2011			notwendig
Combined Community Codec Pack 2009-09-09	CCCP Project	19.02.2011		2009.09.09.0	notwendig
ContainerEx Decrypter	ContainerEx	20.06.2011		1.0.1.57	unnötig
ConvertXtoDVD 4.1.10.348		27.09.2011	68,1MB	4.1.10.348	notwendig
DAEMON Tools Toolbar	DT Soft Ltd	19.02.2011		1.1.0.0283	notwendig
DivX-Setup	DivX, LLC	24.04.2011		2.2.0.24	notwendig
DVD Shrink 3.2	DVD Shrink	22.02.2012			notwendig
Fast CD Ripper version 2.0	Fast CD Ripper	15.06.2012	4,39MB	2.0	notwendig
FormatFactory 2.95	Free Time	14.06.2012		Feb 95	notwendig
Foxit Reader	Foxit Corporation	25.05.2011	11,5MB	4.3.1.323	notwendig
FreeOCR 3.0	Free OCR	28.05.2012		3.0	notwendig
Game Booster	IObit	19.02.2011	3,02MB	1.3.1.80	unnötig
Google Earth Plug-in	Google	18.11.2011	40,8MB	6.1.0.5001	notwendig
Gordon's Gate Flash Driver 2.2.0.5	Sony Ericsson Mobile Communications	19.06.2011		2.2.0.5	notwendig
HP USB Disk Storage Format Tool		13.11.2011			notwendig
iTunes	Apple Inc.	08.06.2012	172MB	10.5.3.3	notwendig
Java(TM) 6 Update 24	Oracle	19.02.2011	94,9MB	6.0.240	notwendig
Java(TM) 7 Update 4	Oracle	09.05.2012	99,3MB	7.0.40	notwendig
JavaFX 2.1.0	Oracle Corporation	09.05.2012	20,8MB	02.01.2000	notwendig
JDownloader	AppWork UG (haftungsbeschränkt)	20.02.2011			notwendig
K-Lite Codec Pack 6.5.0 (Basic)		24.04.2011	18,5MB	06.05.2000	notwendig
Leawo AVI Converter version  3.1.0.0		24.04.2011			notwendig
LockHunter version 1.0 beta 3, 64 bit edition	Crystal Rich, Ltd	19.03.2011			notwendig
Logitech SetPoint 6.30	Logitech	17.10.2011	39,0MB	6.30.43	notwendig
Magic ISO Maker v5.4 (build 0239)		23.10.2011			notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300	Malwarebytes Corporation	30.07.2012	18,7MB	1.62.0.1300	notwendig
Medion GoPal Assistant 4.00.0047	Medion	25.03.2012		4.0.47.0	notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	14.04.2012	38,8MB	4.0.30320	notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	14.04.2012	2,93MB	4.0.30320	notwendig
Microsoft Money 2000		08.03.2012			notwendig
Microsoft Office Enterprise 2007	Microsoft Corporation	20.02.2011		12.0.6425.1000	notwendig
Microsoft Office Project Professional 2007	Microsoft Corporation	11.04.2012		12.0.6425.1000	notwendig
Microsoft redistributable runtime DLLs VS2005 SP1(x86)	SAP	18.05.2012	5,79MB	8.0.50727.4053	notwendig
Microsoft redistributable runtime DLLs VS2008 SP1(x86)	SAP AG	18.05.2012	4,62MB	9.0	notwendig
Microsoft Silverlight	Microsoft Corporation	09.05.2012	50,6MB	5.1.10411.0	notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.01.2012	2,69MB	8.0.59193	notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	28.03.2012	3,85MB	8.0.56336	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729	Microsoft Corporation	25.10.2011	782KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	19.02.2011	788KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	28.11.2011	782KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	24.04.2011	1,37MB	9.0.21022	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.02.2011	232KB	9.0.30729	notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.02.2011	596KB	9.0.30729.4148	notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	23.11.2011	13,6MB	10.0.30319	notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	19.10.2011	11,1MB	10.0.40219	notwendig
Microsoft Visual C++ Run Time  Lib Setup	Microsoft	24.04.2011	1,77MB	1.0.0	notwendig
Mikogo 4	BeamYourScreen GmbH	28.02.2012		04. Apr	notwendig
Mozilla Firefox 14.0.1 (x86 de)	Mozilla	19.07.2012	55,9MB	14.0.1	notwendig
Mozilla Maintenance Service	Mozilla	19.07.2012	309KB	14.0.1	notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	18.05.2012	36,7MB	4.20.9870.0	notwendig
MyFreeCodec		14.04.2012			notwendig
MyPhoneExplorer	F.J. Wechselberger	18.06.2011		01.08.2001	notwendig
Nano 1.1.1		14.06.2012		01.01.2001	notwendig
Nero 10 ClipartPack	Nero AG	23.02.2011	26,5MB	10.2.10000.11.0	notwendig
Nero 10 Menu TemplatePack 1	Nero AG	23.02.2011	59,7MB	10.2.10000.0.0	notwendig
