Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Zahlungsaufforderung bei Internetverbindung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2012, 23:35   #1
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Hallo,

mich hat nun auch der Trojaner erwischt mit der Zahlungsaufforderung von 100€, angeblich von der Bundespolizei. Ich habe schon mal den Anti-Malware Scan gemacht und die Auswahl an infizierten Objekten entfernt. Die Meldung erscheint jetzt nicht mehr bei einer Internetverbindung. Hier die Logdatei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.12

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [Administrator]

19.07.2012 21:30:17
mbam-log-2012-07-19 (23-13-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 604877
Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 34
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Dateien: 18
C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\temp\is1293846689\IWantThisAD_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Users\Jonas\Downloads\ADLSoft_UnCompressor_1.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\fb.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\jquery.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\json.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\Users\Jonas\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt.

(Ende)
         
Auch den Scan mit OTL habe ich gemacht:
OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2012 23:19:16 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jonas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,89% Memory free
4,00 Gb Paging File | 3,08 Gb Available in Paging File | 77,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,42 Gb Total Space | 12,91 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 67,93 Gb Free Space | 29,17% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 21:26:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
PRC - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe
PRC - [2012.04.10 14:41:58 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.04.10 14:41:57 | 000,900,120 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALMon.exe
PRC - [2012.04.10 14:41:22 | 002,818,072 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.04.10 14:41:17 | 000,212,504 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.04.10 14:41:17 | 000,139,800 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.08.29 17:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
PRC - [2006.10.27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2004.08.05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
PRC - [2003.07.05 08:23:52 | 000,049,214 | ---- | M] (Dassault Systemes) -- C:\Programme\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 18:32:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 08:24:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.10 14:41:58 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.04.10 14:41:22 | 002,818,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.04.10 14:41:17 | 000,212,504 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.04.10 14:41:17 | 000,139,800 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.04.10 14:41:08 | 001,453,080 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.08.05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) [Auto | Running] -- C:\BMWgroup\ETKLokal\transbase\tbmux32.exe -- (Transbase)
SRV - [2003.07.05 08:23:52 | 000,049,214 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Programme\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (antubszx)
DRV - [2012.04.10 14:41:31 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.04.10 14:41:08 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 17:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.19 18:16:51 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2010.11.19 18:16:47 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2010.01.23 17:46:32 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.01.23 17:46:32 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.01.19 13:12:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2009.04.20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=b8beb5f2000000000000001a6bdf9957
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 99 92 2E E7 8F CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=b8beb5f2000000000000001a6bdf9957
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=5BC85245-6A11-4E11-A940-4150835FE7FE&apn_sauid=9D3D27C9-C9A3-4108-AF47-6874B4756727
IE - HKCU\..\SearchScopes\{231ED4DC-B7BF-4BEA-94AC-9D44F7E50DDB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=b8beb5f2000000000000001a6bdf9957&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://sww.stusta.mhn.de/proxy.pac"
FF - prefs.js..network.proxy.http: "prox.stusta.mhn.de"
FF - prefs.js..network.proxy.http_port: 3230
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 18:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 16:37:25 | 000,000,000 | ---D | M]
 
