Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.03.2012, 09:04   #1
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Hallo,
seit gestern habe ich mir den Bundes-Trojaner / Virus eingefangen, welcher mein gesamtes System blockiert. Lediglich im abgesicherten Modus kann ich auf die Dateien zugreifen. Im normalen Modus blockiert er nach dem Hochfahren.
Ich bin Laie und hab keine Ahnung, wie ich verfahren kann. Hab zwar hier einiges gelesen aber vieles kommt mir fremd vor. Könnt ihr mir helfen???? Vielen dank

Wenn ich wie angegeben den Link: hxxp://oldtimer.geekstogo.com/OTLPENet.exe downloaden und installieren möchte, komme ich immer hier auf die Startseite, kann aber nix laden!!! Bitte kurze Anweisung geben.

Alt 15.03.2012, 09:06   #2
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



hi,
dann mal in den abgesicherten modus gehen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 15.03.2012, 10:56   #3
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Anbei nun den INhalt der "Extras.txt" Datei

und die OTL.txt Datei

Teil IOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.03.2012 10:45:00 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,48% Memory free
15,90 Gb Paging File | 12,93 Gb Available in Paging File | 81,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 355,45 Gb Total Space | 180,79 Gb Free Space | 50,86% Space Free | Partition Type: NTFS
Drive D: | 15,18 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
 
Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\MirandaFusion\miranda32.exe (modified by Miranda Fusion Team)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe (Tyco International Ltd. and its Respective Companies)
PRC - C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe ()
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Users\user\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
PRC - C:\Program Files (x86)\Join Air\UIExec.exe ()
PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe ()
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe ()
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\user\AppData\Local\Temp\nsa2398.tmp\System.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\zlib.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\icq.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\aim.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\irc.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\facebook.dll ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\vsmisc100.bpl ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\te100.bpl ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\te100.bpl ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\useactions.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\actman.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\authstate.dll ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VirtualTree100.bpl ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\VirtualTree100.bpl ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl ()
MOD - C:\Program Files (x86)\MirandaFusion\Plugins\svc_dbepp.dll ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\js32.dll ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\js32.dll ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\uoolep100.bpl ()
MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\uoolep100.bpl ()
MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\sqlite.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WO_LiveService) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe ()
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NtlxSrvMgr) -- C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe ()
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.osthessennews.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2914FFE9-A580-42CC-99E7-3833905DDA48}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463
IE - HKCU\..\SearchScopes\{9E3AE0EC-40AF-4EDC-9EB9-6D04BC47D932}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.osthessennews.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.10.11 07:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_6_3 [2012.03.15 10:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 01:53:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 23:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.17 22:53:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 Files (x86)\Mozilla Firefox\components [2012.02.17 22:53:55 | 000,000,000 | ---D | M]
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 23:52:44 | 000,000,000 | ---D | M]
 
[2011.12.22 23:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.03.12 11:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions
[2012.02.16 02:08:50 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79}
[2012.01.26 23:16:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.01.15 20:46:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.19 13:02:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.19 13:37:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\fb_add_on@avm.de
[2012.02.15 17:33:40 | 000,000,925 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\conduit.xml
[2012.03.08 23:50:01 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin-1.xml
[2012.02.16 02:09:38 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin-2.xml
[2012.01.15 20:46:39 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.gif
[2012.01.15 20:46:39 | 000,000,618 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.src
[2012.02.08 01:31:02 | 000,001,056 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.xml
[2012.01.15 17:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.24 16:57:50 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com
[2012.03.12 11:26:49 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.12.31 01:53:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.03.12 11:26:49 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6HNHFN87.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.17 22:53:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 21:15:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.12 21:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 21:15:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 21:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 21:15:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 21:15:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Website Logon = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\
CHR - Extension: ICQ Sparberater = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intellex Service Manager] C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.EXE /FU "C:\Windows\TEMP\E_S792D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Epson Stylus Office BX620FWD(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.EXE /FU "C:\Windows\TEMP\E_S58E9.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [SkypeM] C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group)
O4 - HKCU..\Run: [UpdateStar] C:\Users\user\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5D3174-1457-41FE-AE69-07F17EBFA80E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4dd71fa7-f0bd-11e0-a344-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd71fa7-f0bd-11e0-a344-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{aabac4b9-3f91-11e1-b54a-101f741441f7}\Shell - "" = AutoRun
O33 - MountPoints2\{aabac4b9-3f91-11e1-b54a-101f741441f7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
Teil II OTL.txt Datei ......... wie gehts jetzt weiter????
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 10:22:38 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Users\user\Desktop\IsoBurner-Setup.exe
[2012.03.15 10:22:38 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.03.15 03:15:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics
[2012.03.14 10:49:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Liebeck
[2012.03.14 09:39:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PDFCreator
[2012.03.14 09:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.03.14 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\pdfforge
[2012.03.14 09:18:14 | 000,065,024 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.03.14 09:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.03.14 08:59:30 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 08:59:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 08:59:29 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.13 22:29:32 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.13 22:29:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.13 22:29:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.13 22:29:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.13 22:29:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.13 22:29:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.13 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics
[2012.03.13 14:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Client
[2012.03.13 14:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sensormatic
[2012.03.13 14:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sensormatic
[2012.03.13 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8166564B-A6EB-4198-98E9-C0CEAF464B05}
[2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.03.11 03:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.02.19 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NokiaAccount
[2012.02.19 14:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VodBurner
[2012.02.19 14:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VodBurner
[2012.02.19 14:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2012.02.19 14:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunebite 7
[2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PantsOff
[2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff
[2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PantsOff
[2012.02.19 13:44:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Nokia
[2012.02.19 13:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.02.19 13:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012.02.19 13:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.02.19 13:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.02.19 13:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PC Suite
[2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nokia
[2012.02.19 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.02.19 13:34:22 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012.02.19 13:34:08 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll
[2012.02.19 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012.02.19 13:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2012.02.19 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda Fusion 3
[2012.02.19 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Miranda Fusion
[2012.02.19 13:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MirandaFusion
[2012.02.19 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.19 13:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.02.19 13:01:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2012.02.19 13:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2012.02.19 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.02.19 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.02.19 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BayWatcher Pro
[2012.02.19 12:43:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\aborange
[2012.02.19 12:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BayWatcher Pro
[2012.02.19 12:34:30 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2012.02.19 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.02.19 12:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.02.18 00:24:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EurekaLog
[2012.02.17 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\PDF Files
[2012.02.17 01:29:34 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.02.17 01:28:41 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.02.17 01:27:00 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012.02.17 01:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.02.17 01:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.02.17 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.02.17 00:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.02.17 00:36:22 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.02.17 00:26:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\UpdateStar
[2012.02.17 00:23:39 | 000,024,064 | ---- | C] (Visagesoft) -- C:\Windows\SysNative\vsmon1.dll
[2012.02.17 00:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visagesoft
[2012.02.17 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
[2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft
[2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Visage Software
[2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eXPert PDF Jobs
[2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eXPert PDF 6
[2012.02.17 00:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Expert - Installer
[2012.02.17 00:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Expert - Installer
[2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tiger-k
[2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Leawo
[2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leawo
[2012.02.17 00:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012.02.17 00:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012.02.17 00:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2012.02.17 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2012.02.16 23:46:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AntiBrowserSpy 2009
[2012.02.16 23:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
[2012.02.16 23:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiBrowserSpy
[2012.02.16 23:29:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpeedProject
[2012.02.16 23:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedProject
[2012.02.16 23:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedCommander 12
[2012.02.16 23:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedProject
[2012.02.16 23:08:24 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.16 23:08:19 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.16 23:08:19 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.16 23:08:19 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.16 23:08:19 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.16 23:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012.02.16 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2012.02.16 23:06:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.02.16 03:00:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 03:00:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 03:00:36 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 03:00:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 03:00:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 03:00:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 03:00:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 03:00:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 03:00:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.16 03:00:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 02:12:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\default
[2012.02.16 02:08:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit
[2012.02.16 02:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.02.16 02:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo_DE
[2012.02.16 02:06:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.02.15 13:58:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 13:58:02 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 13:58:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 13:52:15 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 11:04:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.15 10:49:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 10:49:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 10:41:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 10:41:10 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012.03.15 10:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 10:40:18 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.15 10:34:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.03.15 10:25:02 | 001,622,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.15 10:25:02 | 000,700,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.15 10:25:02 | 000,655,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.15 10:25:02 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.15 10:25:02 | 000,122,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.15 09:39:36 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Users\user\Desktop\IsoBurner-Setup.exe
[2012.03.14 09:20:31 | 000,487,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 09:13:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.13 14:18:01 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Network Client.lnk
[2012.03.13 14:18:00 | 000,002,294 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intellex Event Handler.lnk
[2012.03.09 11:19:24 | 000,000,081 | ---- | M] () -- C:\Windows\loge.dat
[2012.03.05 21:04:30 | 000,065,024 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.02.20 11:59:24 | 000,002,805 | ---- | M] () -- C:\Users\Public\Desktop\Lexware financial office.lnk
[2012.02.17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.02.17 00:36:16 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.02.17 00:36:16 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.02.16 22:26:36 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.16 21:57:04 | 000,187,360 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.16 08:42:15 | 001,650,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.14 14:36:09 | 000,647,446 | ---- | M] () -- C:\Users\user\Documents\CIMG0056.jpg
 
