Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows-Blockierung durch Trojaner ("50 Euro-Virus")

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2012, 22:23   #1
Martin22
 
Windows-Blockierung durch Trojaner ("50 Euro-Virus") - Unglücklich

Windows-Blockierung durch Trojaner ("50 Euro-Virus")



Hallo zusammen,

ich hab leider auch diesen Trojaner auf dem Rechner,
der Windows blockiert und auf Grund angeblich
besuchter pornografischer Seiten 50 Euro zur
Bereinigung des Systems erfordert.

Diese OTL-Datei habe ich bereits runtergeladen
und entsprechend der Hinweise (hoffentlich richtig) verwendet:

Nachfolgend die OTL.Txt.-"Ergebnisse"

OTL logfile created on: 04.02.2012 21:55:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,82% Memory free
6,19 Gb Paging File | 5,06 Gb Available in Paging File | 81,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,97 Gb Total Space | 628,28 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 13,58 Gb Free Space | 69,54% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Iris.Home\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe (Google)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3238.38646__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3238.38722__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3238.38632__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3238.38648__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3238.38703__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3238.38684__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3238.38643__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3238.38670__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3238.38639__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3238.38673__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3238.38640__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3238.38736__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3238.38649__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3238.38698__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3238.38689__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3238.38648__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3238.38723__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3238.38681__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3238.38690__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3238.38672__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3238.38736__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3238.38638__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3238.38689__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3238.38721__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3238.38651__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3238.38681__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3238.38666__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3238.38671__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3238.38670__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3238.38671__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3238.38682__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3238.38731__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3238.38739__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3238.38630__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3238.38636__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3238.38712__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3238.38643__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3238.38717__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3238.38630__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3238.38630__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3238.38716__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3238.38631__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3238.38717__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3238.38628__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3238.38629__90ba9c70f846762e\AEM.Server.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Belkin\USB F5D7050\Wireless Utility\BelkinwcuiDLL.dll ()
MOD - C:\Programme\Belkin\USB F5D7050\Wireless Utility\BelkinHWStatus.dll ()


========== Win32 Services (SafeList) ==========

SRV - (NMIndexingService) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Norton Ghost) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (v2imount) -- C:\Windows\System32\drivers\v2imount.sys (Symantec Corporation)
DRV - (symsnap) -- C:\Windows\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (VProEventMonitor) -- C:\Windows\System32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\Windows\System32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (ZD1211U(ZyXEL)) ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{191d3f14-ff4c-4895-bdea-db54526cb49a}: C:\Program Files\Adobe\Flash [2009.07.19 12:11:47 | 000,000,000 | ---D | M]

