Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Trojaner endgültig gelöscht?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.08.2011, 22:58   #1
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Guten Abend,

ich habe mir heute leider auch den Bundespolizeit-Trojaner eingefangen. Höchstwahrscheinlich ist das beim surfen im Internet mit dem Opera-Browser passiert. AVG Free hat nichts bemerkt.

Mir ist es gelungen nach einem Neustart den Prozess rechtzeitig im Task-Manager zu beenden (genauen Namen konnte ich mir leider nicht merken). Danach habe ich eine Datei mit dem Namen jashla.exe und einen Ordner gelöscht. Hier ein Screen: hxxp://img228.imageshack.us/img228/9634/gelscht.png.

Hier noch ein kleiner Ausschnitt aus der Resident.log von Spybot-SD Resident (verdächte Zeile markiert):


Code:
ATTFilter
21.07.2011 21:33:10 Erlaubt (based on user decision) value "iTunesHelper" (new data: "") gelöscht in System Startup global entry!
21.07.2011 21:34:35 Erlaubt (based on user decision) value "iTunesHelper" (new data: ""C:\Program Files\iTunes\iTunesHelper.exe"") hinzugefügt in System Startup global entry!
07.08.2011 16:55:21 Erlaubt (based on user decision) value "avupdate" (new data: "C:\Users\username\AppData\Roaming\jashla.exe") hinzugefügt in System Startup user entry!
07.08.2011 18:06:26 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent") hinzugefügt in System Startup global entry!
07.08.2011 18:06:51 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: ""D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray") hinzugefügt in System Startup global entry!
07.08.2011 18:08:36 Erlaubt (based on user decision) value "MSC" (new data: ""C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey") hinzugefügt in System Startup global entry!
07.08.2011 18:11:18 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "grpconv -o") hinzugefügt in System Startup global entry!
07.08.2011 18:11:18 Erlaubt (based on user decision) value "Malwarebytes' Anti-Malware" (new data: "") gelöscht in System Startup global entry!
07.08.2011 18:11:33 Erlaubt (based on authenticode whitelist) value "avgnt" (new data: ""D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min") hinzugefügt in System Startup global entry!
07.08.2011 18:11:33 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "") gelöscht in System Startup global entry!
07.08.2011 18:39:14 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "grpconv -o") hinzugefügt in System Startup global entry!
07.08.2011 18:39:16 Erlaubt (based on lassh blacklist) value "GrpConv" (new data: "") gelöscht in System Startup global entry!
         

Ein Fullscan mit AVG Free, Antivir und Malwarebytes hat nichts gefunden. Malwarebytes Log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7402

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.08.2011 21:58:41
mbam-log-2011-08-07 (21-58-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 436548
Laufzeit: 1 Stunde(n), 15 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Nach einem Neustart habe ich dann noch HijackThis laufen lassen. Untenstehend ist das Logfile (verdächtige Zeile markiert). Danach habe ich in der Registry nach jashla gesucht und den dazugehörigen Eintrag gelöscht. Der markierte Eintrag ist bei einem weiteren Scan nicht mehr im Logfile aufgetaucht.

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:48, on 07.08.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [avupdate] C:\Users\username\AppData\Roaming\jashla.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6319 bytes
         

Abschließend noch die beiden Files von otl.exe:


Code:
ATTFilter
OTL Extras logfile created on: 07.08.2011 22:14:37 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = G:\
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,57% Memory free
6,00 Gb Paging File | 4,41 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,90 Gb Total Space | 10,32 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive D: | 80,00 Gb Total Space | 35,92 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
Drive E: | 178,09 Gb Total Space | 3,28 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive G: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,20% Space Free | Partition Type: FAT
 