========== Files Created - No Company Name ==========
 
[2012.03.13 14:18:00 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Network Client.lnk
[2012.03.13 14:17:59 | 000,002,294 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intellex Event Handler.lnk
[2012.03.09 11:19:24 | 000,000,081 | ---- | C] () -- C:\Windows\loge.dat
[2012.02.19 12:26:37 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.02.17 00:12:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.02.16 23:07:41 | 000,002,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012.02.16 21:57:04 | 000,187,360 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.14 14:36:09 | 000,647,446 | ---- | C] () -- C:\Users\user\Documents\CIMG0056.jpg
[2012.02.14 01:13:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.02.01 21:09:55 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.26 23:46:58 | 000,245,240 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.01.26 23:46:57 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.01.09 20:57:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{D01921C8-453F-41E0-9300-7A2C5D7F4117}
[2012.01.08 20:57:00 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{AE771333-18E6-4F90-85F4-A3FAB37DD0C4}
[2011.12.31 01:44:23 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.12.31 01:44:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.12.31 01:44:23 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.12.31 01:44:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.12.31 01:44:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.12.22 23:30:21 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011.12.22 21:17:50 | 000,000,184 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011.10.12 15:58:02 | 001,650,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2011.08.23 15:25:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.23 15:16:51 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.08.23 15:15:40 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.23 15:15:39 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.23 15:15:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.23 15:15:37 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.23 15:11:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.31 19:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011.07.19 20:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011.07.19 20:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011.07.19 20:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011.07.19 20:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011.07.19 20:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011.07.19 20:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011.07.19 20:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011.07.19 20:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011.07.19 20:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011.07.06 14:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.06.21 11:14:44 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
[2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.22 15:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
 
========== LOP Check ==========
 
[2011.12.28 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\1-abc
[2012.02.19 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\aborange
[2012.01.09 01:04:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis
[2011.12.29 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alawar Entertainment
[2012.02.16 23:46:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AntiBrowserSpy 2009
[2012.02.17 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.02.19 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft
[2012.02.19 13:02:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.26 23:04:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2012.02.13 14:55:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson
[2012.03.12 19:17:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EurekaLog
[2012.02.07 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ
[2012.02.10 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IDT
[2012.02.06 11:48:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2012.02.17 00:13:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo
[2012.01.22 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware
[2012.02.19 13:22:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Miranda Fusion
[2012.02.19 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2012.03.14 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2011.12.28 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Participatory Culture Foundation
[2012.02.19 13:34:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2011.12.28 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCF-VLC
[2012.03.14 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PDFCreator
[2012.03.14 09:18:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\pdfforge
[2012.02.03 00:15:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Product_RM
[2011.12.28 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Q-Dir
[2012.01.22 12:09:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
[2011.12.22 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\S.A.D
[2012.03.06 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2011.12.31 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Software4u
[2012.02.16 23:29:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpeedProject
[2011.10.07 10:35:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics
[2012.02.06 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall
[2012.02.17 00:14:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tiger-k
[2011.10.12 15:58:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2012.02.16 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2011.12.28 20:45:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue
[2012.02.17 00:26:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UpdateStar
[2011.10.12 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012.03.15 10:41:10 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012.02.01 20:40:04 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.03.10 12:05:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.20 20:14:18 | 000,000,000 | ---D | M] -- C:\archive_db
[2011.06.21 21:27:44 | 000,000,000 | -HSD | M] -- C:\boot
[2012.03.14 08:54:03 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2012.01.17 20:32:05 | 000,000,000 | ---D | M] -- C:\dakotaag
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.07 09:23:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.17 20:32:59 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.08.23 15:34:56 | 000,000,000 | -H-D | M] -- C:\HP
[2011.08.23 15:14:29 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.22 12:45:49 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.01.17 20:33:02 | 000,000,000 | ---D | M] -- C:\Office Vorlagen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.19 13:34:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.14 09:18:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.13 14:17:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.07 09:23:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.07 09:24:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.07 09:24:37 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.03.15 11:09:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.07 09:24:45 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.10.07 09:23:49 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.17 20:34:12 | 000,000,000 | ---D | M] -- C:\WEB_BACKUP
[2012.03.15 07:45:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS >
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys
 