Nero 10 Menu TemplatePack 2	Nero AG	23.02.2011	182MB	10.2.10000.0.0	notwendig
Nero 10 Menu TemplatePack 3	Nero AG	23.02.2011	241MB	10.2.10000.0.0	notwendig
Nero 10 Movie ThemePack 1	Nero AG	23.02.2011	51,2MB	10.2.10000.11.0	notwendig
Nero 10 Movie ThemePack 2	Nero AG	23.02.2011	313MB	10.2.10000.12.0	notwendig
Nero 10 Movie ThemePack 3	Nero AG	23.02.2011	167MB	10.2.10000.0.0	notwendig
Nero 10 Movie ThemePack 4	Nero AG	23.02.2011	100MB	10.2.10000.11.0	notwendig
Nero 10 PiP EffectPack 1	Nero AG	23.02.2011	73,9MB	10.2.10000.0.0	notwendig
Nero 10 Sample ImagePack	Nero AG	23.02.2011	5,85MB	10.2.10000.11.0	notwendig
Nero 10 Sample Videos	Nero AG	23.02.2011	42,0MB	10.2.10000.11.0	notwendig
Nero 10 Video TransitionPack 1	Nero AG	23.02.2011	32,6MB	10.2.10000.0.0	notwendig
Nero Burning ROM 10	Nero AG	23.02.2011	167MB	10.2.10500.7.100	notwendig
Nero CoverDesigner 10	Nero AG	23.02.2011	77,2MB	5.2.10400.4.100	notwendig
Nero DiscSpeed 10	Nero AG	23.02.2011	7,20MB	6.2.10200.0.100	notwendig
Nero InfoTool 10	Nero AG	23.02.2011	8,07MB	7.2.10200.4.100	notwendig
Nero Multimedia Suite 10 Platinum HD	Nero AG	23.02.2011	2,01GB	10.5.10000	notwendig
Nero Recode 10	Nero AG	23.02.2011	92,2MB	4.8.10400.3.100	notwendig
Nero RescueAgent 10	Nero AG	23.02.2011	6,49MB	3.2.10300.3.100	notwendig
Nero SoundTrax 10	Nero AG	23.02.2011	95,0MB	4.8.10200.1.100	notwendig
Nero Update	Nero AG	23.02.2011	1,43MB	1.0.0018	notwendig
Nero Vision 10	Nero AG	23.02.2011	223MB	7.2.14000.4.100	notwendig
Nero WaveEditor 10	Nero AG	23.02.2011	75,9MB	5.8.10200.1.100	notwendig
OpenAL		25.10.2011			unbekannt
Oracle VM VirtualBox 4.1.6	Oracle Corporation	28.11.2011	441MB	04.01.2006	notwendig
Orbit Downloader	www.orbitdownloader.com	25.07.2011			notwendig
Paint.NET v3.5.8	dotPDN LLC	13.04.2011	10,4MB	3.58.0	notwendig
Panda USB Vaccine 1.0.1.4	Panda Security	31.07.2012			notwendig
PDF24 Creator 4.1.2	PDF24.org	01.02.2012	33,9MB		notwendig
Rapture3D 2.4.9 Game	Blue Ripple Sound	03.10.2011			notwendig
RealPlayer	RealNetworks	24.04.2011			notwendig
SAMSUNG CDMA Modem Driver Set		20.07.2011			notwendig
Samsung Kies	Samsung Electronics Co., Ltd.	10.04.2012	207MB	2.3.0.12035_16	notwendig
Samsung Mobile Firmware Downloader Lite	Quattro Formaggi	11.04.2012	280KB	1.0.0	notwendig
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	10.04.2012	42,9MB	1.5.4.0	notwendig
SAP GUI for Windows 7.20	SAP	18.05.2012		7.20 Compilation 3	notwendig
SDFormatter	SD Association	10.07.2011	1,20MB	3.0.0	notwendig
Secunia PSI (3.0.0.3001)	Secunia	31.07.2012	5,77MB	3.0.0.3001	notwendig
SiSoftware Sandra Professional Home 2010	SiSoftware	06.02.2012	72,9MB	16.11.2010.1	notwendig
Spybot - Search & Destroy	Safer Networking Limited	19.02.2011		01.06.2002	notwendig
SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48	eRightSoft	24.04.2011	39,4MB	v2011.build.48	notwendig
SYBEX Lexikon der 1000 Motorräder	SYBEX GmbH	25.02.2012			notwendig
Synergy	The Synergy Project	09.08.2011		01.03.2007	notwendig
TechniSat DVB-PC TV Star	TechniSat	02.07.2011		1.0.0	notwendig
TerraTec Home Cinema		25.01.2012		6.22.0	notwendig
Theme Generator Smartphone	Microsoft	10.05.2012	1,20MB	1.00.110	notwendig
Total Commander Ultima Prime 5.3.0.0	ULTIMA PRIME	19.02.2011		5.3.0.0	notwendig
UltraVnc	uvnc bvba	19.11.2011	3,29MB	1.0.9.6.1	notwendig
VLC media player 1.1.10	VideoLAN	02.07.2011		01.01.2010	notwendig
VMware Player	VMware, Inc	08.02.2012	390MB	4.0.1.27038	notwendig
WinAVI Video Converter	ZJMedia Digital Technology Ltd.	05.03.2011	44,4MB	11.0.0.3995	notwendig
Windows 7 USB/DVD Download Tool	Microsoft Corporation	26.07.2011	2,71MB	1.0.30	notwendig
Windows Media Player Firefox Plugin	Microsoft Corp	14.03.2011	296KB	1.0.0.8	notwendig
Windows Mobile Device Center	Microsoft Corporation	21.06.2011	27,4MB	6.1.6965.0	notwendig
Windows XP Mode	Microsoft Corporation	04.07.2011	1,13GB	1.3.7600.16422	notwendig
WinRAR		28.02.2011			notwendig
WinSCP 4.3.8	Martin Prikryl	09.06.2012	8,83MB	04.03.2008	notwendig
Zattoo4 4.0.5	Zattoo Inc.	13.11.2011		4.0.5	notwendig
         