Computer Name: username-PC | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343AB4F2-F1EF-4FF9-B0E6-CAAB680286A6}" = G Data LNK-Checker
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5B161932-9D42-4D5E-858D-29BF4C670944}" = Microsoft SQL Server 2008 Setup Support Files 
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{6FE22909-D0D6-4111-ABCE-7F8D986C4A2A}" = Foxit PDF Preview Handler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7552F04B-9892-4362-8833-1E9AF1A8CF4C}" = Oracle VM VirtualBox 3.2.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94317163-C5D1-4FCE-A0D9-F48FE06A7D7D}" = Microsoft SQL Server 2008 Native Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}" = Prison Break
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DAD20769-75D8-4C1D-80E3-D545563FE9EF}_is1" = QTTabBar 1.5.0.0 Alpha 4
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{E989D16F-0B39-4E74-8BD5-149BEE1477FE}" = Microsoft SQL Server 2008 RsFx Driver
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}" = Image Grabber II.NET
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AllDup_is1" = AllDup 2.1.10
"Any Video Converter_is1" = Any Video Converter 3.2.3
"AVG" = AVG 2011
"AVI MPEG RM WMV Joiner_is1" = AVI/MPEG/RM/WMV Joiner 4.82
"AVIConverter" = AVIConverter 5.1.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beavis And Butt-head" = Beavis And Butt-head
"Bubblets_is1" = Bubblets 1.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"DupDetector_is1" = DupDetector 3.201
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EXIFutils for Windows" = EXIFutils for Windows
"Football Manager 2009" = Football Manager 2009
"FreeCommander_is1" = FreeCommander 2009.02b
"Grand Prix World" = Grand Prix World
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HijackThis" = HijackThis 2.0.2
"Image Grabber II" = Image Grabber II
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mp3tag" = Mp3tag v2.49
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Opera 11.50.1074" = Opera 11.50
"P2PFilter" = P2PFilter 3.0.5
"PhotoScape" = PhotoScape
"PhotoWipe_is1" = PhotoWipe 1.0
"Q-Dir" = Q-Dir
"Replay Video Capture4.2" = Replay Video Capture
"rFactor" = rFactor (remove only)
"RidNacs_is1" = RidNacs 2.0.3
"SSC Service Utility_is1" = SSC Service Utility v4.30
"The KMPlayer" = The KMPlayer (remove only)
"Trillian" = Trillian
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.0.5
"XnView_is1" = XnView 1.97.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2010 14:32:54 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10233
 
Error - 10.12.2010 14:32:54 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10233
 
Error - 11.12.2010 08:10:03 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 12.12.2010 07:47:25 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.12.2010 16:08:07 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 15.12.2010 14:04:45 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 16.12.2010 15:33:49 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.12.2010 05:47:43 | Computer Name = username-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 18.12.2010 06:26:29 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 18.12.2010 06:26:29 | Computer Name = username-PC | Source = Bonjour Service | ID = 100
Description = 376: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ Media Center Events ]
Error - 12.07.2010 14:04:09 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:04:09 - Fehler beim Herstellen der Internetverbindung.  20:04:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12.07.2010 14:04:24 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:04:14 - Fehler beim Herstellen der Internetverbindung.  20:04:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 12:39:22 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:39:22 - Fehler beim Herstellen der Internetverbindung.  18:39:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 12:39:32 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:39:28 - Fehler beim Herstellen der Internetverbindung.  18:39:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 13:39:39 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 19:39:39 - Fehler beim Herstellen der Internetverbindung.  19:39:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 13:39:48 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 19:39:44 - Fehler beim Herstellen der Internetverbindung.  19:39:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 14:48:53 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:48:52 - Fehler beim Herstellen der Internetverbindung.  20:48:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2010 14:49:04 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 20:48:58 - Fehler beim Herstellen der Internetverbindung.  20:48:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2010 12:06:22 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:06:22 - Fehler beim Herstellen der Internetverbindung.  18:06:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2010 12:06:31 | Computer Name = username-PC | Source = MCUpdate | ID = 0
Description = 18:06:27 - Fehler beim Herstellen der Internetverbindung.  18:06:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 01.08.2010 08:54:12 | Computer Name = username-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 1946
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.08.2011 12:10:45 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 0.0.0.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:10:51 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:10:56 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:16:28 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 0.0.0.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 07.08.2011 12:21:34 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 07.08.2011 12:21:39 | Computer Name = username-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 0.0.0.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der Servername
 oder die Serveradresse konnte nicht verarbeitet werden. 
 
 
< End of report >
         

Code:
ATTFilter
OTL logfile created on: 07.08.2011 22:14:37 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = G:\
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 54,57% Memory free
6,00 Gb Paging File | 4,41 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,90 Gb Total Space | 10,32 Gb Free Space | 25,87% Space Free | Partition Type: NTFS
Drive D: | 80,00 Gb Total Space | 35,92 Gb Free Space | 44,91% Space Free | Partition Type: NTFS
Drive E: | 178,09 Gb Total Space | 3,28 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive G: | 1,88 Gb Total Space | 1,79 Gb Free Space | 95,20% Space Free | Partition Type: FAT
 
Computer Name: TM-PC | User Name: TM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - G:\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - G:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FolderSize) -- D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (msvsmon90) -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (CVPND) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl6bdd110e) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48F37463-565E-4DBA-A7A7-CF16C774A0E3}\MpKsl6bdd110e.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (VSPerfDrv100) -- D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 F0 AA D1 E1 DB CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "transfermarkt.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.ftp: "72.241.183.61"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "128.8.126.78"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "72.241.183.61"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "72.241.183.61"
FF - prefs.js..network.proxy.ssl_port: 27977
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.08.04 18:32:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M]
 