[2009.04.30 16:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225CC8E2-4EDF-40B5-B4CB-76F32A607D8C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C60502B-F3C2-4A8F-AAE8-EEA6D509944D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62FFFEA9-0BC6-4137-9629-95F6DE95A957}: NameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Iris.Home\Anwendungsdaten\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Iris.Home\Anwendungsdaten\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.22 19:28:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT.bak -- [ NTFS ]
O33 - MountPoints2\{48ddad0f-109a-11de-a5fb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48ddad0f-109a-11de-a5fb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cdrun.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\I
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.02.04 21:58:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.04 21:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.04 21:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.04 21:58:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.04 21:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.04 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Iris.Home\Eigene Dateien\Meine empfangenen Dateien
[2012.01.29 11:11:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1996.11.18 23:15:46 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\IMPLODE.DLL
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.04 21:59:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.02.04 21:58:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.04 21:46:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 21:46:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 21:46:31 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 20:08:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2012.02.04 20:08:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2012.02.04 18:29:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2012.02.04 18:29:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012.02.03 20:31:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2012.02.03 20:31:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012.02.02 22:46:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2012.02.02 22:46:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012.02.02 22:19:58 | 000,000,723 | ---- | M] () -- C:\Toolbars.dat
[2012.02.01 22:40:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.01 22:40:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.01.31 21:17:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.01.31 21:17:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.01.30 22:15:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.01.30 22:15:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.01.29 20:53:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.01.29 20:53:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.29 11:11:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.28 22:54:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.28 22:54:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.27 21:58:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2012.01.27 21:58:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 20:55:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2012.01.26 20:55:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2012.01.25 22:11:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2012.01.25 22:11:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2012.01.25 12:24:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2012.01.25 12:24:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2012.01.24 21:31:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2012.01.24 21:31:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2012.01.23 20:25:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2012.01.23 20:25:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2012.01.22 19:55:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2012.01.22 19:55:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2012.01.21 20:00:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2012.01.21 20:00:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2012.01.20 19:46:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2012.01.20 19:46:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2012.01.19 21:16:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2012.01.19 21:16:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2012.01.18 22:24:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2012.01.18 22:24:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.04 21:58:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.06.11 17:28:20 | 000,003,461 | ---- | C] () -- C:\Windows\LITERAT.INI
[2009.04.04 12:43:34 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.03.14 14:20:06 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.08 13:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.08 12:08:39 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.08 12:08:39 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.08 12:08:38 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.08 12:08:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.08 12:08:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.08 11:53:01 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.08 11:53:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.18 19:34:22 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2008.12.11 13:43:20 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008.12.11 13:43:20 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008.11.24 21:04:29 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2008.11.23 18:45:34 | 000,000,083 | ---- | C] () -- C:\Windows\WSST_Screen_Saver.ini
[2008.11.23 18:45:28 | 000,145,167 | ---- | C] () -- C:\Windows\unstall.exe
[2008.11.23 14:35:52 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.23 14:35:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.23 14:35:51 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2008.11.23 14:25:18 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008.11.22 21:12:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.22 20:37:43 | 000,084,644 | ---- | C] () -- C:\Windows\System32\drivers\FwRad17.bin
[2008.11.22 20:37:43 | 000,083,024 | ---- | C] () -- C:\Windows\System32\drivers\FwRad16.bin
[2008.11.22 20:07:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ZDWlan.dll
[2008.11.22 20:07:53 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll
[2008.11.22 20:07:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2008.11.22 19:50:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.22 19:31:24 | 000,001,082 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI
[2008.11.22 19:26:04 | 000,021,740 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008.11.22 19:01:06 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.11.22 19:00:06 | 000,249,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008.02.27 11:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat.defect
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\Windows\System32\secupd.dat
[2003.07.30 10:49:22 | 013,107,200 | ---- | C] () -- C:\Windows\System32\oembios.bin
[2003.07.30 10:48:28 | 000,004,711 | ---- | C] () -- C:\Windows\System32\oembios.dat
[2003.04.02 13:00:00 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.04.02 13:00:00 | 000,621,704 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2003.04.02 13:00:00 | 000,589,884 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2003.04.02 13:00:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2003.04.02 13:00:00 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2003.04.02 13:00:00 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2003.04.02 13:00:00 | 000,123,654 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2003.04.02 13:00:00 | 000,101,896 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\Windows\System32\mib.bin
[2003.04.02 13:00:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2003.04.02 13:00:00 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\Windows\System32\dcache.bin
[2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2003.03.14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.05.26 17:53:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2IRDAO.DLL
[2001.08.03 19:22:00 | 000,182,896 | ---- | C] () -- C:\Windows\System32\drivers\NAVAP.SYS
[1998.05.11 00:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\CO2C40EN.DLL
[1996.11.18 23:15:52 | 000,131,072 | ---- | C] () -- C:\Windows\System32\P2SODBC.DLL
[1996.11.18 23:15:50 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2CTDAO.DLL
[1996.11.18 23:15:50 | 000,036,352 | ---- | C] () -- C:\Windows\System32\P2BBND.DLL

< End of report >

Alt 04.02.2012, 22:24   #2
Martin22
 
Windows-Blockierung durch Trojaner ("50 Euro-Virus") - Standard

Windows-Blockierung durch Trojaner ("50 Euro-Virus")



OTL ExtrasOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.02.2012 21:55:10 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Iris.Home\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,82% Memory free
6,19 Gb Paging File | 5,06 Gb Available in Paging File | 81,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,97 Gb Total Space | 628,28 Gb Free Space | 68,89% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 13,58 Gb Free Space | 69,54% Space Free | Partition Type: FAT32
 
Computer Name: HOME | User Name: Iris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0979C5EE-E539-4951-8AF5-107087E01B67}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{12646D94-3369-44F9-8A74-4D424D67439D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{12E24F45-DA35-4351-8F8B-EFC5D09D48CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4B3C4105-B89E-44C1-A12A-44F99F3D35C5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{704154F3-21BB-48CD-A947-87B8BA123F9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{76CE6F31-0740-4F50-AB2F-282F22218DAE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{89299F9F-CD48-46F4-A7EE-83350BF02ADB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B53ACEB5-C3A4-463B-A544-E1655E467B2A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DD952732-D7C9-4C3E-B0DD-3F331AD34CB6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0AE1CB2-13B9-469E-BBCD-14F5BE4C9536}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F0AD9127-301E-4C80-A2CC-6AF8C930C5FC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F1C6DE5F-9A52-419E-B36A-1ED3DF5BBC20}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150E7872-56F0-4360-999C-C4E00A045C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2F129AEC-D22E-4D8F-9BD6-CCE10AA04D65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A64CBC56-8101-4887-9811-CBDDC845D41A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B757D511-EA04-4399-8D2F-5B6AA6FAEE9C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C01F010A-8EEC-41D8-97A7-7226D5DAD9AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CF16222F-9814-4523-8307-F85D732591CF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{499ACFD1-6E5B-4BAD-B2D8-8A3C2CA97464}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{397D8919-58A0-4463-AA12-1DE73F96D4EB}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8BC951D5-2DBA-4DF5-B48C-F1A7A7DB1031}" = Nero BackItUp 2 Essentials
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility
"{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static
"{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing
"{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English
"{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German
"{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Diagram Designer" = Diagram Designer
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2012 13:30:35 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 13:30:35 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 13:34:20 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 13:34:20 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = VSS | ID = 13
Description = 
 