< MD5 for: IASTORV.SYS >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll
[2011.12.14 04:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
< %USERPROFILE%\*.* >
[2011.08.23 09:31:54 | 002,750,912 | ---- | M] (J3S GmbH) -- C:\Users\user\COMPUTERBILD App-Center-Installation.exe
[2012.03.15 11:10:00 | 003,932,160 | -HS- | M] () -- C:\Users\user\ntuser.dat
[2012.03.15 11:10:00 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG1
[2011.10.07 09:23:51 | 000,000,000 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG2
[2011.10.07 09:23:51 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.10.07 09:23:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.10.07 09:23:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.02.06 11:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TM.blf
[2012.02.06 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TMContainer00000000000000000001.regtrans-ms
[2012.02.06 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TMContainer00000000000000000002.regtrans-ms
[2011.12.20 21:01:05 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TM.blf
[2011.12.20 21:01:05 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2011.12.20 21:01:05 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2011.12.20 23:00:13 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TM.blf
[2011.12.20 23:00:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2011.12.20 23:00:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2011.10.07 09:23:52 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini
[2012.02.16 16:00:03 | 000,000,000 | ---- | M] () -- C:\Users\user\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
 
< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: txt Extras.Txt (77,7 KB, 215x aufgerufen)

Alt 15.03.2012, 12:05   #4
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Wie kann ich nun weiter verfahren????

Alt 15.03.2012, 12:24   #5
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group)
 :Files
C:\Users\user\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2012, 12:39   #6
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Ich hab zwischendurch schon einmal Malewarebytes durchlaufen lassen und die Log Datei hie angefügt: Vielleicht hilft das ja noch etwas...



Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.15.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
user :: USER-HP [Administrator]

Schutz: Deaktiviert

15.03.2012 12:29:20
mbam-log-2012-03-15 (13-24-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449342
Laufzeit: 48 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeM (Trojan.Ransom) -> Daten: C:\Users\user\AppData\Local\Skype\Skype.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
B:\Downloads\software\SetupCasino_9db90b_de.exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Users\user\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.
C:\Users\user\Downloads\SetupCasino_d214e_de.exe (PUP.Casino) -> Keine Aktion durchgeführt.
C:\Users\user\Downloads\SoftonicDownloader_fuer_google-translator.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\Users\user\AppData\Local\Skype\Skype.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.

(Ende)

Alt 15.03.2012, 12:41   #7
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



hab ich irgendwas von Malwarebytes geschrieben, kann mich nicht erinnern, also, entweder du machst das, und zwar ausschließlich dass, was hier steht, oder du arbeitest eben allein weiter.
wenn du nämlich sowieso das machst was du willst, kann ich mir das anweisung schreiben sparen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2012, 13:08   #8
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



ok, sorry...... hab jetzt die zip Datei versendet.

Alt 15.03.2012, 13:09   #9
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



"movedfiles"

Alt 15.03.2012, 15:30   #10
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



weiter hiermit:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2012, 23:25   #11
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Hallo, hier nun die Comfix Log-Datei