[2011.03.21 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2011.08.04 18:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions
[2011.07.10 09:56:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.14 18:58:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.03.24 23:16:36 | 000,001,632 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\firefox-add-ons.xml
[2011.08.03 19:26:04 | 000,001,633 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\googletranslate.xml
[2011.06.10 22:14:28 | 000,002,024 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\transfermarktde.xml
[2011.03.24 23:20:21 | 000,002,057 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\youtube-videosuche.xml
File not found (No name found) -- 
[2011.08.04 18:32:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{0FED7D55-65D4-47B6-A6DE-9A4ADB55355F}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{311ECE6E-EA6A-442F-A02A-A362E561D892}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\PERSONALTITLEBAR@MOZTW.ORG.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\SEARCHY@SEARCHY.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\TABGROUPSWITCHER@ADDONLAB.COM.XPI
 
O1 HOSTS File: ([2011.08.04 19:04:16 | 000,436,368 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15017 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.07 18:34:06 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Avira
[2011.08.07 18:11:13 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.08.07 18:11:13 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.08.07 18:11:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.08.07 18:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.08.07 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.08.07 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2011.08.07 18:06:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.07 18:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.21 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.21 21:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.21 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.17 13:39:32 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.07.17 12:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.07.13 19:47:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 19:47:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 19:47:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 19:47:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 19:47:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 19:47:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 19:47:52 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011.07.13 19:47:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 19:47:47 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.07 22:10:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.07 22:10:22 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.07 18:42:23 | 127,267,075 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.08.07 18:37:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.08.07 18:37:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.08.07 18:11:28 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.07 18:10:14 | 000,764,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.07 18:10:14 | 000,719,556 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.07 18:10:14 | 000,173,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.07 18:10:14 | 000,146,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.07 18:09:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.08.07 18:06:16 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.07 17:23:31 | 000,000,182 | ---- | M] () -- E:\username\Desktop\Dokument.rtf
[2011.08.07 17:14:20 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 17:14:20 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 19:04:16 | 000,436,368 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.02 21:17:25 | 000,035,328 | ---- | M] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 21:34:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.14 18:51:15 | 000,426,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
 
========== Files Created - No Company Name ==========
 
[2011.08.07 18:11:28 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.07 18:09:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.08.07 18:08:22 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.08.07 18:06:16 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.07 17:23:30 | 000,000,182 | ---- | C] () -- E:\username\Desktop\Dokument.rtf
[2011.07.21 21:34:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 19:57:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.26 20:02:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.22 11:20:06 | 000,112,831 | ---- | C] () -- C:\Users\username\AppData\Local\debuggee.mdmp
[2011.03.10 21:21:24 | 000,010,476 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010.10.14 20:26:33 | 000,161,619 | ---- | C] () -- C:\Windows\EXIFutils for Windows Uninstaller.exe
[2010.10.10 14:55:35 | 000,000,211 | ---- | C] () -- C:\Users\username\AppData\Roaming\burnaware.ini
[2010.10.10 13:40:23 | 000,007,597 | ---- | C] () -- C:\Users\username\AppData\Local\Resmon.ResmonCfg
[2010.09.06 11:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2010.05.28 17:53:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.19 15:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.19 15:46:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.10 21:22:17 | 000,000,000 | ---- | C] () -- C:\Users\username\AppData\Local\prvlcl.dat
[2010.03.05 01:00:34 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.03.05 01:00:34 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.03.04 21:28:12 | 000,035,328 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 10:47:43 | 000,764,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,173,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,426,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,719,556 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,146,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
 
========== LOP Check ==========
 
[2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup
[2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft
[2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10
[2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9
[2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux
[2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib
[2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini
[2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan
[2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro
[2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot
[2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit
[2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software
[2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn
[2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView
[2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech
[2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda
[2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag
[2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera
[2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape
[2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break
[2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir
[2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs
[2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u
[2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive
[2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird
[2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode
[2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView
[2011.07.09 10:06:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Was kann ich noch tun, um sicher zu gehen, dass der Trojaner entfernt wurde? (Werde meine Windows danach neu aufsetzen. Möchte aber meine Daten davor noch sichern.) Vielen Dank!

Alt 09.08.2011, 15:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 09.08.2011, 18:23   #3
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Ja, gibt noch mehrere. MSE hat auch noch was gefunden (siehe ganz unten).