Vielen Dank und Grüße Udo

Alt 01.08.2012, 21:57   #10
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
ContainerEx
Game Booster
Java(TM) 6 Update 24
Spybot verzichte drauf, bringt nichts.

öffne ccleaner, analysieren starten.
öffne otl, cleanup pc startet neu testen wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 23:29   #11
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Guten Abend,

ich habe alles nochmal auf den letzten Stand gebracht.

Malwarebytes nochmal drüber....

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Udoxxxxxx ::  [Administrator]

02.08.2012 21:34:01
mbam-log-2012-08-02 (21-34-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411529
Laufzeit: 1 Stunde(n), 26 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Udoxxxxxx\Desktop\USB Windows\Windowscd\WPI\Install\Tools\Unlocker\unlocker.exe (Adware.Clicker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Udoxxxxxx\Desktop\USB Windows\Windowscd\WPI\Install\Voice\Ventrilo\2.1.4\ventrilo214.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
PC läuft wieder gut und es funktioniert soweit wieder alles.

Der PC-Start dauert jetzt länger und ich würde sagen er ist ein wenig träger geworden.

Vielen Dank und Grüße Udo

Alt 04.08.2012, 18:11   #12
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



ok öffne mal ccleaner, extras, autostart liste und poste diese.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.08.2012, 23:23   #13
udoxxxxxx
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



Moin Moin,
ich musste am WE arbeiten und hatte wenig Zeit.

anbei die Startliste:

