Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizeitrojaner hat PC gesperrt und fordert Geld

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.06.2012, 07:24   #1
laguna120
 
Bundespolizeitrojaner hat PC gesperrt und fordert Geld - Standard

Bundespolizeitrojaner hat PC gesperrt und fordert Geld



Hallo,
Gestern hat bei mir leider einer der "Bundespolizeitrojaner" zugeschlagen und meinen Rechner (Windows7 Ultimate 64Bit) gesperrt. Die Sperre soll wie üblich nach Zahlung von 100€ aufgehoben werden .
Man kann keine Programme mehr öffnen, der Taskmanager verschwindet sofort hinter der Mitteilung. Es gibt nur den einen Nutzer.
Im abgesicherten Modus kann man den Rechner benutzen, leider hab ich da aber noch keinen Internetzugang, da wahrscheinlich die Treiber für den W-LAN-Stick nicht aktiv sind. Das sollte aber mit einem LAN-Kabel zu lösen sein.
Weiterhin steht ein zweiter PC (WIN XP) zur Verfügung.
Im abgesicherten Modus hab ich gestern noch einen Scan mit AVIRA Antivir gemacht, einen Treffer gehabt und gelöscht. Da das war bevor ich das erste mal hier im Forum war, kann ich euch leider nicht sagen was ich da gelöscht habe.
Weiterhin hab ich erfolglos den Kaspersky Windows Unlocker (1.0.3; von Chip.de geladen) gestartet - die Sperre blieb bestehen.
Eine Verschlüsselung meiner Daten konnte ich noch nicht feststellen. Wie kann ich das am besten erkennen?
Wie soll ich weiter machen? Malwarebytes Anti-Malware im abgesicherten Modus starten oder von Boot-CD?

Danke schon mal im Voraus

Bin ein wenig weitergekommen. Hab mir über LAN einen Internetzugang geschaffen und konnte somit defogger, OTL und Anti-Maleware in der Reihenfolge im abgesicherten Modus laufen lassen.
defogger lief fehlerfrei.

OTL.log:
Code:
ATTFilter
OTL logfile created on: 06.06.2012 17:21:27 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\HTPC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,46 Gb Available Physical Memory | 86,42% Memory free
8,00 Gb Paging File | 7,48 Gb Available in Paging File | 93,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,32 Gb Total Space | 119,88 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 9,61 Gb Free Space | 19,67% Space Free | Partition Type: NTFS
Drive E: | 931,50 Gb Total Space | 181,36 Gb Free Space | 19,47% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 72,11 Gb Free Space | 32,54% Space Free | Partition Type: NTFS
Drive W: | 50,39 Gb Total Space | 35,07 Gb Free Space | 69,59% Space Free | Partition Type: NTFS
Drive Z: | 499,68 Mb Total Space | 39,40 Mb Free Space | 7,89% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN3 | User Name: HTPC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 17:15:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.19 18:12:03 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.27 20:40:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.18 19:37:50 | 000,758,912 | ---- | M] (CM & V) [Auto | Stopped] -- C:\Program Files (x86)\DVBViewer\DVBVservice.exe -- (DVBVRecorder)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.30 13:55:00 | 000,538,768 | ---- | M] (TechniSat Digital S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UDST7000BDA.sys -- (UDST7000BDA)
DRV:64bit: - [2011.12.30 13:55:00 | 000,027,664 | ---- | M] (TechniSat Digital S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UDST7000HID.sys -- (UDST7000HID)
DRV:64bit: - [2011.03.18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.03.18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.14 02:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011.02.14 02:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011.02.14 02:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.07 14:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 14:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 14:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.23 13:22:12 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinktun4.sys -- (dvblinktun4)
DRV:64bit: - [2010.11.23 13:22:12 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinktun3.sys -- (dvblinktun3)
DRV:64bit: - [2010.11.23 13:22:12 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinktun2.sys -- (dvblinktun2)
DRV:64bit: - [2010.11.23 13:22:12 | 000,020,784 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinktun.sys -- (dvblinktun)
DRV:64bit: - [2010.11.23 13:22:12 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinkcap4.sys -- (dvblinkcap4)
DRV:64bit: - [2010.11.23 13:22:12 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinkcap3.sys -- (dvblinkcap3)
DRV:64bit: - [2010.11.23 13:22:12 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinkcap2.sys -- (dvblinkcap2)
DRV:64bit: - [2010.11.23 13:22:12 | 000,018,608 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvblinkcap.sys -- (dvblinkcap)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.09.17 15:05:00 | 000,439,936 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2010.09.17 15:05:00 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2010.09.17 15:05:00 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (hcw88bda)
DRV:64bit: - [2010.09.17 15:05:00 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2010.09.15 19:37:34 | 000,344,592 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsBda.sys -- (MTSBDA)
DRV:64bit: - [2009.11.09 13:42:56 | 000,025,664 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID)
DRV:64bit: - [2009.11.04 13:13:24 | 000,840,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV:64bit: - [2009.11.04 13:13:24 | 000,026,688 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)
DRV:64bit: - [2009.09.29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.06.28 22:50:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/17 17:48:50] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999.09.10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 31 BA D6 23 E3 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {652F28EA-EC95-40F8-B4F0-4C028E51E605}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{20220B6D-5969-4AFC-B5D2-7B7B6183C7B1}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{24E7DF4C-53A2-40C8-A757-FF7B35C8EFF8}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5AB1ABC8-B813-4197-B832-6A4CADCEE35B}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{652F28EA-EC95-40F8-B4F0-4C028E51E605}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{F2F48A34-1DC1-4872-9821-12B22133AC4B}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.17 10:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 10:10:03 | 000,000,000 | ---D | M]
 