Vollständiger Suchlauf mit veralteter Datenbank:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7035

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.08.2011 20:22:18
mbam-log-2011-08-07 (20-22-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 431431
Laufzeit: 2 Stunde(n), 13 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Quick Scan mit aktueller Datenbank:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7402

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.08.2011 20:41:10
mbam-log-2011-08-07 (20-41-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187566
Laufzeit: 9 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Vollständiger Scan mit aktueller Datenbank (wurde oben schon gepostet):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7402

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.08.2011 21:58:41
mbam-log-2011-08-07 (21-58-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 436548
Laufzeit: 1 Stunde(n), 15 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Protection Log (7.8.):
Code:
ATTFilter
18:06:38	username	MESSAGE	Protection started successfully
18:06:42	username	MESSAGE	IP Protection started successfully
18:07:36	username	ERROR	Scheduled update failed:  No address found failed with error code 11004
20:32:33	username	MESSAGE	IP Protection stopped
20:32:36	username	MESSAGE	Database updated successfully
20:32:37	username	MESSAGE	IP Protection started successfully
22:13:49	username	MESSAGE	Protection started successfully
22:13:53	username	MESSAGE	IP Protection started successfully
         

Protection Log (8.8.):
Code:
ATTFilter
19:42:22	username	MESSAGE	Protection started successfully
19:42:25	username	MESSAGE	IP Protection started successfully
19:43:21	username	ERROR	Scheduled update failed:  No address found failed with error code 11004
21:38:52	username	MESSAGE	IP Protection stopped
         


###############################



Microsoft Security Essentials hat noch folgendes gefunden (habe leider kein Logfile gefunden):
hxxp://img269.imageshack.us/img269/339/mseo.png
__________________

Alt 09.08.2011, 20:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.08.2011, 20:58   #5
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17dc80df530de84a84d229ffe08cded2
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-09 08:33:12
# local_time=2011-08-09 10:33:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777214 100 95 148 56205818 0 0
# compatibility_mode=5893 16776573 100 94 4869388 64546617 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=107540
# found=0
# cleaned=0
# scan_time=6566
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=17dc80df530de84a84d229ffe08cded2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-10 06:53:15
# local_time=2011-08-10 08:53:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777213 100 95 226 56281375 0 0
# compatibility_mode=5893 16776574 100 94 4944945 64622174 0 0
# compatibility_mode=8192 67108863 100 0 75687 75687 0 0
# scanned=239351
# found=0
# cleaned=0
# scan_time=11411
         


Alt 10.08.2011, 21:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Bundespolizei Trojaner endgültig gelöscht?

Alt 11.08.2011, 18:57   #7
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
OTL logfile created on: 11.08.2011 17:41:30 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = E:\username\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,48% Memory free
6,00 Gb Paging File | 4,71 Gb Available in Paging File | 78,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,90 Gb Total Space | 9,81 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 80,00 Gb Total Space | 43,73 Gb Free Space | 54,67% Space Free | Partition Type: NTFS
Drive E: | 178,09 Gb Total Space | 5,13 Gb Free Space | 2,88% Space Free | Partition Type: NTFS
 
Computer Name: username-PC | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\username\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\username\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FolderSize) -- D:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (msvsmon90) -- D:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (CVPND) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsld575943a) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B61E2B4-DE3A-4115-8E75-5121B1D3C9B5}\MpKsld575943a.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (VSPerfDrv100) -- D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 F0 AA D1 E1 DB CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "transfermarkt.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.ftp: "72.241.183.61"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "128.8.126.78"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "72.241.183.61"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "72.241.183.61"
FF - prefs.js..network.proxy.ssl_port: 27977
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.06.25 12:40:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.22 09:25:22 | 000,000,000 | ---D | M]
 
[2011.03.21 19:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2011.08.09 20:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions
[2011.07.10 09:56:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.14 18:58:03 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\izjw7fk6.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.03.24 23:16:36 | 000,001,632 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\firefox-add-ons.xml
[2011.08.03 19:26:04 | 000,001,633 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\googletranslate.xml
[2011.06.10 22:14:28 | 000,002,024 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\transfermarktde.xml
[2011.03.24 23:20:21 | 000,002,057 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\searchplugins\youtube-videosuche.xml
File not found (No name found) -- 
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{0FED7D55-65D4-47B6-A6DE-9A4ADB55355F}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{311ECE6E-EA6A-442F-A02A-A362E561D892}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\PERSONALTITLEBAR@MOZTW.ORG.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\SEARCHY@SEARCHY.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
() (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IZJW7FK6.DEFAULT\EXTENSIONS\TABGROUPSWITCHER@ADDONLAB.COM.XPI
 