Code:
ATTFilter
Ja	HKCU:Run	KiesPDLR		C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Ja	HKCU:Run	MoneyAgent	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"
Ja	HKCU:Run	Remote Control Editor	Elgato Systems	"C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
Ja	HKCU:Run	SpybotSD TeaTimer	Safer-Networking Ltd.	C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Nein	HKCU:Run	VirtualDiskAutomount		rundll32 "C:\Program Files (x86)\TC UP\PLUGINS\wfx\VirtualDisk\VirtualDisk.wfx",MountAfterReboot
Ja	HKLM:Run	Acronis Scheduler2 Service	Acronis	"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
Ja	HKLM:Run	Adobe ARM	Adobe Systems Incorporated	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Nein	HKLM:Run	Adobe Reader Speed Launcher	Adobe Systems Incorporated	"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Ja	HKLM:Run	APSDaemon	Apple Inc.	"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja	HKLM:Run	avgnt	Avira Operations GmbH & Co. KG	"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja	HKLM:Run	boincmgr	Space Sciences Laboratory	"C:\Program Files\BOINC\boincmgr.exe" /a /s
Ja	HKLM:Run	boinctray	Space Sciences Laboratory	"C:\Program Files\BOINC\boinctray.exe"
Nein	HKLM:Run	BrMfcWnd	Brother Industries, Ltd.	C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
Nein	HKLM:Run	ControlCenter3	Brother Industries, Ltd.	C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
Nein	HKLM:Run	DivXUpdate		"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Ja	HKLM:Run	EvtMgr6	Logitech, Inc.	C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
Nein	HKLM:Run	GrooveMonitor	Microsoft Corporation	"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
Ja	HKLM:Run	iTunesHelper	Apple Inc.	"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja	HKLM:Run	KiesTrayAgent	Samsung Electronics Co., Ltd.	C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Ja	HKLM:Run	PDFPrint	Geek Software GmbH	C:\Program Files (x86)\PDF24\pdf24.exe
Ja	HKLM:Run	StartCCC	Advanced Micro Devices, Inc.	"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Ja	HKLM:Run	SunJavaUpdateSched	Sun Microsystems, Inc.	"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja	HKLM:Run	TerraTec Remote Control	Elgato Systems	"C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
Nein	HKLM:Run	TkBellExe	RealNetworks, Inc.	"C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
Ja	HKLM:Run	Windows Mobile Device Center	Microsoft Corporation	%windir%\WindowsMobile\wmdc.exe
Ja	Startup Common	AML Device Install.lnk		C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
Ja	Startup Common	Secunia PSI Tray.lnk	Secunia	C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
         
Startup IE:
Code:
ATTFilter
Ja	Extension	An OneNote senden	Microsoft Corporation	C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
Ja	Extension	Mobilen Favoriten erstellen	Microsoft Corporation	C:\Windows\WindowsMobile\INetRepl.dll
Ja	Extension	Mobilen Favoriten erstellen...	Microsoft Corporation	C:\Windows\WindowsMobile\INetRepl.dll
Ja	Extension	Research	Microsoft Corporation	C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Ja	Extension	Spybot - Search  Destroy Configuration	Safer Networking Limited	C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Ja	Helper	Adobe PDF Link Helper	Adobe Systems Incorporated	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Ja	Helper	Ask Toolbar		C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
Ja	Helper	Groove GFS Browser Helper	Microsoft Corporation	C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Ja	Helper	Java(tm) Plug-In 2 SSV Helper	Oracle Corporation	C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Ja	Helper	Java(tm) Plug-In 2 SSV Helper	Oracle Corporation	C:\Program Files\Java\jre7\bin\jp2ssv.dll
Ja	Helper	Java(tm) Plug-In SSV Helper	Oracle Corporation	C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Ja	Helper	Java(tm) Plug-In SSV Helper	Oracle Corporation	C:\Program Files\Java\jre7\bin\ssv.dll
Ja	Helper	Octh Class	Orbitdownloader.com	C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
Ja	Helper	RealPlayer Download and Record Plugin for Internet Explorer	RealPlayer	C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
Ja	Helper	Spybot-SD IE Protection	Safer Networking Limited	C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Ja	Toolbar	Ask Toolbar		C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
Ja	Toolbar	DAEMON Tools Toolbar		C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
Ja	Toolbar	DAEMON Tools Toolbar		C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
Ja	Toolbar	TerraTec Home Cinema	TerraTec Electronic GmbH	C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
         