[2010.01.08 00:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2012.07.19 18:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions
[2011.08.25 22:30:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.07.19 18:38:47 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions\crossriderapp2258@crossrider.com
[2011.05.16 17:07:00 | 000,000,952 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\searchplugins\ponseu--portugiesisch--deutsch.xml
[2012.05.06 11:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.27 18:06:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 18:32:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 22:03:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 16:35:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.22 20:26:13 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.18 16:35:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:35:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:35:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:35:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:35:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.31 11:15:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C94AE1D-7EB5-4D41-9A56-4189F8ED8A41}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89DF2FDA-1BFE-402E-BC6B-59235B560BFF}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E89151B0-AF3C-4E42-B4B0-91995286FF8F}: NameServer = 10.150.127.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 21:26:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.07.18 13:00:44 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\BMW Daten
[2012.07.12 17:48:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 17:48:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 17:48:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 17:48:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 17:48:29 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 17:48:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 17:48:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 17:42:32 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Neuer Ordner SA
[2012.07.12 08:00:23 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 08:00:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.12 08:00:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.05 19:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Gimp
[2012.06.21 16:19:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 16:19:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 16:18:34 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 16:18:34 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 16:18:34 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 16:18:15 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 16:18:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 23:25:10 | 000,015,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 23:25:10 | 000,015,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 23:24:49 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.19 23:24:49 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.19 23:24:49 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.19 23:24:49 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.19 23:24:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.19 23:17:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 23:16:47 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 21:26:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.07.19 20:20:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.16 19:16:51 | 000,566,355 | ---- | M] () -- C:\Users\Jonas\Desktop\Maria_Dorfen_Altar.jpg
[2012.07.12 20:40:50 | 000,440,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 08:24:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 08:24:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.19 19:51:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.16 19:14:07 | 000,566,355 | ---- | C] () -- C:\Users\Jonas\Desktop\Maria_Dorfen_Altar.jpg
[2012.05.14 22:26:31 | 000,002,710 | ---- | C] () -- C:\Users\Jonas\.recently-used.xbel
[2012.04.04 22:15:57 | 000,001,225 | ---- | C] () -- C:\Users\Jonas\ia_remove.sh.0
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.12 20:50:26 | 000,000,264 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.12 20:49:37 | 000,001,288 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.02 13:12:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.05.15 21:18:42 | 000,001,064 | ---- | C] () -- C:\Users\Jonas\ia_remove.sh
[2010.01.08 00:40:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >
         