O1 HOSTS File: ([2011.08.04 19:04:16 | 000,436,368 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15017 more lines...
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - D:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} -  File not found
O4 - HKLM..\Run: [Eraser] D:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Nusernamessvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: DW6 - hkey= - key= -  File not found
MsConfig - StartUpReg: Eraser - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - D:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBoousernamein: Base - Driver Group
SafeBoousernamein: Boot Bus Extender - Driver Group
SafeBoousernamein: Boot file system - Driver Group
SafeBoousernamein: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll ()
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.09 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.09 18:09:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.07 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.08.07 18:06:22 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2011.08.07 18:06:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.07 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.07 18:06:12 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.21 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.21 21:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.21 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.17 13:39:32 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.07.17 12:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.11 17:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.11 17:36:44 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.10 21:10:22 | 000,000,920 | ---- | M] () -- E:\username\Desktop\sgd.rtf
[2011.08.10 17:48:49 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.10 17:48:49 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 18:18:02 | 000,051,309 | ---- | M] () -- E:\username\Desktop\mse.png
[2011.08.08 20:03:07 | 000,001,544 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011.08.07 18:10:14 | 000,764,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.07 18:10:14 | 000,719,556 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.07 18:10:14 | 000,173,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.07 18:10:14 | 000,146,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.07 18:09:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.08.07 18:06:16 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.07 17:23:31 | 000,000,182 | ---- | M] () -- E:\username\Desktop\Dokument.rtf
[2011.08.04 19:04:16 | 000,436,368 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.02 21:17:25 | 000,035,328 | ---- | M] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 21:34:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.14 18:51:15 | 000,426,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.08.10 20:55:37 | 000,000,920 | ---- | C] () -- E:\username\Desktop\sgd.rtf
[2011.08.09 18:17:25 | 000,051,309 | ---- | C] () -- E:\username\Desktop\mse.png
[2011.08.08 20:03:07 | 000,001,544 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2011.08.08 20:03:07 | 000,001,544 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2011.08.07 18:09:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.08.07 18:08:22 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.08.07 18:06:16 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.07 17:23:30 | 000,000,182 | ---- | C] () -- E:\username\Desktop\Dokument.rtf
[2011.07.21 21:34:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 19:57:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.26 20:02:09 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.22 11:20:06 | 000,112,831 | ---- | C] () -- C:\Users\username\AppData\Local\debuggee.mdmp
[2011.03.10 21:21:24 | 000,010,476 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2010.10.14 20:26:33 | 000,161,619 | ---- | C] () -- C:\Windows\EXIFutils for Windows Uninstaller.exe
[2010.10.10 14:55:35 | 000,000,211 | ---- | C] () -- C:\Users\username\AppData\Roaming\burnaware.ini
[2010.10.10 13:40:23 | 000,007,597 | ---- | C] () -- C:\Users\username\AppData\Local\Resmon.ResmonCfg
[2010.09.06 11:08:36 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2010.05.28 17:53:42 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.19 15:46:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.19 15:46:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.10 21:22:17 | 000,000,000 | ---- | C] () -- C:\Users\username\AppData\Local\prvlcl.dat
[2010.03.05 01:00:34 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.03.05 01:00:34 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.03.04 21:28:12 | 000,035,328 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 10:47:43 | 000,764,238 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,173,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,426,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,719,556 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,146,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
 