Startuo Schedules
Code:
ATTFilter
Ja	Extension	An OneNote senden	Microsoft Corporation	C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
Ja	Extension	Mobilen Favoriten erstellen	Microsoft Corporation	C:\Windows\WindowsMobile\INetRepl.dll
Ja	Extension	Mobilen Favoriten erstellen...	Microsoft Corporation	C:\Windows\WindowsMobile\INetRepl.dll
Ja	Extension	Research	Microsoft Corporation	C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Ja	Extension	Spybot - Search  Destroy Configuration	Safer Networking Limited	C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Ja	Helper	Adobe PDF Link Helper	Adobe Systems Incorporated	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Ja	Helper	Ask Toolbar		C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
Ja	Helper	Groove GFS Browser Helper	Microsoft Corporation	C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Ja	Helper	Java(tm) Plug-In 2 SSV Helper	Oracle Corporation	C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
Ja	Helper	Java(tm) Plug-In 2 SSV Helper	Oracle Corporation	C:\Program Files\Java\jre7\bin\jp2ssv.dll
Ja	Helper	Java(tm) Plug-In SSV Helper	Oracle Corporation	C:\Program Files (x86)\Java\jre7\bin\ssv.dll
Ja	Helper	Java(tm) Plug-In SSV Helper	Oracle Corporation	C:\Program Files\Java\jre7\bin\ssv.dll
Ja	Helper	Octh Class	Orbitdownloader.com	C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
Ja	Helper	RealPlayer Download and Record Plugin for Internet Explorer	RealPlayer	C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
Ja	Helper	Spybot-SD IE Protection	Safer Networking Limited	C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Ja	Toolbar	Ask Toolbar		C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
Ja	Toolbar	DAEMON Tools Toolbar		C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
Ja	Toolbar	DAEMON Tools Toolbar		C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
Ja	Toolbar	TerraTec Home Cinema	TerraTec Electronic GmbH	C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
         
Startup Context:
Code:
ATTFilter
Ja	Directory	7-Zip	Igor Pavlov	C:\Program Files\7-Zip\7-zip.dll
Ja	Directory	FormatFactoryShell	Free Time	C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_101.dll
Ja	Directory	LavasoftShellExt	Lavasoft Limited	C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
Ja	Directory	LockHunterShellExt	TODO: <Company name>	C:\Program Files\LockHunter\LHShellExt.dll
Ja	Directory	MagicISO	MagicISO, Inc.	C:\Program Files (x86)\MagicISO\misosh.dll
Ja	Directory	MBAMShlExt	Malwarebytes Corporation	C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
Ja	Directory	Mit VLC media player wiedergeben		"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Ja	Directory	Open In New Window		explorer %1
Ja	Directory	Shell Extension for Malware scanning	Avira Operations GmbH & Co. KG	C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
Ja	Directory	TCUPShellExt		C:\Program Files (x86)\TC UP\PLUGINS\Library\TCUPShellExt.dll
Ja	Directory	WinRAR		C:\Program Files\WinRAR\rarext.dll
Ja	Directory	WinRAR32		C:\Program Files\WinRAR\rarext32.dll
Ja	Directory	Zur VLC media player Wiedergabeliste hinzufügen		"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Ja	Drive	encrypt-bde		C:\Windows\System32\BitLockerWizard.exe %1 T
Ja	Drive	encrypt-bde-elev		C:\Windows\System32\BitLockerWizardElev.exe %1 T
Ja	Drive	LavasoftShellExt	Lavasoft Limited	C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
Ja	Drive	LockHunterShellExt	TODO: <Company name>	C:\Program Files\LockHunter\LHShellExt.dll
Ja	Drive	manage-bde		C:\Windows\System32\BitLockerWizard.exe %1 U
Ja	Drive	manage-bde-elev		C:\Windows\System32\BitLockerWizardElev.exe %1 U
Ja	Drive	resume-bde		C:\Windows\System32\BitLockerWizard.exe %1 V
Ja	Drive	resume-bde-elev		C:\Windows\System32\BitLockerWizardElev.exe %1 V
Ja	Drive	unlock-bde		C:\Windows\System32\BdeUnlockWizard.exe %1
Ja	Drive	{02a07e80-efa2-11d4-8306-a7ebd4c50c7c}		C:\WINDOWS\system32\cdeject.dll
Ja	File	7-Zip	Igor Pavlov	C:\Program Files\7-Zip\7-zip.dll
Ja	File	FormatFactoryShell	Free Time	C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_101.dll
Ja	File	LavasoftShellExt	Lavasoft Limited	C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
Ja	File	LockHunterShellExt	TODO: <Company name>	C:\Program Files\LockHunter\LHShellExt.dll
Ja	File	MagicISO	MagicISO, Inc.	C:\Program Files (x86)\MagicISO\misosh.dll
Ja	File	MBAMShlExt	Malwarebytes Corporation	C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
Ja	File	MyPhoneExplorer	F.J. Wechselberger	C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll
Ja	File	PDFTransformer3ContextMenu	ABBYY	C:\Program Files (x86)\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll
Ja	File	Shell Extension for Malware scanning	Avira Operations GmbH & Co. KG	C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
Ja	File	TCUPShellExt		C:\Program Files (x86)\TC UP\PLUGINS\Library\TCUPShellExt.dll
Ja	File	WinRAR		C:\Program Files\WinRAR\rarext.dll
Ja	File	WinRAR32		C:\Program Files\WinRAR\rarext32.dll
         