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 23:19:16 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jonas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 55,89% Memory free
4,00 Gb Paging File | 3,08 Gb Available in Paging File | 77,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,42 Gb Total Space | 12,91 Gb Free Space | 5,73% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 67,93 Gb Free Space | 29,17% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0237B270-7F88-4806-BCB3-CEAE1BDD1022}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{077E74B1-56A3-4A78-8075-539460EA5521}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E00350D-3ECB-4137-AFC3-532C7F66A684}" = rport=445 | protocol=6 | dir=out | app=system | 
"{289438CE-0CE2-4F4B-B905-3EF9F4ED8C7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C8998E2-4AF1-471C-8F71-468829330FA0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{3F819201-74DB-4AA4-B216-5470D597B6C6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{499B8D8D-DE63-4A20-B45D-C36299318CD9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55EE54CF-A288-46BB-AF6C-777AF8E87438}" = lport=139 | protocol=6 | dir=in | app=system | 
"{69394DD1-596D-4BE9-8F1A-4096739292DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{72994CC7-3A4A-42A7-8A38-28F296A4BAB7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{73888260-1330-41EA-A86E-80F89773E02D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7786F282-1145-488A-8EA0-362381DBA75C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7B4624CE-8C93-4D7C-940F-B6B99BB207E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7DD579AC-C1CD-4273-B82D-EAE385EE9A89}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0F539DD-0E31-4087-83F0-82A95A481D46}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1027BFB-CCEE-416F-ADA3-C7BAEA6F5ECA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ABEBC74E-6FB8-470C-AEB6-A40475A62E99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC5F830E-2D6D-4440-A362-83A052AFE7B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE2DBA25-EE62-4FAA-AEF2-0B5664C46F46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8F1721B-AB2D-442B-8A1B-E8E78FD4F5A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3136C77-D2FE-40D6-8759-514B1A1D9106}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DEDA93D2-21F8-49C3-B3C7-903F0148C977}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E6B6888E-9DDC-4A6F-8061-4E2B07E97A5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EEE1006D-978A-4AF4-AD58-49F7A912289F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DEE4851-1388-4E35-A7CA-18AE1C30739D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{20CE23EA-86A7-4A93-AD0F-3E1AF828ABDA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21BD09CE-19A2-42F8-BDEB-D4ED8678DE04}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{337AB382-BCA5-4B51-9BCA-D9616038505F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{3533884A-7EA4-497F-B5CC-CB647F76379A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{377874F1-DC95-4179-BAD6-A1BD7F7621CB}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{398BFA07-1815-4CD7-92AB-F44B3D389481}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3BC151B3-15B7-4960-B2FE-8F62A651680E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{3C5EEAF2-C2FE-4972-B0F7-178FC0B44FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E8CD097-4D2F-4F23-A470-A36E73F4AAF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{441B635E-3EB8-4FE7-BDE0-DE2E8D1FD86D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{506801DA-A420-4237-AB8B-5F4A255BCE42}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5868894D-B75F-4596-A518-F6AD72FA7014}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CFD2898-7FB4-41BB-BD14-35B2E44FFC8E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{620E25DF-59E1-4CC5-9468-BFFD2A2B1864}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{6C3F0355-9F49-40AC-826E-677647596018}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7C6CD03C-1296-48CF-BB61-E6777B37CFEB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{8B09FC71-CF02-4B07-9725-3C09161052E9}" = protocol=58 | dir=in | app=system | 
"{8C4B1914-0C86-43C6-8171-21EE7531B4BF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{8E84455D-BCC0-455D-B5CA-F50EEB41378B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8EE172EB-C1B8-4943-89E2-5CC5A3C8FE09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{907F0276-34CD-4CBB-897B-A9E69836BC2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{91EE4630-048D-4A8A-AAA7-A49A76A60F61}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{92397F07-944B-4336-973E-E9204B63536F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{93541B82-C502-4656-992A-BF7203BEEDE7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{9E276793-F0A7-4301-A00B-053F5F7ED57A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A362B739-FAF3-454F-A356-CA873B114533}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{A3BD6B44-D090-4232-BBAB-7FBA805C6FCE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE7FFDB7-DB3F-4823-8E1F-560875D9B37F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B51B8708-373A-49CB-89CF-7CE323FF3BA6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{B6B7E10D-C242-48AF-89C8-9B5066E784F9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{BA12605B-796D-4F4E-982A-999BA28504F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BA459464-F306-4A0F-849D-75BAF1177343}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BAA62FC4-5424-4B81-A8A3-9BA5F8FDBC44}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{C61DD94C-F189-4D72-90CA-43F9718DC2AB}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{C7CAB15D-44AA-47DC-A2DB-68CE9B12E6E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D0F1D85D-F629-4766-AF01-9F471A2AD0E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D20E24E5-C664-4A4B-ABE3-B664F779102F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D6C2B84C-FD6A-46A1-AAED-A143A49B32E0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{D6EFE4F3-C9F9-4EF8-B524-0DCE15F3F342}" = protocol=6 | dir=out | app=system | 