[2010.11.23 21:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTPC\AppData\Roaming\mozilla\Extensions
[2010.11.23 21:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTPC\AppData\Roaming\mozilla\Extensions\{dd77d456-f77d-4302-a7df-f6f8868ded4e}
[2012.06.02 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HTPC\AppData\Roaming\mozilla\Firefox\Profiles\8itt8lez.default\extensions
[2012.05.18 11:26:02 | 000,000,000 | ---D | M] (FireHbbTV) -- C:\Users\HTPC\AppData\Roaming\mozilla\Firefox\Profiles\8itt8lez.default\extensions\dlfr-firetv-plugin@atosorigin.com
[2012.05.16 16:30:41 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\HTPC\AppData\Roaming\mozilla\Firefox\Profiles\8itt8lez.default\extensions\fb_add_on@avm.de
[2012.03.16 19:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 20:40:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.11 10:48:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.19 10:29:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.22 18:37:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.22 18:37:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.22 18:37:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.22 18:37:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.22 18:37:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.22 18:37:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.11 10:01:52 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe (SoundGraph, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DVBV Service Ctrl] C:\Program Files (x86)\DVBViewer\DVBVCtrl.exe (CM&V Hackbart)
O4 - HKCU..\Run: [LG LinkAir]  File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [puzagnkpkxofdgm] C:\ProgramData\puzagnkpkxofdgmzrzsx.exe ()
O4 - HKCU..\Run: [WTVIRBridge] C:\Program Files (x86)\DVBViewer\wtvirbridge\WTVIRBridge.exe (Oliver Frietsch)
O4 - Startup: C:\Users\HTPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.bat - Verknüpfung.lnk = C:\Program Files (x86)\DVBViewer\test.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: FRITZ!Box Dial - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O8 - Extra context menu item: FRITZ!Box Dial - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O9:64bit: - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6571BDC5-1DE5-4AEC-B887-AF0E3299BF9A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E1613C8-9D69-4521-84B6-370C93CC1D48}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.17 18:27:24 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ade4b8ef-c084-11df-aa38-001fc6893ef4}\Shell - "" = AutoRun
O33 - MountPoints2\{ade4b8ef-c084-11df-aa38-001fc6893ef4}\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 17:15:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe
[2012.06.05 16:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\axviqrtufshmnlm
[2012.05.21 19:08:43 | 000,000,000 | ---D | C] -- C:\Temp
[2012.05.21 18:57:05 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Local\public
[2012.05.21 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\HTPC\Documents\EITitor
[2012.05.21 18:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EITitor
[2012.05.17 10:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.17 10:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.17 10:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.17 10:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.05.17 10:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.17 10:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.05.12 15:24:28 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Local\Diagnostics
[2012.05.09 18:50:29 | 000,000,000 | ---D | C] -- C:\Users\HTPC\AppData\Roaming\Avira
[2012.05.09 18:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.09 18:45:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.09 18:45:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.09 18:45:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.09 18:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.09 18:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 17:19:02 | 000,000,000 | ---- | M] () -- C:\Users\HTPC\defogger_reenable
[2012.06.06 17:15:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HTPC\Desktop\OTL.exe
[2012.06.06 17:14:40 | 000,050,477 | ---- | M] () -- C:\Users\HTPC\Desktop\Defogger.exe
[2012.06.06 17:08:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.06 17:08:46 | 3220,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.05 17:19:25 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 17:19:25 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 16:50:28 | 000,000,448 | ---- | M] () -- C:\ProgramData\cnvtrvqlnctrzva
[2012.06.05 16:50:13 | 000,052,736 | ---- | M] () -- C:\ProgramData\puzagnkpkxofdgmzrzsx.exe