Grüße und Danke Udo

Alt 08.08.2012, 20:20   #14
markusg
/// Malware-holic
 
Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Standard

Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus



start ausführen tippe
msconfig
enter
systemstart
alle haken raus außer:
Acronis
Avira
ok klicken, neustart, dann selbst neustart ausführen gucken wie der pc läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus
7-zip, ad-aware, adware.clicker, antivir, application/pdf:, audiograbber, avira, bho, bonjour, deo0_sar.exe, desktop, disk director, downloader, error, exploit.drop.cod, firefox, flash player, google earth, helper, home, install.exe, jdownloader, launch, locker, logfile, mozilla, plug-in, pup.bundleinstaller.bi, realtek, registry, remote control, richtlinie, safer networking, scan, security, senden, starten, super, svchost.exe, total commander, tracker, trojaner, virtualbox, vista, win7 64, windows, windows xp



Ähnliche Themen: Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus


  1. Nur noch abgesicherter Modus möglich, sonst super langsam
    Log-Analyse und Auswertung - 14.03.2015 (15)
  2. Win7: GVU Trojaner versperrt Desktop, abgesicherter Modus möglich
    Log-Analyse und Auswertung - 05.11.2014 (9)
  3. Interpol blockiert Desktop, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 27.10.2014 (3)
  4. Windows7 nur noch abgesicherter Modus möglich (aka Systemwiederherstellung)
    Log-Analyse und Auswertung - 07.12.2013 (11)
  5. Windows 8 : abgesicherter Modus geht nicht, Desktop gesperrt
    Log-Analyse und Auswertung - 30.11.2013 (1)
  6. GVU unter Win7, nur noch abgesicherter Modus
    Log-Analyse und Auswertung - 05.09.2013 (3)
  7. Nur noch abgesicherter Modus möglich
    Log-Analyse und Auswertung - 12.08.2013 (9)
  8. GVU Trojaner nur noch abgesicherter Modus
    Log-Analyse und Auswertung - 08.02.2013 (3)
  9. Trojaner: Desktop blank, abgesicherter Modus lässt sich nicht starten
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (24)
  10. Polizei Trojaner weder abgesicherter Modus noch Boot von USB/CD
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (26)
  11. GVU Trojaner, nur noch abgesicherter Modus mit Eingabeaufforderung möglich
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (28)
  12. BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt
    Log-Analyse und Auswertung - 16.06.2012 (6)
  13. Suisa Trojaner - abgesicherter Modus geht noch
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (1)
  14. Weisser Desktop, auch abgesicherter Modus funktioniert nicht.
    Log-Analyse und Auswertung - 22.03.2012 (9)
  15. Windows ebenfalls blockiert. Nur noch abgesicherter Modus möglich
    Log-Analyse und Auswertung - 23.02.2012 (33)
  16. BKA Ukash Trojaner; Abgesicherter Modus funktioniert noch
    Log-Analyse und Auswertung - 05.09.2011 (5)
  17. XP abgesicherter Modus - Desktop bleibt leer -> dwwin.exe kann nicht gestartet werden
    Log-Analyse und Auswertung - 10.09.2009 (10)

Zum Thema Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus - Hallo liebe Retter, ich habe mir durch Unachtsamkeit den BKA Screen eingefangen. Nichts geht mehr, nur noch abgesicherter Modus im Win7 64 bit. Habe nach der Anleitung "eröffnen Thema folgende - Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus...
Archiv
Du betrachtest: Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.