"{DD18EE9C-43A5-457A-B35C-9D6647260625}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E03605B3-00A1-4BD2-A398-BE737FEFD5D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8B3298A-E14A-4E3E-B9FA-D718C47AFA3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EDEF2E18-736E-4601-A165-FB220218167A}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{EFA5B681-D6FE-40C2-AC73-0135E87CF56A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F051EECB-F77C-49D8-A3F7-8D1A4F9767E7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{F2C9BA4A-EF3C-4CCD-9D1D-66E1BCEEAD52}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F61BFA3B-1523-42D6-A12E-5FE4B664657F}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"TCP Query User{05703BD3-301F-4F7B-9C6C-01AB92FD75FD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{2D77CE53-B1BF-4478-B764-EB9441C46888}C:\program files\dassault systemes\b12\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b12\intel_a\code\bin\orbixd.exe | 
"TCP Query User{379299FD-63E9-4607-9B7D-5B005514899C}C:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe" = protocol=6 | dir=in | app=c:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe | 
"TCP Query User{5F0141E7-3284-4C09-BC1A-C2205D163117}C:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=6 | dir=in | app=c:\bmwgroup\etklokal\javaclient\etk.exe | 
"TCP Query User{68DCD9AB-A860-4A9B-8AD9-DFFF3983E1C3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{8031B2B1-AC12-4851-9993-42CBB6D05A4D}C:\program files\apexdc++\apexdc.exe" = protocol=6 | dir=in | app=c:\program files\apexdc++\apexdc.exe | 
"TCP Query User{8475DD47-A1DA-4D72-B53D-91FBDA53409B}C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"TCP Query User{CBBE9913-CF54-4FDA-AD37-FB757890A199}C:\program files\dassault systemes\b12\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b12\intel_a\code\bin\cnext.exe | 
"TCP Query User{CC6E42AA-0FF8-441B-852B-F6C12D58499B}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"TCP Query User{CD47D125-C6D4-4F6D-9E31-AA447C37FC62}C:\program files\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{0A0EDA5C-3E4F-4329-AA87-97338D82469C}C:\program files\dassault systemes\b12\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b12\intel_a\code\bin\orbixd.exe | 
"UDP Query User{39DB09D1-3ACE-401D-8CC9-37E316778FAD}C:\bmwgroup\etklokal\javaclient\etk.exe" = protocol=17 | dir=in | app=c:\bmwgroup\etklokal\javaclient\etk.exe | 
"UDP Query User{56D47F6A-0031-4A23-8B34-FDC88A041F02}C:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"UDP Query User{887A351C-3BAE-4019-BF4E-F393CC873C88}C:\program files\lecturnity player\jre5\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\lecturnity player\jre5\bin\javaw.exe | 
"UDP Query User{8952EC05-46E5-4340-ADD7-4C582BAB7110}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{9BF5F85F-2387-45B8-A155-40159A8B94F3}C:\program files\dassault systemes\b12\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b12\intel_a\code\bin\cnext.exe | 
"UDP Query User{C3A75703-4C23-4F76-A353-56D11D7281C1}C:\program files\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files\sony\media go\mediago.exe | 
"UDP Query User{E992C09F-6783-458C-BC3D-3CB76C64CB53}C:\program files\apexdc++\apexdc.exe" = protocol=17 | dir=in | app=c:\program files\apexdc++\apexdc.exe | 
"UDP Query User{F248AB68-F6F2-4787-96A7-9980CB4E9CF6}C:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe" = protocol=17 | dir=in | app=c:\bmwgroup\etklokal\javaclient\jre1.5.0_11\bin\java.exe | 
"UDP Query User{F8CA18D1-4C93-4F21-8F24-6613C3816251}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{82E37CB2-BB72-4106-BCF6-151E72A6E3CF}" = MATLAB 2007a
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{EC17C160-E2F0-47CC-86D4-140AE22EC38E}" = ETK (Lokal)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ApexDC++" = ApexDC++ 1.2.0
"BabylonToolbar" = Babylon toolbar on IE
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Dassault Systemes B12_0" = Dassault Systemes Software B12
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamViewer 6" = TeamViewer 6
"Tuned!" = Tuned!
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Uncompressor" = Uncompressor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.10.2011 13:32:56 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.10.2011 13:33:02 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.10.2011 11:56:19 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.10.2011 11:56:25 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.10.2011 08:33:45 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.10.2011 08:33:51 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.10.2011 18:36:13 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.10.2011 18:36:19 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.10.2011 06:28:14 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.10.2011 06:28:30 | Computer Name = Jonas-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.07.2012 17:17:34 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 19.07.2012 17:17:46 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 633 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS
the
 interface appears to be available
 