[2012.06.05 16:50:13 | 000,052,736 | ---- | M] () -- C:\Users\HTPC\0.23547644342640806.exe
[2012.06.05 05:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.03 12:04:40 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.03 12:04:40 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.03 12:04:40 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.03 12:04:40 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.16 19:59:57 | 000,000,672 | ---- | M] () -- C:\Windows\wiso.ini
[2012.05.13 07:28:40 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.06 17:19:02 | 000,000,000 | ---- | C] () -- C:\Users\HTPC\defogger_reenable
[2012.06.06 17:14:40 | 000,050,477 | ---- | C] () -- C:\Users\HTPC\Desktop\Defogger.exe
[2012.06.05 16:50:28 | 000,052,736 | ---- | C] () -- C:\ProgramData\puzagnkpkxofdgmzrzsx.exe
[2012.06.05 16:50:14 | 000,000,448 | ---- | C] () -- C:\ProgramData\cnvtrvqlnctrzva
[2012.06.05 16:50:13 | 000,052,736 | ---- | C] () -- C:\Users\HTPC\0.23547644342640806.exe
[2012.02.10 22:35:34 | 000,000,600 | ---- | C] () -- C:\Users\HTPC\AppData\Local\PUTTY.RND
[2011.08.02 10:14:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.08.02 10:14:57 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.06.18 19:09:25 | 000,007,597 | ---- | C] () -- C:\Users\HTPC\AppData\Local\Resmon.ResmonCfg
[2011.06.13 13:31:03 | 000,000,672 | ---- | C] () -- C:\Windows\wiso.ini
[2011.02.25 21:05:25 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.25 20:54:21 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.02.25 20:50:58 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.02.25 20:40:58 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.02.25 20:40:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.27 19:05:02 | 000,000,106 | ---- | C] () -- C:\Windows\TVSourceConfig.INI
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.11.27 12:35:12 | 000,008,192 | ---- | C] () -- C:\Users\HTPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2010.09.25 16:44:16 | 000,000,056 | ---- | C] () -- C:\Windows\Bibi9.ini
[2010.09.17 22:40:04 | 000,036,325 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.09.17 22:09:31 | 000,001,944 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.09.15 06:45:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.12.19 18:26:00 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\1&1 Mail & Media GmbH
[2011.03.10 19:34:46 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Buhl Data Service
[2012.03.03 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Buhl Data Service GmbH
[2012.05.22 20:01:05 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\FileZilla
[2010.10.14 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\FLVPlayer4Free
[2010.09.19 10:31:41 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Foxit Software
[2011.06.01 07:56:44 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\FRITZ!
[2011.06.01 07:42:02 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.01.20 20:09:10 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Haenlein-Software
[2010.11.23 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Hillcrest Labs
[2012.04.07 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\iMONPlugin
[2012.03.05 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\JOSM
[2011.04.07 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\LG Electronics
[2012.04.07 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Notepad++
[2010.09.18 11:43:47 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\OpenOffice.org
[2010.10.18 12:50:16 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Opera
[2010.12.13 13:54:16 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\PhotoScape
[2012.06.05 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\SOUNDGRAPH
[2012.05.24 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\TV-Browser
[2010.09.29 20:37:19 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Windows SideBar
[2010.10.06 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\HTPC\AppData\Roaming\Youtube Downloader HD
[2012.05.22 04:27:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.30 20:51:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Sky 3D (deu) 30-12-2011 19-58-00 Drive Angry.job
[2011.12.30 20:51:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Sky 3D (deu) 30-12-2011 20-00-00 Drive Angry.job
[2011.12.30 20:51:53 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Sky 3D (deu) 31-12-2011 00-03-00 Drive Angry.job
[2011.12.30 20:51:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\Sky 3D (deu) 31-12-2011 00-05-00 Drive Angry.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5A868D37
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DDB01966
         