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = VSS | ID = 12292
Description = 
 
Error - 04.02.2012 16:47:18 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 16:47:18 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 16:58:23 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.02.2012 16:58:23 | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 04.02.2012 11:59:28 | Computer Name = Home | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2012 12:01:28 | Computer Name = Home | Source = DCOM | ID = 10010
Description = 
 
Error - 04.02.2012 13:17:48 | Computer Name = Home | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2012 13:30:11 | Computer Name = Home | Source = HTTP | ID = 15016
Description = 
 
Error - 04.02.2012 13:33:52 | Computer Name = Home | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.02.2012 um 18:31:58 unerwartet heruntergefahren.
 
Error - 04.02.2012 13:33:57 | Computer Name = Home | Source = HTTP | ID = 15016
Description = 
 
Error - 04.02.2012 16:22:23 | Computer Name = Home | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2012 16:24:23 | Computer Name = Home | Source = DCOM | ID = 10010
Description = 
 
Error - 04.02.2012 16:46:34 | Computer Name = Home | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.02.2012 um 21:32:46 unerwartet heruntergefahren.
 
Error - 04.02.2012 16:46:36 | Computer Name = Home | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---



Es wäre sehr nett, wenn mir hier jemand helfen könnte, wie ich
weiter vorgehen muss bzw. welche Daten für eine Hilfe noch
erforderlich wären!

PS: Das hier oftmals verlinkte Malware-Programm ist ebenfalls
installiert - läuft aber noch!

Ergebnisse folgen in Kürze!
__________________


Alt 04.02.2012, 23:25   #3
Martin22
 
Windows-Blockierung durch Trojaner ("50 Euro-Virus") - Standard

Windows-Blockierung durch Trojaner ("50 Euro-Virus")



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.04.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Iris :: HOME [Administrator]

04.02.2012 21:59:35
mbam-log-2012-02-04 (21-59-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 436647
Laufzeit: 1 Stunde(n), 23 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Martin\Desktop\Dies & Das\SoftonicDownloader_fuer_samsung-kies.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\Martin\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Martin\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Martin\Lokale Einstellungen\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
__________________

Antwort

Themen zu Windows-Blockierung durch Trojaner ("50 Euro-Virus")
0x00000001, antivir, application/pdf, application/pdf:, avira, bho, blockiert, desktop, ebay, euro, excel, excel.exe, firefox, format, google, home, iexplore.exe, logfile, monitor, object, otl-datei, realtek, registry, scan, software, symantec, tracker, trojaner, usb, version=1.0, vista, windows, windows vista home



Ähnliche Themen: Windows-Blockierung durch Trojaner ("50 Euro-Virus")


  1. Windows 7 x64 Kaspersky Nach Trojaner: "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert.[...]"
    Log-Analyse und Auswertung - 30.05.2014 (9)
  2. Windows 7: Adware/Pop-Ups durch "iminent" bzw. "Free M4a to MP3 Converter"
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  3. Windows 7: Möglicher Schädlingsbefall durch "Bundesnetzagentur Trojaner"
    Plagegeister aller Art und deren Bekämpfung - 20.12.2013 (13)
  4. Windows 7: Trojaner durch "flash player Pro" runtergeladen?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (9)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. 100 Euro "Bundespolizei" Virus (Zugriff ohne Bildschirmübernahme durch Virus möglich)
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (34)
  7. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  8. 100-Euro-Trojaner "ras-0oed.pad" auf Windows XP
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (5)
  9. "McAfee"-Windows durch Trojaner gesperrt
    Log-Analyse und Auswertung - 29.03.2012 (1)
  10. Windows gesperrt durch "50 Euro Virus"
    Log-Analyse und Auswertung - 19.02.2012 (28)
  11. "50 Euro Virus" Schwarzer Bildschirm Zahlung
    Log-Analyse und Auswertung - 13.02.2012 (8)
  12. 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 01.02.2012 (8)
  13. 50 euro Virus "Achtung aus Sicherheitsgruenden wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 18.01.2012 (10)
  14. "Durch das Besuchen von Seiten mit infizierten Inhalten...wird ihr Windows geblockt." Trojaner etc.?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2012 (26)
  15. Windows Blockierung - 50 Euro Trojaner
    Log-Analyse und Auswertung - 06.01.2012 (10)
  16. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  17. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)

Zum Thema Windows-Blockierung durch Trojaner ("50 Euro-Virus") - Hallo zusammen, ich hab leider auch diesen Trojaner auf dem Rechner, der Windows blockiert und auf Grund angeblich besuchter pornografischer Seiten 50 Euro zur Bereinigung des Systems erfordert. Diese OTL-Datei - Windows-Blockierung durch Trojaner ("50 Euro-Virus")...
Archiv
Du betrachtest: Windows-Blockierung durch Trojaner ("50 Euro-Virus") auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.