Bundesplizei Trojaner

Morphyn · 06.11.2011, 16:15

Guten Tag an alle,
ich habe mir den Bundespolizei Trojaner eingefangen.
Das Problem stellt sich dabei wie folgt da:
- Beim Starten meines 32bit Windows 7 Systems kommt direkt nach dem Einloggen Ein weißer Bildschirm mit der Meldung, dass man doch bitte 100 € bezahlen solle.
Für mich hat es nicht funktioniert das betreffende Programm mit dem Taskmanager zu beenden.
Ich habe dann bereits diese hier genannten Schritte durchgeführt:
http://www.trojaner-board.de/97073-g...er-nistet.html

Zitat:

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

und hier der Inhalt meiner beiden Files C:\OTL.Txt

Code:

ATTFilter

OTL logfile created on: 11/6/2011 3:51:13 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 8.51 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive D: | 116.44 Gb Total Space | 3.75 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive E: | 116.44 Gb Total Space | 0.66 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive F: | 116.44 Gb Total Space | 10.94 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/04 07:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/16 11:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/11/01 11:20:16 | 000,230,640 | ---- | M] (Sophos Plc) [Auto] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/11/01 11:19:40 | 001,541,360 | ---- | M] (Sophos Plc) [Auto] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/11/01 11:19:26 | 000,163,056 | ---- | M] (Sophos Plc) [Auto] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/10/04 08:20:59 | 000,097,520 | ---- | M] (Sophos Plc) [Auto] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/07/26 19:02:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/26 08:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/06 18:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/10/13 13:43:52 | 000,137,344 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2011/10/13 13:43:46 | 000,009,472 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lemsgt.sys -- (lemsgt)
DRV - [2011/02/20 17:29:38 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/02/20 17:29:37 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/01 11:19:43 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/06/28 11:41:40 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2010/06/28 11:41:37 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2010/05/26 08:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/15 10:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/07 01:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2009/10/06 18:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/18 10:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Earthman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Earthman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Earthman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 83 81 61 D6 E6 CA 01  [binary data]
IE - HKU\Earthman_ON_C\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKU\Earthman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:2.0.1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Earthman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Earthman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Earthman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Earthman\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 16:47:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/22 15:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/22 15:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 05:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 08:46:22 | 000,000,000 | ---D | M]
 
[2010/04/28 08:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Earthman\AppData\Roaming\Mozilla\Extensions
[2011/11/06 09:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\extensions
[2010/04/30 07:51:14 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011/11/06 09:07:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/08 16:00:34 | 000,000,921 | ---- | M] () -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\searchplugins\conduit.xml
[2010/11/18 08:03:26 | 000,002,354 | ---- | M] () -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\searchplugins\ecosia.xml
[2010/06/28 04:28:25 | 000,002,314 | ---- | M] () -- C:\Users\Earthman\AppData\Roaming\Mozilla\Firefox\Profiles\hozfneuj.default\searchplugins\forestle-de.xml
[2011/08/18 04:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/02 04:46:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 13:36:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/04 18:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 12:34:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/18 04:21:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\EARTHMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HOZFNEUJ.DEFAULT\EXTENSIONS\{987311C6-B504-4AA2-90BF-60CC49808D42}.XPI
() (No name found) -- C:\USERS\EARTHMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HOZFNEUJ.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\EARTHMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HOZFNEUJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011/09/30 05:04:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/07 17:57:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/07 17:57:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/07 17:57:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/07 17:57:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/07 17:57:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/07 17:57:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Earthman_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKU\Earthman_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Earthman_ON_C..\Run: [avupdate] C:\Users\Earthman\AppData\Roaming\mahmud.exe (Foundstone Inc.)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Earthman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\Earthman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e957777c-52c6-11df-afe7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e957777c-52c6-11df-afe7-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/04 18:10:53 | 000,184,832 | ---- | C] (Foundstone Inc.) -- C:\Users\Earthman\AppData\Roaming\mahmud.exe
[2011/10/20 15:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/10/13 13:45:09 | 000,000,000 | ---D | C] -- C:\Users\Earthman\AppData\Roaming\Ascaron Entertainment
[2011/10/13 13:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
[2011/10/13 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\Earthman\Documents\Ascaron Entertainment
[2011/10/13 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ascaron Entertainment
[2011/10/13 06:31:30 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 06:31:30 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 06:31:12 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/13 06:31:00 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/13 06:31:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 06:30:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 06:30:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 06:30:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/06 09:42:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/06 09:26:39 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/11/06 09:26:39 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/06 09:26:39 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/11/06 09:26:39 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/06 09:22:12 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 09:14:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 09:14:25 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/06 09:11:19 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3989603032-3107975268-1949678013-1000UA.job
[2011/11/04 18:10:53 | 000,184,832 | ---- | M] (Foundstone Inc.) -- C:\Users\Earthman\AppData\Roaming\mahmud.exe
[2011/11/04 13:11:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3989603032-3107975268-1949678013-1000Core.job
[2011/11/04 09:07:36 | 000,000,643 | ---- | M] () -- C:\Users\Earthman\Desktop\Uni.lnk
[2011/11/02 07:49:30 | 000,088,920 | ---- | M] () -- C:\Users\Earthman\Desktop\uebung1MTD.pdf
[2011/11/01 16:44:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/20 15:01:19 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini
[2011/10/19 04:38:20 | 001,068,414 | ---- | M] () -- C:\Users\Earthman\Desktop\Mbau98.pdf
[2011/10/14 10:45:45 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\ApexDC++.lnk
[2011/10/14 04:46:56 | 000,326,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 19:43:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/10/13 13:43:52 | 000,137,344 | ---- | M] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2011/10/13 13:43:46 | 000,009,472 | ---- | M] () -- C:\Windows\System32\drivers\lemsgt.sys
[2011/10/13 13:43:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment
[2011/10/13 13:43:43 | 000,001,202 | ---- | M] () -- C:\Users\Earthman\Desktop\Vermeer 2.lnk
 