Extras.log:
Code:
ATTFilter
OTL Extras logfile created on: 06.06.2012 17:21:28 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\HTPC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,46 Gb Available Physical Memory | 86,42% Memory free
8,00 Gb Paging File | 7,48 Gb Available in Paging File | 93,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,32 Gb Total Space | 119,88 Gb Free Space | 61,37% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 9,61 Gb Free Space | 19,67% Space Free | Partition Type: NTFS
Drive E: | 931,50 Gb Total Space | 181,36 Gb Free Space | 19,47% Space Free | Partition Type: NTFS
Drive F: | 221,62 Gb Total Space | 72,11 Gb Free Space | 32,54% Space Free | Partition Type: NTFS
Drive W: | 50,39 Gb Total Space | 35,07 Gb Free Space | 69,59% Space Free | Partition Type: NTFS
Drive Z: | 499,68 Mb Total Space | 39,40 Mb Free Space | 7,89% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN3 | User Name: HTPC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1151B358-6B86-44D2-8C66-158CE353A03F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{31A49AC6-EB6D-4938-A800-68B2D83A5C29}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3D1C6CC6-51E0-4CB7-9BFF-BB3FB41AC81D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4316FE6D-A396-24AF0417284F}" = lport=8091 | protocol=6 | dir=in | name=dvbviewer livestream | 
"{445B58D7-D1D7-4346-AEA2-E549A69F2DBF}" = lport=5000 | protocol=6 | dir=in | name=dvbviewer recserv | 
"{49E34539-075C-4864-BBCE-A034C234CE1C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6FAD3515-31BC-4204-A52E-723123280710}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7A49C97C-8860-4704-B15E-7A5FDC5E93F1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9541B0B1-449E-4256-ABF8-F008CEB82ECD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9C9B42EF-6323-4AA9-BB65-2A3070778126}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A6115960-50C6-4BCF-B0FB-D1E2B4261E9A}" = lport=8092 | protocol=6 | dir=in | name=dvbviewer media stream | 
"{BD407E93-DFBC-4738-A6B5-1E4A36C32433}" = lport=8889 | protocol=6 | dir=in | name=dvbviewer upnp | 
"{BD8B1444-43C3-48F7-93BC-E6B1D7A824E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EF7743C2-A6D5-474A-9D9C-D0793322AF85}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EF7E9178-F0E6-47FA-967B-B52EBDE58598}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F25EBD64-F4E0-4652-9C27-27568C90238C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F3B86BF0-64D3-4697-80D3-2AF5A096710F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F4773D07-426C-4671-89D3-E4433F2AB60C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05063310-7575-4846-BD8B-32CECDBA1FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{06D9E402-4F87-4225-9E6D-84202A3764B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0F39AA65-ED8D-4062-8CFD-BFC078681D34}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{25A2AD94-CCE0-4618-B53A-ECC0D2EF5C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{26A4A8A0-E078-4454-A555-C23B62A14285}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2EACE8E1-DFC0-40E8-BD99-BA11E779A18C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3DAD3091-F368-4683-9CD1-E8CC0148C0CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43090249-C5CC-4C23-9FAE-A01A14086AA2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{46E6D5A3-D769-44E3-9C0E-F12FACF9C19F}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{55208E15-0754-4D01-8FA4-897202268039}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{62A16E75-A191-428E-A154-35BD9ED5A57E}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"{65030CE1-9BA5-4ADB-8C9C-CBDD5BBD15F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{70CC5F0A-D3BD-496A-8B6C-946075148B5D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7F316EAB-591A-4B63-A0BE-C8476CFE46B9}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe | 
"{8294415E-0445-40CE-B7E9-E1290D257266}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{8591622C-F15F-4978-982B-66D18144D2EE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8A7C3FE1-C732-4E0B-9839-0E87F12689F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8AD583EE-7971-442A-A740-DF91347A4F85}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe | 
"{8DF8DC42-2191-4886-8E38-34A5E4401888}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{94D7B330-3A94-4D40-9C4F-BCB5E648925A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9E13010E-7513-43F3-A2B3-2150E08B06E6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A82A1251-985B-48A2-B2CD-E7CC5AC270D2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AA645E5C-DC2C-41A5-A736-48D73226C580}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B2D0A7B2-FB04-414C-98C6-3C62DE9354B9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B3D5927C-8AC4-478F-99D7-1564BE2F3056}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B47493D3-D823-4E80-92D8-1A6E0AE4CB99}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe | 
"{CACFB1CE-8ADA-4B6E-B1BA-7999FC4A140F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe | 
"{CCAAC0C8-7D06-4CAC-A79C-81E6BE66F393}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{D0A88802-E7F4-40F2-A8B0-ED2A5D5E895F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D6F196A8-3F85-41E2-A0BA-722EA008775B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E395BF33-0151-4BC0-B96C-F6A61520A6FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E519A6BD-873C-4720-B7A1-E1F0BD5C9B53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EAF3F462-7096-40F4-BDD2-0A4DEE0EC0D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ECD778D9-CE20-4A2A-8ED2-78B08A003E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{FA5F65E4-0DCA-4EEE-943B-AD31610CD0E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FE24F4C7-60E4-4A8D-84D7-9B5B5B058DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{04F629B8-1DB2-43D4-B9D5-8733D933F24A}C:\program files (x86)\dvbviewer\dvbviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dvbviewer\dvbviewer.exe | 