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-12.03 - user 15.03.2012  23:07:50.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8140.5772 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\Trojaner\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20111222232959.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\users\user\AppData\Local\Temp\nsq5A32.tmp\System.dll
c:\users\user\videos\vlc-1.1.4-win32.exe
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-15 bis 2012-03-15  ))))))))))))))))))))))))))))))
.
.
2012-03-15 23:01 . 2012-03-15 23:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-15 12:51 . 2012-03-15 12:51	--------	d-----w-	C:\_OTL
2012-03-15 11:19 . 2012-03-15 11:19	--------	d-----w-	c:\users\user\AppData\Roaming\Malwarebytes
2012-03-15 11:18 . 2012-03-15 11:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-15 11:18 . 2012-03-15 11:18	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-15 11:18 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-15 02:15 . 2012-03-15 02:15	--------	d-----w-	c:\users\user\AppData\Local\ElevatedDiagnostics
2012-03-14 08:39 . 2012-03-14 08:39	--------	d-----w-	c:\users\user\AppData\Roaming\PDFCreator
2012-03-14 08:18 . 2012-03-14 08:18	--------	d-----w-	c:\users\user\AppData\Roaming\pdfforge
2012-03-14 08:18 . 2012-03-05 20:04	65024	----a-w-	c:\windows\system32\pdfcmon.dll
2012-03-14 08:18 . 2012-03-14 08:18	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-03-14 07:59 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 07:59 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:59 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:30 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3734034D-FBC9-482E-863D-75203C40D910}\mpengine.dll
2012-03-13 21:29 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-13 21:29 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-13 21:29 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-13 21:29 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-13 21:29 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:29 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:29 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-13 21:29 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:29 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:29 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:27 . 2012-03-13 21:27	--------	d-----w-	c:\users\user\AppData\Local\Diagnostics
2012-03-13 13:17 . 2012-03-13 13:24	--------	d-----w-	c:\programdata\Sensormatic
2012-03-13 13:17 . 2012-03-13 13:17	--------	d-----w-	c:\program files (x86)\Sensormatic
2012-03-13 13:15 . 2012-03-13 13:15	--------	d-----w-	c:\users\user\AppData\Local\{8166564B-A6EB-4198-98E9-C0CEAF464B05}
2012-03-12 10:26 . 2012-03-12 10:26	--------	d-----w-	c:\program files (x86)\pdfforge Toolbar
2012-03-12 10:26 . 2012-03-12 10:26	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2012-03-12 10:26 . 2012-03-12 10:26	--------	d-----w-	c:\program files (x86)\Application Updater
2012-03-11 02:15 . 2012-03-11 02:15	--------	d-----w-	c:\program files (x86)\Common Files\Symantec Shared
2012-02-19 13:13 . 2012-02-19 13:13	--------	d-----w-	c:\program files (x86)\VodBurner
2012-02-19 13:07 . 2012-02-19 13:07	--------	d-----w-	c:\program files (x86)\PixiePack Codec Pack
2012-02-19 12:45 . 2012-03-15 03:14	--------	d-----w-	c:\program files (x86)\PantsOff
2012-02-19 12:44 . 2012-02-19 22:44	--------	d-----w-	c:\users\user\AppData\Local\Nokia
2012-02-19 12:44 . 2012-02-19 12:44	--------	d-----w-	c:\programdata\Nokia
2012-02-19 12:44 . 2012-02-19 12:44	--------	d-----w-	c:\program files (x86)\Common Files\Nokia
2012-02-19 12:43 . 2012-02-19 12:43	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2012-02-19 12:34 . 2012-02-19 12:44	--------	d-----w-	c:\users\user\AppData\Roaming\Nokia
2012-02-19 12:34 . 2012-02-19 12:34	--------	d-----w-	c:\users\user\AppData\Roaming\PC Suite
2012-02-19 12:34 . 2012-02-19 12:34	--------	d-----w-	c:\programdata\PC Suite
2012-02-19 12:34 . 2012-02-19 12:34	--------	d-----w-	c:\program files\DIFX
2012-02-19 12:34 . 2008-08-28 10:44	25600	----a-w-	c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-19 12:34 . 2012-02-19 12:44	--------	d-----w-	c:\program files (x86)\Nokia
2012-02-19 12:34 . 2011-11-01 09:07	57856	----a-w-	c:\windows\system32\nmwcdclsX64.dll
2012-02-19 12:32 . 2012-02-19 12:32	--------	d-----w-	c:\programdata\Installations
2012-02-19 12:22 . 2012-02-19 12:22	--------	d-----w-	c:\users\user\AppData\Roaming\Miranda Fusion
2012-02-19 12:22 . 2012-02-19 12:23	--------	d-----w-	c:\program files (x86)\MirandaFusion
2012-02-19 12:01 . 2012-02-19 12:06	--------	d-----w-	c:\users\user\AppData\Roaming\DVDVideoSoft
2012-02-19 12:01 . 2012-02-19 12:03	--------	d-----w-	c:\program files (x86)\eMule
2012-02-19 12:00 . 2012-02-19 12:01	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-02-19 12:00 . 2012-02-19 12:00	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2012-02-19 11:43 . 2012-02-19 11:43	--------	d-----w-	c:\users\user\AppData\Roaming\aborange
2012-02-19 11:43 . 2012-02-19 11:44	--------	d-----w-	c:\program files (x86)\BayWatcher Pro
2012-02-19 11:34 . 2009-08-24 21:13	34304	----a-w-	c:\windows\system32\DfSdkBt.exe
2012-02-19 11:26 . 2012-02-19 11:26	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-02-17 23:24 . 2012-03-12 18:17	--------	d-----w-	c:\users\user\AppData\Roaming\EurekaLog
2012-02-17 00:29 . 2012-02-17 00:29	--------	d-----w-	c:\windows\en
2012-02-17 00:28 . 2012-02-17 00:28	--------	d-----w-	c:\windows\de
2012-02-17 00:27 . 2011-05-13 14:37	48488	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2012-02-17 00:25 . 2012-02-17 00:25	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\9758f67b1cced0a02\MeshBetaRemover.exe
2012-02-17 00:04 . 2012-02-17 00:04	--------	d-----w-	c:\programdata\McAfee
2012-02-17 00:04 . 2012-02-17 00:04	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-02-17 00:04 . 2012-02-19 11:28	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2012-02-16 23:37 . 2012-02-16 23:38	--------	d-----w-	c:\program files\Oracle
2012-02-16 23:36 . 2012-01-10 12:28	750488	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-02-16 23:26 . 2012-02-16 23:26	--------	d-----w-	c:\users\user\AppData\Roaming\UpdateStar
2012-02-16 23:23 . 2009-06-15 17:40	24064	----a-w-	c:\windows\system32\vsmon1.dll
2012-02-16 23:23 . 2012-02-17 09:18	--------	d-----w-	c:\programdata\eXPert PDF 6
2012-02-16 23:23 . 2012-02-16 23:23	--------	d-----w-	c:\programdata\Visage Software
2012-02-16 23:23 . 2012-02-16 23:23	--------	d-----w-	c:\programdata\eXPert PDF Jobs
2012-02-16 23:23 . 2012-02-16 23:23	--------	d-----w-	c:\program files (x86)\Visagesoft
2012-02-16 23:20 . 2012-02-16 23:20	--------	d-----w-	c:\program files (x86)\PDF Expert - Installer