========== Files Created - No Company Name ==========
 
[2011/11/04 09:07:19 | 000,000,643 | ---- | C] () -- C:\Users\Earthman\Desktop\Uni.lnk
[2011/11/02 07:49:30 | 000,088,920 | ---- | C] () -- C:\Users\Earthman\Desktop\uebung1MTD.pdf
[2011/10/20 15:00:40 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011/10/19 04:38:20 | 001,068,414 | ---- | C] () -- C:\Users\Earthman\Desktop\Mbau98.pdf
[2011/10/13 13:43:52 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\hwpsgt.sys
[2011/10/13 13:43:46 | 000,009,472 | ---- | C] () -- C:\Windows\System32\drivers\lemsgt.sys
[2011/10/13 13:43:43 | 000,001,202 | ---- | C] () -- C:\Users\Earthman\Desktop\Vermeer 2.lnk
[2011/09/30 06:16:21 | 000,014,494 | ---- | C] () -- C:\Windows\Face.INI
[2011/09/30 06:16:21 | 000,000,026 | ---- | C] () -- C:\Windows\Layout2.INI
[2011/09/01 06:10:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ealtest.exe
[2011/08/11 05:17:29 | 000,000,600 | ---- | C] () -- C:\Users\Earthman\AppData\Local\PUTTY.RND
[2011/06/21 09:57:01 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/06/21 09:56:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/20 17:29:38 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/02/20 17:29:37 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/01/17 11:16:42 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/08/21 10:03:59 | 000,111,476 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/12 11:58:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/07 01:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/10/06 18:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/06 18:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/07/14 03:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,326,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/10/13 13:45:09 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Ascaron Entertainment
[2010/06/26 05:18:19 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\CheckPoint
[2010/08/23 19:09:40 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\com.vilango.birkenbihlsprachen.standalone.demo.E3108F3F4D536DE95A0EC7FFD2F3455D3240F2E4.1
[2010/11/20 15:00:00 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/11/05 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Dropbox
[2011/10/30 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\FileZilla
[2011/03/01 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Karteikartentrainer
[2010/04/28 08:26:16 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Leadertech
[2011/09/30 06:57:20 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\LibreOffice
[2011/07/27 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\LolClient
[2010/05/01 01:14:20 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\OpenOffice.org
[2011/09/07 03:00:27 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Spotify
[2010/05/11 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\Unigraphics Solutions
[2011/10/30 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Earthman\AppData\Roaming\uTorrent
[2010/04/28 08:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/04/28 08:40:06 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/04/28 08:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/04/28 08:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/11/21 16:16:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/09/16 04:32:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Rosetta Stone
[2010/07/26 19:02:31 | 000,000,000 | ---D | M] -- C:\ProgramData\RosettaStoneLtdBackup
[2010/10/04 08:21:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos
[2010/11/01 11:56:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos Web Intelligence
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/04/28 08:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/04/28 08:21:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/21 09:09:14 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/13 03:00:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

und Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 11/6/2011 4:00:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 8.51 Gb Free Space | 7.31% Space Free | Partition Type: NTFS
Drive D: | 116.44 Gb Total Space | 3.75 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive E: | 116.44 Gb Total Space | 0.66 Gb Free Space | 0.57% Space Free | Partition Type: NTFS
Drive F: | 116.44 Gb Total Space | 10.94 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1" = ApexDC++ 1.5.0
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.2.7.1
"GOM Player" = GOM Player
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"pdfsam" = pdfsam
"Populous: The Beginning" = Populous: The Beginning
"PowerISO" = PowerISO
"S4Uninst" = Die Siedler IV
"Spotify" = Spotify
"uTorrent" = µTorrent
"Vermeer 2_is1" = Vermeer 2
"VLC media player" = VLC media player 1.1.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Earthman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >

Vielen Danke schon mal im Vorraus
Grüße,
Morphyn

Bundesplizei Trojaner

Log-Analyse und Auswertung: Bundesplizei Trojaner

Bundesplizei Trojaner

Ähnliche Themen: Bundesplizei Trojaner