========== LOP Check ==========
 
[2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup
[2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft
[2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10
[2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9
[2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux
[2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib
[2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini
[2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan
[2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro
[2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot
[2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit
[2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software
[2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn
[2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView
[2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech
[2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda
[2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag
[2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera
[2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape
[2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break
[2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir
[2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs
[2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u
[2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive
[2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird
[2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode
[2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView
[2011.07.09 10:06:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.15 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Adobe
[2011.01.18 23:53:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AllDup
[2010.09.19 14:03:50 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AnvSoft
[2010.11.03 19:36:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Apple Computer
[2010.11.14 20:05:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG10
[2010.10.07 19:54:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\AVG9
[2010.04.13 18:57:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux
[2011.03.10 21:17:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\cryptlib
[2010.11.26 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\CustomBrushesMini
[2010.03.06 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFan
[2010.09.20 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DiskSpaceFanPro
[2010.10.10 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\dvdcss
[2010.10.07 20:42:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\FireShot
[2010.03.04 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit
[2010.03.04 22:23:43 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Foxit Software
[2010.03.04 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Identities
[2010.05.06 15:51:51 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ImgBurn
[2010.07.24 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView
[2010.03.04 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech
[2010.03.04 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Logitech
[2010.03.04 19:15:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Macromedia
[2011.08.07 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Media Center Programs
[2011.08.09 20:13:42 | 000,000,000 | --SD | M] -- C:\Users\username\AppData\Roaming\Microsoft
[2011.04.15 21:30:14 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Microsoft FxCop
[2010.08.28 17:42:17 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda
[2011.03.21 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mozilla
[2011.07.24 20:24:12 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag
[2010.03.27 17:06:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera
[2010.10.01 16:44:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PhotoScape
[2010.03.19 15:57:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Prison Break
[2011.03.10 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Q-Dir
[2010.11.01 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\RidNacs
[2011.03.12 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Software4u
[2010.03.06 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Sports Interactive
[2010.03.04 16:49:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird
[2011.07.02 17:55:55 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\vlc
[2010.03.04 21:06:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\WinRAR
[2010.10.17 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XMedia Recode
[2010.07.10 10:03:04 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2010.03.06 17:01:52 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 11.08.2011, 23:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.ftp: "72.241.183.61"
FF - prefs.js..network.proxy.ftp_port: 27977
FF - prefs.js..network.proxy.http: "128.8.126.78"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "72.241.183.61"
FF - prefs.js..network.proxy.socks_port: 27977
FF - prefs.js..network.proxy.ssl: "72.241.183.61"
FF - prefs.js..network.proxy.ssl_port: 27977
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\AutoRun\command - "" = H:\Setup.exe autorun
O33 - MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\Shell\setup\command - "" = H:\Setup.exe autorun
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.08.2011, 14:52   #9
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
========== OTL ==========
Prefs.js: "72.241.183.61" removed from network.proxy.ftp
Prefs.js: 27977 removed from network.proxy.ftp_port
Prefs.js: "128.8.126.78" removed from network.proxy.http
Prefs.js: 3124 removed from network.proxy.http_port
Prefs.js: "72.241.183.61" removed from network.proxy.socks
Prefs.js: 27977 removed from network.proxy.socks_port
Prefs.js: "72.241.183.61" removed from network.proxy.ssl
Prefs.js: 27977 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
File H:\Setup.exe autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4e130fc-2933-11df-87bf-00241dc79a54}\ not found.
File H:\Setup.exe autorun not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.1 log created on 08122011_145013
         

Alt 12.08.2011, 15:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.08.2011, 10:01   #11
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
ComboFix 11-08-12.01 - username 13.08.2011   9:47.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2031 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\lmhosts
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-13 bis 2011-08-13  ))))))))))))))))))))))))))))))
.
.
2011-08-11 17:39 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37	439632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37	439632	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-11 17:00 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3010F92A-5C0B-4B7B-A533-78E6B91D000F}\mpengine.dll
2011-08-09 18:41 . 2011-08-09 18:41	--------	d-----w-	c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33	--------	d-----w-	c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-06-17 08:45 . 2011-05-19 17:44	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 08:25 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34	543336	----a-w-	c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01	899688	----a-w-	c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01	865896	----a-w-	c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01	5301352	----a-w-	c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01	2804328	----a-w-	c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01	2082408	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01	16456296	----a-w-	c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01	13011560	----a-w-	c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01	12392	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01	11992680	----a-w-	c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01	10589800	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37	615528	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37	3693672	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37	2557544	----a-w-	c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03	2335848	----a-w-	c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09	6555240	----a-w-	c:\windows\system32\nvwgf2um.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02	208528	----a-w-	d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Eraser - e:\progra~1\Eraser\Eraser.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-13  09:55:18
ComboFix-quarantined-files.txt  2011-08-13 07:55
.
Vor Suchlauf: 8 Verzeichnis(se), 11.414.396.928 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 11.133.616.128 Bytes frei
.
- - End Of File - - E3AE7CC5595D315ED0786F95571FEFB2
         