"TCP Query User{53E8081C-8CE5-4206-959D-6FC9577ABA56}C:\program files (x86)\oscam\oscam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oscam\oscam.exe | 
"TCP Query User{609423D6-AE67-49D6-A341-15A3779A0A91}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{6BAB6C30-083B-4A30-BA9C-FEB2D3D7CB64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{6CBE3656-6103-474C-ADD6-612023D6CAEB}C:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe | 
"TCP Query User{7695C4D9-1B83-4DE3-8BFB-D39EDFFE2996}C:\users\htpc\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\htpc\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{82D0690D-62FC-4F13-A283-FD9BBD820F34}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8DE20E92-5961-483F-99E8-14B057F6B410}C:\program files (x86)\dvbviewer\plugins\plugins2\acamdmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dvbviewer\plugins\plugins2\acamdmonitor.exe | 
"TCP Query User{B3A1CB0E-B3B3-484B-AD66-DA9ADA684E03}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{DB1A249A-8397-40DE-8DFD-CD8C4B607819}C:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe | 
"TCP Query User{E0D7D06B-AA7A-4D59-9F7F-F91770EE3B9E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E4C3EB68-DB98-4103-9388-36F521105ACD}C:\program files (x86)\dvbviewer\dvbviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dvbviewer\dvbviewer.exe | 
"TCP Query User{FE825362-D02D-4EC9-AAB3-4EE16C70D3DE}C:\program files (x86)\bouquet editor suite\bouquet editor suite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bouquet editor suite\bouquet editor suite.exe | 
"UDP Query User{24EE4F14-DA38-484E-A3E1-3930E2BB0385}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{32EB18DF-45F3-49B8-8EE2-D7A408FB4837}C:\program files (x86)\oscam\oscam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oscam\oscam.exe | 
"UDP Query User{583C6855-46B0-4896-9BEE-64E2B99ACF79}C:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe | 
"UDP Query User{63E69817-E04D-4ADF-8F9F-8A9CFEBCA6CE}C:\program files (x86)\bouquet editor suite\bouquet editor suite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bouquet editor suite\bouquet editor suite.exe | 
"UDP Query User{73D1D924-9E3B-40A0-B772-7EF292FACDAC}C:\program files (x86)\dvbviewer\dvbviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dvbviewer\dvbviewer.exe | 
"UDP Query User{93047A35-4531-4C97-A9C9-BA460267DF69}C:\program files (x86)\dvbviewer\plugins\plugins2\acamdmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dvbviewer\plugins\plugins2\acamdmonitor.exe | 
"UDP Query User{C646D8CF-2541-4459-9E51-26D579DB6586}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{D216838F-AD8C-49EA-AD34-3790452EE152}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{DCB11492-3942-4528-95E0-B5B1D23449E9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EE93E04C-5C69-412D-B50F-DE4443F5F08C}C:\users\htpc\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\htpc\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{F6E5A757-6CB6-4A25-879B-61D26D1475F4}C:\program files (x86)\dvbviewer\dvbviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dvbviewer\dvbviewer.exe | 
"UDP Query User{F6EC98E7-073B-4B1E-B350-67A46160923C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{F8F172D6-28C0-4CEA-9842-81F8267C0053}C:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dvbviewer\wtvirbridge\wtvirbridge.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{CFB4DE27-AEED-4B12-8A3C-A77EBF1AFDDD}" = AVM FRITZ!Box AddOn (IE) (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{17C6C714-8608-4A6C-A54A-4B63AED67BAF}" = DVR-Studio HD 2
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{32574FC2-788B-4D24-A085-9C227948439C}" = EITitor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D4C7CA5-3912-40A3-94BF-9B8089188A7A}" = FRITZBox Anrufmonitor
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{597DE5BD-C24B-4D0F-BA2D-F5D591D800DA}" = AccuWeather SideShow Gadget
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A24C18C8-E26C-488B-8373-A45F5D3C6A35}" = BILD.de für Windows Media Center
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C96A23CB-DDE6-4DEF-AD83-D5D5037D4316}" = iMON
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9F9FBC-5253-46D2-9883-09E55003D794}" = TechniSat DVB-PC TV Star
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"AC3Filter_is1" = AC3Filter 1.63b
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Bouquet Editor Suite_is1" = Bouquet Editor Suite v1.21 Uninstall
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DVBViewer Pro_is1" = DVBViewer Pro
"DVBViewer Recording Service_is1" = DVBViewer Recording Service
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 4.0.0.0
"Foxit Reader" = Foxit Reader
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"HaaliMkx" = Haali Media Splitter
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"JDownloader" = JDownloader
"LG PC Suite IV" = LG PC Suite IV
"Luka" = Luka
"MediaJoin" = MediaJoin
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyMDb_0" = MyMDb 3.5.3
"Notepad++" = Notepad++
"OSM" = JOSM 4667
"PhotoScape" = PhotoScape
"tvbrowser" = TV-Browser 3.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinX AVI to iPod Converter_is1" = WinX AVI to iPod Converter 4.0.1
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.2
"Kylo Browser" = Kylo Browser
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
         