2012-02-16 23:13 . 2012-02-16 23:14	--------	d-----w-	c:\users\user\AppData\Roaming\tiger-k
2012-02-16 23:13 . 2012-02-16 23:13	--------	d-----w-	c:\users\user\AppData\Roaming\Leawo
2012-02-16 23:12 . 2011-03-02 10:43	175616	----a-w-	c:\windows\SysWow64\unrar.dll
2012-02-16 23:12 . 2012-02-16 23:13	--------	d-----w-	c:\program files (x86)\K-Lite Codec Pack
2012-02-16 23:12 . 2012-02-16 23:12	--------	d-----w-	c:\program files (x86)\Leawo
2012-02-16 22:46 . 2012-02-16 22:46	--------	d-----w-	c:\users\user\AppData\Roaming\AntiBrowserSpy 2009
2012-02-16 22:45 . 2012-02-16 22:45	--------	d-----w-	c:\program files (x86)\AntiBrowserSpy
2012-02-16 22:29 . 2012-02-16 22:29	--------	d-----w-	c:\users\user\AppData\Roaming\SpeedProject
2012-02-16 22:29 . 2012-02-16 22:29	--------	d-----w-	c:\program files (x86)\Common Files\SpeedProject
2012-02-16 22:29 . 2012-02-16 22:29	--------	d-----w-	c:\program files (x86)\SpeedProject
2012-02-16 22:08 . 2011-12-13 08:35	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2012-02-16 22:08 . 2011-12-13 08:29	25920	----a-w-	c:\windows\system32\authuitu.dll
2012-02-16 22:08 . 2011-12-13 08:29	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-02-16 22:08 . 2011-12-13 08:29	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2012-02-16 22:08 . 2011-12-13 08:29	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2012-02-16 22:07 . 2012-02-16 22:08	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2011
2012-02-16 22:06 . 2012-02-16 22:06	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-02-16 01:08 . 2012-02-16 01:08	--------	d-----w-	c:\users\user\AppData\Local\Conduit
2012-02-16 01:08 . 2012-02-16 01:08	--------	d-----w-	c:\program files (x86)\Conduit
2012-02-16 01:08 . 2012-02-16 01:08	--------	d-----w-	c:\program files (x86)\Ashampoo_DE
2012-02-15 12:58 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 12:58 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-15 12:58 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 12:58 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-15 12:52 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-15 12:52 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 12:52 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 08:13 . 2011-12-20 19:01	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 00:26 . 2010-06-24 09:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-16 21:26 . 2011-12-28 22:54	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-03 21:39 . 2012-02-03 21:39	44032	----a-w-	c:\windows\SysWow64\FKStampPainter20.dll
2012-01-26 11:22 . 2012-01-26 11:22	4771184	----a-w-	c:\windows\SysWow64\LxXtreme100.dll
2012-01-26 11:22 . 2012-01-26 11:22	104304	----a-w-	c:\windows\SysWow64\LxUISettingsN100.dll
2012-01-26 11:22 . 2012-01-26 11:22	25968	----a-w-	c:\windows\SysWow64\LxTPSW100.dll
2012-01-26 11:22 . 2012-01-26 11:22	1334640	----a-w-	c:\windows\SysWow64\LxTool100.dll
2012-01-26 11:22 . 2012-01-26 11:22	63344	----a-w-	c:\windows\SysWow64\LxPXTree100.dll
2012-01-26 11:22 . 2012-01-26 11:22	111472	----a-w-	c:\windows\SysWow64\LxODBC100.dll
2012-01-26 11:22 . 2012-01-26 11:22	127344	----a-w-	c:\windows\SysWow64\LxMail100.dll
2012-01-26 11:21 . 2012-01-26 11:21	200048	----a-w-	c:\windows\SysWow64\LxDBAL100.dll
2012-01-26 11:21 . 2012-01-26 11:21	76656	----a-w-	c:\windows\SysWow64\LxDAO100.dll
2012-01-26 11:21 . 2012-01-26 11:21	49520	----a-w-	c:\windows\SysWow64\LXCurr100.dll
2012-01-26 11:21 . 2012-01-26 11:21	67952	----a-w-	c:\windows\SysWow64\LxCI12.dll
2012-01-26 11:21 . 2012-01-26 11:21	193904	----a-w-	c:\windows\SysWow64\LxBasics100.dll
2012-01-10 12:28 . 2011-06-21 10:16	660368	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-08 23:51 . 2012-01-08 23:51	285280	----a-w-	c:\windows\system32\drivers\afcdp.sys
2012-01-08 23:51 . 2012-01-08 23:51	1263200	----a-w-	c:\windows\system32\drivers\tdrpm273.sys
2012-01-08 23:51 . 2012-01-08 23:51	943712	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-01-08 23:51 . 2012-01-08 23:51	277088	----a-w-	c:\windows\system32\drivers\snapman.sys
2011-12-29 00:54 . 2011-12-29 00:30	1477728	----a-w-	c:\windows\system32\drivers\tdrpm258.sys
2011-12-28 23:10 . 2011-06-21 10:16	544656	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 13:21	128064	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-22 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"BrowserMask"="c:\program files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2011-06-21 101280]
"UpdateStar"="c:\users\user\AppData\Roaming\UpdateStar\UpdateStar.exe" [2010-09-01 4739312]
"Miranda Fusion"="c:\program files (x86)\MirandaFusion\fusiontools\mfstart.exe" [2011-03-28 967508]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5145824]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-01-15 1564368]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-04 934752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2012-1-29 3515392]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Intellex Event Handler.lnk - c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2011-7-25 1037312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"TransferManager"=c:\program files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe /Embedding
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/23 16:33;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [2011-09-28 885160]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [2010-11-11 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-08 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-04 748440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-15 1564368]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys [2011-03-08 12824]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NtlxSrvMgr;NtlxSrvMgr;c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe [2011-07-25 180736]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [2011-11-07 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-04 793048]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-15 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-28 13:43]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 19:47]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 19:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.osthessennews.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-vspdfprsrv.exe - c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
Wow6432Node-HKLM-Run-Intellex Service Manager - %ProgramFiles(x86)%\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16  00:09:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-15 23:09
.
Vor Suchlauf: 14 Verzeichnis(se), 193.682.042.880 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 193.306.324.992 Bytes frei
.
- - End Of File - - C9D910D21B082F898BD3DF70B11F3E50
         