Alt 15.08.2011, 10:17   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Regnull::
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2011, 19:11   #13
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
ComboFix 11-08-15.07 - username 15.08.2011  18:29:09.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2161 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: e:\username\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-15 bis 2011-08-15  ))))))))))))))))))))))))))))))
.
.
2011-08-15 16:34 . 2011-08-15 16:34	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-08-15 16:34 . 2011-08-15 16:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-15 11:38 . 2011-08-15 11:38	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys
2011-08-15 11:37 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\mpengine.dll
2011-08-13 08:47 . 2011-08-13 08:47	--------	d-----w-	c:\program files\Defraggler
2011-08-13 07:55 . 2011-08-15 16:34	--------	d-----w-	c:\users\username\AppData\Local\temp
2011-08-11 17:39 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-09 18:41 . 2011-08-09 18:41	--------	d-----w-	c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33	--------	d-----w-	c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 08:13 . 2011-05-19 17:44	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-06-14 08:25 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34	543336	----a-w-	c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01	899688	----a-w-	c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01	865896	----a-w-	c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01	5301352	----a-w-	c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01	2804328	----a-w-	c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01	2082408	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01	16456296	----a-w-	c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01	13011560	----a-w-	c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01	12392	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01	11992680	----a-w-	c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01	10589800	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37	615528	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37	3693672	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37	2557544	----a-w-	c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03	2335848	----a-w-	c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09	6555240	----a-w-	c:\windows\system32\nvwgf2um.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02	208528	----a-w-	d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 MpKsl7e8611f3;MpKsl7e8611f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys [2011-08-15 28752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL7E8611F3
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-15  18:36:40
ComboFix-quarantined-files.txt  2011-08-15 16:36
ComboFix2.txt  2011-08-13 07:55
.
Vor Suchlauf: 9.635.164.160 Bytes frei
Nach Suchlauf: 9.559.494.656 Bytes frei
.
- - End Of File - - D2B5C1C7D2CB1FE49EF48F743849A8BC
         

Alt 15.08.2011, 19:45   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Hm, wiederhol das Scripten bitte nochmal, aber die CFScript vorher neu machen und diese Zeilen eintragen:

Code:
ATTFilter
Reglockdel::
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2011, 19:59   #15
Brad
 
Bundespolizei Trojaner endgültig gelöscht? - Standard

Bundespolizei Trojaner endgültig gelöscht?



Code:
ATTFilter
ComboFix 11-08-15.07 - username 15.08.2011  19:51:04.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3070.2198 [GMT 2:00]
ausgeführt von:: e:\username\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: e:\username\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-15 bis 2011-08-15  ))))))))))))))))))))))))))))))
.
.
2011-08-15 17:55 . 2011-08-15 17:55	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-08-15 17:55 . 2011-08-15 17:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-15 11:38 . 2011-08-15 11:38	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys
2011-08-15 11:37 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\mpengine.dll
2011-08-13 08:47 . 2011-08-13 08:47	--------	d-----w-	c:\program files\Defraggler
2011-08-13 07:55 . 2011-08-15 17:55	--------	d-----w-	c:\users\username\AppData\Local\temp
2011-08-11 17:39 . 2011-06-23 04:33	3912576	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-11 17:39 . 2011-06-23 04:33	3967872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-11 17:01 . 2011-08-07 16:37	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 17:00 . 2011-08-07 16:37	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5819EDDF-CA6F-4D23-9525-05DCD55B9038}\gapaengine.dll
2011-08-09 18:41 . 2011-08-09 18:41	--------	d-----w-	c:\program files\ESET
2011-08-09 16:13 . 2011-07-12 18:39	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-07 16:08 . 2011-08-07 16:09	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\users\username\AppData\Roaming\Malwarebytes
2011-08-07 16:06 . 2011-08-07 16:06	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-07 16:06 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-07 16:06 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-21 19:33 . 2011-07-21 19:33	--------	d-----w-	c:\program files\iPod
2011-07-21 19:32 . 2011-07-21 19:32	--------	d-----w-	c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-15 08:13 . 2011-05-19 17:44	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20	50536	----a-w-	c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-06-14 08:25 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-06-11 02:29 . 2011-07-13 17:47	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-05-24 10:44 . 2011-06-29 17:59	293376	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-05-21 04:01 . 2011-06-30 19:34	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2011-06-30 19:34	543336	----a-w-	c:\windows\system32\easyupdatusapiu.dll
2011-05-21 04:01 . 2011-05-21 04:01	899688	----a-w-	c:\windows\system32\nvdispco3220150.dll
2011-05-21 04:01 . 2011-05-21 04:01	865896	----a-w-	c:\windows\system32\nvgenco322090.dll
2011-05-21 04:01 . 2011-05-21 04:01	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01	5301352	----a-w-	c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01	2804328	----a-w-	c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01	2082408	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01	16456296	----a-w-	c:\windows\system32\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01	13011560	----a-w-	c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01	12392	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 04:01 . 2011-05-21 04:01	11992680	----a-w-	c:\windows\system32\nvd3dum.dll
2011-05-21 04:01 . 2011-05-21 04:01	10589800	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2010-07-09 14:37	615528	----a-w-	c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2010-07-09 14:37	3693672	----a-w-	c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-07-09 14:37	2557544	----a-w-	c:\windows\system32\nvsvc.dll
2011-05-21 04:01 . 2010-07-09 14:37	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-12 10:03	2335848	----a-w-	c:\windows\system32\nvapi.dll
2011-05-21 04:01 . 2010-01-11 20:18	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-05-21 04:01 . 2009-07-13 22:09	6555240	----a-w-	c:\windows\system32\nvwgf2um.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Eraser"="d:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjA3NTM2MTY1LUJBUjlHKzEtRkwrOS1YMjAxMCsyLVFJWDErNC1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2010-03-11 08:02	208528	----a-w-	d:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VSPerfDrv100;Performance Tools Driver 10.0;d:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 370008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-06 691696]
S1 MpKsl7e8611f3;MpKsl7e8611f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D340E-07D1-47D8-BE45-955C2D259FE4}\MpKsl7e8611f3.sys [2011-08-15 28752]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL7E8611F3
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\izjw7fk6.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2260675223-1398480462-3707807218-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Lz„`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-15  19:57:22
ComboFix-quarantined-files.txt  2011-08-15 17:57
ComboFix2.txt  2011-08-15 17:21
ComboFix3.txt  2011-08-15 16:36
ComboFix4.txt  2011-08-13 07:55
.
Vor Suchlauf: 9.636.417.536 Bytes frei
Nach Suchlauf: 9.559.969.792 Bytes frei
.
- - End Of File - - 6709B0173C86DEEFBE20D6909C259A02
         