mbam.log:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
HTPC :: STEFFEN3 [Administrator]

Schutz: Deaktiviert

06.06.2012 17:37:34
mbam-log-2012-06-06 (18-30-17).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 484266
Laufzeit: 51 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\HTPC\Downloads\SoftonicDownloader_fuer_mediajoin.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
D:\Dokumente und Einstellungen\HTPC\Eigene Dateien\JDownloader 0.9.310\Fritz_Box_Tools\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt.
C:\Users\HTPC\0.23547644342640806.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.
         
Die drei infizierten Dateien sind in Quarantäne, die Sperre besteht aber weiterhin.

Alt 07.06.2012, 18:44   #2
markusg
/// Malware-holic
 
Bundespolizeitrojaner hat PC gesperrt und fordert Geld - Standard

Bundespolizeitrojaner hat PC gesperrt und fordert Geld



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [puzagnkpkxofdgm] C:\ProgramData\puzagnkpkxofdgmzrzsx.exe ()
[2012.06.05 16:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\axviqrtufshmnlm
[2012.06.05 16:50:28 | 000,000,448 | ---- | M] () -- C:\ProgramData\cnvtrvqlnctrzva
[2012.06.05 16:50:13 | 000,052,736 | ---- | M] () -- C:\ProgramData\puzagnkpkxofdgmzrzsx.exe
[2012.06.05 16:50:13 | 000,052,736 | ---- | M] () -- C:\Users\HTPC\0.23547644342640806.exe
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 07.06.2012, 20:39   #3
laguna120
 
Bundespolizeitrojaner hat PC gesperrt und fordert Geld - Standard

Bundespolizeitrojaner hat PC gesperrt und fordert Geld



Nach dem Fix startet der PC wieder im normalen Modus .