--- --- ---

Alt 16.03.2012, 09:30   #12
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.03.2012, 10:39   #13
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



hier die Liste der Installierten Programme aus CCleaner

1-abc.net File Finder (Remove only) 27.12.2011 unbekannt
Acronis*True*Image*Home Acronis 08.01.2012 158,5MB 13.0.7154 unnötig
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 21.12.2011 6,00MB 11.1.102.55 notwendig
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 13.03.2012 6,00MB 11.1.102.63 notwendig
Adobe Reader X (10.1.2) MUI Adobe Systems Incorporated 16.01.2012 478MB 10.1.2 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 22.08.2011 11.5.9.620 unbekannt
AntiBrowserSpy Abelssoft 15.02.2012 59,3MB 3.6.106 notwendig
Apple Application Support Apple Inc. 21.12.2011 61,2MB 2.1.6 unbekannt
Apple Mobile Device Support Apple Inc. 21.12.2011 24,9MB 4.0.0.97 unbekannt
Apple Software Update Apple Inc. 21.12.2011 2,38MB 2.1.3.127 notwendig
Ashampoo Burning Studio 10 v.10.0.15 Ashampoo GmbH & Co. KG 16.02.2012 233MB 10.0.15 unnötig
Ashampoo Burning Studio 11 v.11.0.4 Ashampoo GmbH & Co. KG 15.02.2012 374MB 11.0.4 notwendig
Ashampoo Burning Studio 2010 Advanced 9.25 Ashampoo GmbH & Co. KG 27.12.2011 98,1MB 3.1.1 evtl. unnötig
Ashampoo DE Toolbar Ashampoo DE 15.02.2012 6.8.5.1 unbekannt
Ashampoo WinOptimizer 8 v.8.13 Ashampoo GmbH & Co. KG 18.02.2012 71,2MB 8.1.3 evtl. notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 22.08.2011 22,4MB 3.0.816.0 unbekannt
Audials RapidSolution Software AG 30.12.2011 292MB 8.0.54900.0 unnötig
Audials TV RapidSolution Software AG 30.12.2011 2,07MB 1.3.10803.300 evtl. unnötig
Avira Free Antivirus Avira 15.02.2012 105,9MB 12.0.0.898 notwendig
BayWatcher Pro - Deinstallation Mathias Gerlach & Jochen Milchsack [aborange.de] 18.02.2012 23,9MB 8.05 evtl. unnötig
Bing Bar Microsoft Corporation 22.08.2011 24,4MB 7.0.610.0 unbekannt
Bonjour Apple Inc. 21.12.2011 2,04MB 3.0.0.10 unbekannt
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 23.08.2011 5.60.48.61 notwendig
CCleaner Piriform 15.03.2012 3.16 notwendig
CheckDrive Abelssoft 21.12.2011 28,3MB 3.0 notwendig
COMPUTERBILD App-Center J3S 19.12.2011 3,11MB 1.1.15 unnötig
Corel Graphics Suite 11 Corel Corporation 12.02.2012 264MB 11 notwendig
CyberGhost VPN Patch 4.7.18 CyberGhost S.R.L. 21.12.2011 51,2MB notwendig
CyberLink PowerDVD 10 CyberLink Corp. 22.08.2011 227MB 10.0.3.2714 notwendig
CyberLink YouCam CyberLink Corp. 14.01.2012 125,5MB 3.5.1.4606 notwendig
dakota.ag ITSG 30.12.2011 5.0.0.0 notwendig
DivX-Setup DivX, LLC 30.12.2011 2.6.1.3 notwendig
Druckerdeinstallation für EPSON BX620FWD Series SEIKO EPSON Corporation 06.02.2012 notwendig
EASEUS Partition Master 8.0.1 Home Edition EASEUS 30.12.2011 40,5MB evtl. notwendig
ElsterFormular Landesfinanzdirektion Thüringen 25.01.2012 188,6MB 13.0.0.8086u notwendig
eMule Plus 1.2e eMule Plus Team 18.02.2012 unnötig
Energy Star Digital Logo Hewlett-Packard 22.08.2011 0,29MB 1.0.1 notwendig
EPSON BX620FWD Series Handbuch 12.02.2012 unnötig
EPSON BX620FWD Series Netzwerk-Handbuch 12.02.2012 unnötig
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 06.02.2012 2.3.2.0 notwendig
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION2 06.02.2012 1.00.0000 notwendig
Epson Event Manager SEIKO EPSON CORPORATION 12.02.2012 38,8MB 2.40.0001 notwendig
Epson FAX Utility SEIKO EPSON CORPORATION 06.02.2012 1.20.00 notwendig
Epson PC-FAX Driver 06.02.2012 notwendig
EPSON Scan Seiko Epson Corporation 12.02.2012 notwendig
EpsonNet Print SEIKO EPSON CORPORATION 12.02.2012 2.5.00 notwendig
EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 12.02.2012 3.3a notwendig
Evernote v. 4.2.2 Evernote Corp. 20.06.2011 139,1MB 4.2.2.3979 unbekannt
eXPert PDF 6 Avanquest software 16.02.2012 6.20.400.0 notwendig
Formatwandler 4 SE S.A.D. 21.12.2011 72,9MB 4.0.11.800 notwendig
Free Studio version 5.3.3 DVDVideoSoft Ltd. 18.02.2012 703MB evtl. notwendig
Google Chrome Google Inc. 28.12.2011 17.0.963.79 unnötig
Google Earth Google 07.02.2012 116,4MB 6.2.1.6014 notwendig
Google Toolbar for Internet Explorer Google Inc. 29.02.2012 7.3.2614.234 unnötig??
GPS Tracker Utility 1.18 (Build 980827) 21.01.2012 notwendig
Guard.ICQ Mail.ru 14.01.2012 notwendig
Hardcopy (C:\Program Files (x86)\Hardcopy) www.hardcopy.de 28.01.2012 2012.01.04 notwendig
HP 3D DriveGuard Hewlett-Packard Company 22.08.2011 7,00MB 4.1.5.1 notwendig
HP Connection Manager Hewlett-Packard Company 22.08.2011 33,5MB 4.0.45.1 notwendig
HP Customer Participation Program 13.0 HP 25.01.2012 13.0 unbekannt
HP Documentation Hewlett-Packard 22.08.2011 333MB 1.1.0.0 unbekannt
HP Games WildTangent 22.08.2011 1.0.2.4 unnötig
HP Imaging Device Functions 13.0 HP 25.01.2012 13.0 unbekannt
HP On Screen Display Hewlett-Packard Company 20.06.2011 1,43MB 1.1.2 unbekannt
HP Photosmart Essential 3.5 HP 25.01.2012 3.5 notwendig
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP 25.01.2012 13.0 notwendig
HP Power Manager Hewlett-Packard Company 22.08.2011 3,61MB 1.2.3 notwendig
HP Quick Launch Hewlett-Packard Company 20.06.2011 7,14MB 2.3.6 notwendig
HP Setup Hewlett-Packard Company 20.06.2011 8.6.4530.3651 notwendig
HP Setup Manager Hewlett-Packard Company 22.08.2011 8,31MB 1.1.13231.3673 notwendig
HP SimplePass 2011 Hewlett-Packard 19.12.2011 77,0MB 5.3.0.273 unbekannt
HP Smart Web Printing 4.51 HP 25.01.2012 4.51 unbekannt
HP Software Framework Hewlett-Packard Company 20.06.2011 2,81MB 4.0.110.1 notwendig
HP Solution Center 13.0 HP 25.01.2012 13.0 notwendig
HP Support Assistant Hewlett-Packard Company 20.06.2011 68,5MB 5.2.9.2 unnötig
HP Update Hewlett-Packard 25.01.2012 3,73MB 4.000.011.006 notwendig
iCloud Apple Inc. 21.01.2012 31,2MB 1.0.2.17 notwendig
ICQ Sparberater solute gmbh 14.01.2012 0,46MB 1.3.671 unnötig
ICQ Toolbar ICQ 14.01.2012 3.0.0 evtl. notwendig
ICQ7.7 ICQ 14.01.2012 7.7 notwendig
iDevice Manager Marx Softwareentwicklung 21.12.2011 7,04MB 1.0.0.0 unbekannt
IDT Audio IDT 22.08.2011 1.0.6329.0
Installationsassistent Security Center GmbH & Co. KG 21.01.2012 1,16MB 1.04.0000 unnötig
Intel(R) Display Audio Driver Intel Corporation 23.08.2011 6.14.00.3074 notwendig
Intel(R) Management Engine Components Intel Corporation 23.08.2011 7.0.0.1144 unbekannt
Intel(R) Rapid Storage Technology Intel Corporation 23.08.2011 10.1.2.1004 unbekannt
IrfanView (remove only) Irfan Skiljan 28.12.2011 1,50MB 4.30 notwendig