Antwort

Themen zu Bundespolizei Trojaner endgültig gelöscht?
7-zip, antivir, antivir guard, any video converter, avgnt, avira, bho, bonjour, converter, desktop, document, error, flash player, hijack, hijackthis, install.exe, jashla.exe, jdownloader, langs, logfile, microsoft office word, microsoft security, mozilla, mp3, nvidia update, nvlddmkm.sys, object, office 2007, problem, problembehandlung, prozess, realtek, registry, safer networking, security, security update, server, shell32.dll, software, sptd.sys, start menu, studio, system, trick, trojaner, version=1.0, video converter, visual studio, webcheck



Ähnliche Themen: Bundespolizei Trojaner endgültig gelöscht?


  1. GVU Trojaner endgültig entfernen
    Log-Analyse und Auswertung - 24.07.2013 (12)
  2. BKA Trojaner endgültig entfernen
    Log-Analyse und Auswertung - 03.07.2013 (15)
  3. gvu trojaner endgültig entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (14)
  4. Bundespolizei-Trojaner mit Malware gelöscht- Rechner wirklich sauber?
    Log-Analyse und Auswertung - 04.04.2013 (2)
  5. Trojaner endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (9)
  6. Ransom Trojaner endgültig entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (8)
  7. (2x) Bundespolizei-Trojaner endgültig beseitigen
    Mülltonne - 04.09.2012 (1)
  8. GVU Trojaner 2.04 endgültig entfernen?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  9. Bundespolizei - infizierte Dateien gelöscht und jetzt keine Anmeldung mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (18)
  10. Bundespolizei Trojaner endgültig weg?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (1)
  11. Bundespolizei Trojaner gelöscht, aber wirklich weg ?
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (7)
  12. Bundespolizei / Ukash gelöscht... Aber vollständig?
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (1)
  13. Trojander endgültig gelöscht?
    Log-Analyse und Auswertung - 14.04.2011 (19)
  14. Freigelassener Trojaner TR/dldr.exchanger.baz nun endgültig von PC gelöscht?
    Log-Analyse und Auswertung - 10.08.2010 (8)
  15. TR/Dropper.Gen - Wie werde ich den Trojaner endgültig los?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (5)
  16. Cieja.exe email trojaner endgültig gelöscht?
    Log-Analyse und Auswertung - 22.10.2009 (4)
  17. Trojaner endgültig entfernt?
    Log-Analyse und Auswertung - 24.03.2009 (2)

Zum Thema Bundespolizei Trojaner endgültig gelöscht? - Guten Abend, ich habe mir heute leider auch den Bundespolizeit-Trojaner eingefangen. Höchstwahrscheinlich ist das beim surfen im Internet mit dem Opera-Browser passiert. AVG Free hat nichts bemerkt. Mir ist es - Bundespolizei Trojaner endgültig gelöscht?...
Archiv
Du betrachtest: Bundespolizei Trojaner endgültig gelöscht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.