Der Upload der MovedFiles war erfolgreich.
Hier das OTL-Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\puzagnkpkxofdgm deleted successfully.
C:\ProgramData\puzagnkpkxofdgmzrzsx.exe moved successfully.
C:\ProgramData\axviqrtufshmnlm folder moved successfully.
C:\ProgramData\cnvtrvqlnctrzva moved successfully.
File C:\ProgramData\puzagnkpkxofdgmzrzsx.exe not found.
File C:\Users\HTPC\0.23547644342640806.exe not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: HTPC
->Flash cache emptied: 3397 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HTPC
->Temp folder emptied: 699105932 bytes
->Temporary Internet Files folder emptied: 590924614 bytes
->Java cache emptied: 5506476 bytes
->FireFox cache emptied: 143736497 bytes
->Opera cache emptied: 12078720 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 249017655 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 968874 bytes
RecycleBin emptied: 39923852993 bytes
 
Total Files Cleaned = 39.697,00 mb
 
 
OTL by OldTimer - Version 3.2.46.1 log created on 06072012_211939

Files\Folders moved on Reboot...
C:\Users\HTPC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
__________________

Antwort

Themen zu Bundespolizeitrojaner hat PC gesperrt und fordert Geld
7-zip, abgesicherten, aktiv, alternate, anti-malware, antivir, avira, avira antivir, besten, boot-cd, bundespolizeitrojaner, chip.de, dateisystem, erste mal, forum, geld, gesperrt, heuristiks/extra, heuristiks/shuriken, install.exe, jdownloader, kaspersky, lan-kabel, langs, locker, malwarebytes, modus, origin, plug-in, programme, pup.netcat, rechner, remote control, scan, searchscopes, starten, taskmanager, treiber, trojan.agent.ge, unlocker, verschlüsselung, version=1.0, win xp, windows, windows unlocker, youtube downloader, zahlung, zugang, öffnen



Ähnliche Themen: Bundespolizeitrojaner hat PC gesperrt und fordert Geld


  1. Betrügerische App schleicht sich auf iPhones und fordert Geld ein
    Nachrichten - 04.06.2015 (0)
  2. Windows 7: GVU / BKA Seite in einem TAB von Firefox das sich nicht schließen und fordert Geld
    Plagegeister aller Art und deren Bekämpfung - 30.11.2013 (24)
  3. Win 8.1: Bundespolizeitrojaner "Browser gesperrt"
    Log-Analyse und Auswertung - 21.11.2013 (11)
  4. Virus: JS/Agent.Z ... Rechner gesperrt durch Bundespolizeitrojaner
    Log-Analyse und Auswertung - 15.05.2013 (23)
  5. Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld
    Log-Analyse und Auswertung - 25.01.2013 (34)
  6. Computer ist angeblich gesperrt und wird erst wieder entsperrt, wenn man Geld bezahlt.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  7. Rechner gesperrt BP will Geld
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (19)
  8. Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (22)
  9. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (11)
  10. Bundespolizeitrojaner, Internetzugang gesperrt
    Log-Analyse und Auswertung - 19.07.2012 (28)
  11. Bundespolizeitrojaner( Ukash) hat Computer gesperrt- Entsperrung für dummies?
    Alles rund um Windows - 12.06.2012 (1)
  12. Virus fordert Geld zur Reinigung! Windows nicht nutzbar.
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (30)
  13. Trojaner, Windows 7 gesperrt, muss laut Bundeskriminalamt Geld bezahlen
    Log-Analyse und Auswertung - 19.02.2012 (21)
  14. Ihr Computer wurde gesperrt...U-kash fordert wegen unlizenzierter Software 100,-€
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  15. windows gesperrt...geld bezahlen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (2)
  16. Aus Sicherheitsgründen wird Betriebssystem gesperrt + Aufforderung Geld zu zahlen
    Log-Analyse und Auswertung - 02.01.2012 (1)
  17. Bundespolizeitrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.10.2011 (7)

Zum Thema Bundespolizeitrojaner hat PC gesperrt und fordert Geld - Hallo, Gestern hat bei mir leider einer der "Bundespolizeitrojaner" zugeschlagen und meinen Rechner (Windows7 Ultimate 64Bit) gesperrt. Die Sperre soll wie üblich nach Zahlung von 100€ aufgehoben werden . Man - Bundespolizeitrojaner hat PC gesperrt und fordert Geld...
Archiv
Du betrachtest: Bundespolizeitrojaner hat PC gesperrt und fordert Geld auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.