iTunes Apple Inc. 21.01.2012 172,5MB 10.5.3.3 notwendig
Java(TM) 6 Update 24 (64-bit) Oracle 20.06.2011 90,8MB 6.0.240 notwendig
Java(TM) 7 Oracle 28.12.2011 98,9MB 7.0.0 notwendig
Java(TM) 7 Update 3 (64-bit) Oracle 16.02.2012 93,7MB 7.0.30 notwendig
Java(TM) SE Development Kit 7 Update 3 (64-bit) Oracle 16.02.2012 141,6MB 1.7.0.30 notwendi??
JavaFX 2.0.3 (64-bit) Oracle Corporation 16.02.2012 20,9MB 2.0.3 notwendig??
JavaFX 2.0.3 SDK (64-bit) Oracle Corporation 16.02.2012 66,8MB 2.0.3 notwendig??
Join Air ZTE Corporation 06.02.2012 1.0.0.2 notwendig
K-Lite Codec Pack 7.9.0 (Basic) 16.02.2012 24,5MB 7.9.0 evtl. notwendig
Leawo Video Converter 2012 Version 4.0.0.2 Leawo Software 17.02.2012 4.0.0.2 notwendig
Lexware Elster Haufe-Lexware GmbH & Co.KG 30.12.2011 68,2MB 10.25.00.0003 notwendig
Lexware financial office 2012 Haufe-Lexware GmbH & Co.KG 19.02.2012 836MB 16.03.00.0173 notwendig
Lexware Info Service Haufe-Lexware GmbH & Co.KG 30.12.2011 14,9MB 2.80.00.0007 notwendig
Magic Desktop EasyBits Software AS 22.08.2011 107,4MB 3.0 unbekannt
Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.03.2012 17,4MB 1.60.1.1000 notwendig
McAfee Security Scan Plus McAfee, Inc. 18.02.2012 8,30MB 2.0.181.2 notwendig
Mediathek 2.5.0 21.12.2011 2.5.0 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.10.2011 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.10.2011 2,94MB 4.0.30319 notwendig??
Microsoft .NET Framework 4 Extended Microsoft Corporation 19.12.2011 52,0MB 4.0.30319 notwendig??
Microsoft Office 2010 Microsoft Corporation 20.06.2011 6,31MB 14.0.4763.1000 notwendig
Microsoft Office Enterprise 2007 Microsoft Corporation 20.12.2011 12.0.6425.1000 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 09.02.2012 7,95MB 14.0.5130.5003 unbekannt
Microsoft Office Klick-und-Los 2010 Microsoft Corporation 11.10.2011 14.0.4763.1000 unbekannt
Microsoft Office Outlook Connector Microsoft Corporation 16.02.2012 3,34MB 14.0.5118.5000 notwendig
Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 11.10.2011 14.0.5128.5002 notwendig
Microsoft Silverlight Microsoft Corporation 15.02.2012 60,3MB 4.1.10111.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.06.2011 1,70MB 3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.02.2012 2,38MB 8.0.56336 notwendig??
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.06.2011 0,77MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 22.08.2011 0,77MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13.10.2011 0,77MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.12.2011 0,23MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.08.2011 0,58MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13.10.2011 0,59MB 9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 13.10.2011 13,7MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.12.2011 16,5MB 10.0.40219 unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. 30.12.2011 0,92MB 3.0.5305.0 unbekannt
Miranda Fusion 3.1.10.0 Miranda Fusion Team 07.03.2012 27,5MB 3.1.10.0 notwendig??
Miro Participatory Culture Foundation 27.12.2011 4.0.3 unbekannt
Mozilla Firefox 10.0.2 (x86 de) Mozilla 16.02.2012 43,5MB 10.0.2 notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.12.2011 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.12.2011 1,33MB 4.20.9876.0 unbekannt
NetworkClient Ihr Firmenname 12.03.2012 149,8MB 5.00.74.189 notwendig
Nokia Connectivity Cable Driver Nokia 18.02.2012 3,94MB 7.1.69.0 notwendig
Nokia Suite Nokia 18.02.2012 3.3.86.0 notwendig
Norton Internet Security Symantec Corporation 06.10.2011 18.7.0.13 notwendig??
OCR Software by I.R.I.S. 13.0 HP 25.01.2012 13.0 notwendig
Paint.NET v3.5.10 dotPDN LLC 28.12.2011 10,7MB 3.60.0 notwendig
PantsOff 2.0 Christoph Bünger Software 18.02.2012 2.0 unbekannt
PC Beschleunigen - Vollständige Deinstallation Speedchecker Limited 21.12.2011 5,76MB 2.3.18 evtl. notwendig
PC Connectivity Solution Nokia 18.02.2012 20,9MB 11.5.29.0 unbekannt
PC Tools Registry Mechanic 11.0 PC Tools 02.02.2012 31,5MB 11.0 unbekannt
PDF Expert 6 - Installer Avanquest GmbH 16.02.2012 26,1MB notwendig
PDFCreator Frank Heindörfer, Philip Chinery 13.03.2012 1.3.0 notwendig
pdfforge Toolbar v5.1 Spigot, Inc. 11.03.2012 10,9MB 5.1 notwendig??
PhotoFiltre 6.5.1 21.12.2011 6.5.1 unbekannt
PixiePack Codec Pack None 18.02.2012 17,2MB 1.1.1200.0 notwendig
PL-2303 USB-to-Serial Prolific Technology INC 21.01.2012 1.00.000 notwendig
PL-2303 USB-to-Serial 20.06.2011 notwendig
Q-Dir 21.12.2011 unbekannt
QuickTime Apple Inc. 21.01.2012 73,3MB 7.71.80.42 notwendig
Realtek Ethernet Controller Driver Realtek 22.08.2011 7.41.216.2011 notwendig
Realtek PCIE Card Reader Realtek Semiconductor Corp. 22.08.2011 6.1.7600.74 notwendig
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 22.08.2011 0,59MB 2.0.32.0 notwendig
Safari Apple Inc. 21.01.2012 43,3MB 5.34.52.7 unnötig
Skype™ 5.5 Skype Technologies S.A. 19.12.2011 17,0MB 5.5.124 notwendig
SpeedCommander 12 SpeedProject 15.02.2012 12 notwendig
StarMoney 7.0 Star Finanz GmbH 28.12.2011 7.0 notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 22.08.2011 46,4MB 15.2.4.4 evtl. notwendig
TeamViewer 7 TeamViewer 18.02.2012 7.0.12541 notwendig
Tunebite RapidSolution Software AG 18.02.2012 192,7MB 7.2.12800.0 notwendig??
TuneUp Utilities 2011 TuneUp Software 15.02.2012 10.0.4600.4 notwendig
Uniblue DriverScanner Uniblue Systems Ltd 27.12.2011 25,4MB 4.0.3.4 notwendig??
UpdateStar UpdateStar GmbH 16.02.2012 25,8MB 6.0.1036 notwendig
Validity WBF DDK Validity Sensors, Inc. 22.08.2011 22,6MB 4.3.118.0 unbekannt
VLC media player 1.1.11 VideoLAN 21.12.2011 1.1.11 notwendig
VodBurner Netralia 18.02.2012 10,1MB 1.0.5 unbekannt
Winamp Nullsoft, Inc 21.12.2011 5.621 notwendig
Winamp Erkennungs-Plug-in Nullsoft, Inc 21.12.2011 63,00KB 1.0.0.1 notwendig
Windows 7 Codec Pack 3.3.0 Windows 7 Codec Pack 21.12.2011 notwendig
Windows Live Essentials Microsoft Corporation 17.02.2012 15.4.3538.0513 notwendig
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 20.06.2011 5,57MB 15.4.5722.2 notwendig??
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 20.06.2011 5,58MB 15.4.5722.2 notwendig??
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 18.02.2012 08/22/2008 7.0.0.0 notwendig
WinRAR 4.01 (64-Bit) win.rar GmbH 21.12.2011 4.01.0 notwendig
Yahoo! Messenger Yahoo! Inc. 21.01.2012 notwendig
Yahoo! Software Update 21.01.2012 notwendig
Yahoo! Toolbar 21.01.2012 notwendig

Alt 16.03.2012, 11:02   #14
markusg
/// Malware-holic
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



deinstaliere:
1-abc
Acronis
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Shockwave
Ashampoo DE Toolbar
Ashampoo WinOptimizer : verzichte auf solche software, bringt nichts und kann dem system schaden
Audials : beide
BayWatcher
Bing
COMPUTERBILD
eMule
Evernote
Google : die mit unnötig gekennzeichneten
ICQ Sparberater
ICQ Toolbar
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren.


deinstalieren:
Magic Desktop
McAfee Security Scan
Norton : woher soll ich wissen, ob du das nutzt, falls ja, avira weg. falls nein, norton weg
PantsOff
PC Beschleunigen : blödsinn, weg damit, kann ebenfalls dem pc schaden.
PC Tools
pdfforge
PhotoFiltre
TuneUp : wie viel tuning programme brauchst du :d gilt das selbe wie für die andern.
Uniblue
VodBurner
Yahoo! Toolbar

code packs:
wofür brauchst du die alle, der vlc spielt doch eig alles ab.
Windows 7 Codec
PixiePack
K-Lite
können alle weg.

öffne ccleaner, analysieren CCleaner starten.
teste wie der pc läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.03.2012, 11:22   #15
Liebeck
 
Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Standard

Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?



Ich deinstalliere alle diese Programme jetzt, kann ich dann zum herunterladen von Adobe Reader und Java wieder online gehen oder soll ich es von einem anderen PC runterladen und dann offline hinein kopieren?? So mache ich es jetzt die ganze Zeit. INfizierter PC ist im offline Modus.

Antwort

Themen zu Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?
abgesicherte, abgesicherten, ahnung, anweisung, blockiert, dateien, downloaden, eingefangen, fremd, gefangen, gen, gestern, installiere, installieren, kurze, laden, link, modus, normale, normalen, seite, startseite, system, vieles, virus, windows



Ähnliche Themen: Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?


  1. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (1)
  2. Habe mir auch den Bundespolizei Virus eingefangen
    Log-Analyse und Auswertung - 03.05.2013 (16)
  3. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 28.01.2013 (13)
  4. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 20.01.2013 (5)
  5. Virus Bundespolizei Laptop bei Wlannutzung blockiert
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  6. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (8)
  7. Hilfe Virus eingefangen: Windows blockiert!
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (41)
  8. "Windows-wird-aus-Sicherheitsgründen-blockiert"-Virus ... wie entfernen? OTL läuft nicht.
    Log-Analyse und Auswertung - 02.03.2012 (1)
  9. 50 Euro Virus - Windows wird blockiert
    Log-Analyse und Auswertung - 27.02.2012 (42)
  10. 50€ Virus/Windows wird blockiert
    Log-Analyse und Auswertung - 26.02.2012 (1)
  11. Windows 7: "bezahlen und runterladen"-virus _ aus sicherheitsgründen wird...blockiert.etc
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (1)
  12. Bundespolizei Virus (mit Ukash) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  13. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Log-Analyse und Auswertung - 29.12.2011 (19)
  14. "Windows wird aus Sicherheitsgründen blockiert"Virus blockiert System
    Log-Analyse und Auswertung - 22.12.2011 (4)
  15. Pc wird blockiert: Aus Sicherheitsgründen wurde ihr Windows System blockiert.....
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (7)
  16. Virus: Aus Sicherheitsgründen wird Ihr Windows blockiert!
    Log-Analyse und Auswertung - 04.12.2011 (1)
  17. BUNDESPOLIZEI-VIRUS eingefangen - Beseitiegung des Schädlings
    Log-Analyse und Auswertung - 12.09.2011 (19)

Zum Thema Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? - Hallo, seit gestern habe ich mir den Bundes-Trojaner / Virus eingefangen, welcher mein gesamtes System blockiert. Lediglich im abgesicherten Modus kann ich auf die Dateien zugreifen. Im normalen Modus blockiert - Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?...
Archiv
Du betrachtest: Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.