Error - 19.07.2012 17:17:46 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 633 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS
the
 interface appears to be available
 
Error - 19.07.2012 17:17:47 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 617 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 19.07.2012 17:17:47 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 617 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 19.07.2012 17:17:52 | Computer Name = Jonas-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 19.07.2012 17:17:52 | Computer Name = Jonas-PC | Source = acvpnui | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: .\PreferenceMgr.cpp Line:
 964 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
 LocalLanAccess 
 
Error - 19.07.2012 17:17:52 | Computer Name = Jonas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 19.07.2012 17:17:56 | Computer Name = Jonas-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4214
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 19.07.2012 17:17:56 | Computer Name = Jonas-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1089 NULL object. Cannot establish a connection at this time.
 
[ OSession Events ]
Error - 20.03.2012 16:55:00 | Computer Name = Jonas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11456
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.07.2012 17:03:26 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:05:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:05:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:05:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:10:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:10:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:10:34 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:12:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:12:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 19.07.2012 17:12:40 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


Mein Betriebssystem ist Windows 7 Professional 32 Bit. Ich würde mich sehr über jede Hilfe freuen, das Problem endgültig zu beseitigen und meinen PC wieder zu bereinigen!

Viele Grüße
Jonas

Zusätzlich habe ich noch mal mit OTL den benutzerdefinierten Scan mit folgenden Eingaben gemacht:

Code:
ATTFilter
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
         
OTL.exe:
OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 15:21:53 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Jonas\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,97% Memory free
4,00 Gb Paging File | 2,82 Gb Available in Paging File | 70,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,42 Gb Total Space | 12,84 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 67,93 Gb Free Space | 29,17% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 21:26:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
PRC - [2012.07.19 18:32:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.12 08:24:53 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.04.10 14:41:58 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012.04.10 14:41:22 | 002,818,072 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012.04.10 14:41:17 | 000,212,504 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012.04.10 14:41:17 | 000,139,800 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007.08.29 17:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
PRC - [2006.10.27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2004.08.05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\BMWgroup\ETKLokal\transbase\tbmux32.exe
PRC - [2003.07.05 08:23:52 | 000,049,214 | ---- | M] (Dassault Systemes) -- C:\Programme\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 18:32:28 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.12 08:24:52 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 18:32:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.12 08:24:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.10 14:41:58 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.04.10 14:41:22 | 002,818,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.04.10 14:41:17 | 000,212,504 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.04.10 14:41:17 | 000,139,800 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.04.10 14:41:08 | 001,453,080 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.03 20:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.08.05 13:02:30 | 000,385,024 | ---- | M] (Transaction Software, D 81737 Munich) [Auto | Running] -- C:\BMWgroup\ETKLokal\transbase\tbmux32.exe -- (Transbase)
SRV - [2003.07.05 08:23:52 | 000,049,214 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Programme\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (agpc15i8)
DRV - [2012.04.10 14:41:31 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.04.10 14:41:08 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 17:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.19 18:16:51 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2010.11.19 18:16:47 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2010.01.23 17:46:32 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.01.23 17:46:32 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.01.19 13:12:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2009.04.20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=b8beb5f2000000000000001a6bdf9957
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 99 92 2E E7 8F CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=b8beb5f2000000000000001a6bdf9957
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=5BC85245-6A11-4E11-A940-4150835FE7FE&apn_sauid=9D3D27C9-C9A3-4108-AF47-6874B4756727
IE - HKCU\..\SearchScopes\{231ED4DC-B7BF-4BEA-94AC-9D44F7E50DDB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=b8beb5f2000000000000001a6bdf9957&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://sww.stusta.mhn.de/proxy.pac"
FF - prefs.js..network.proxy.http: "prox.stusta.mhn.de"
FF - prefs.js..network.proxy.http_port: 3230
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 18:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 16:37:25 | 000,000,000 | ---D | M]
 
[2010.01.08 00:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2012.07.19 18:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions
[2011.08.25 22:30:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.07.19 18:38:47 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\a4hannnw.default\extensions\crossriderapp2258@crossrider.com
[2011.05.16 17:07:00 | 000,000,952 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\searchplugins\ponseu--portugiesisch--deutsch.xml
[2012.05.06 11:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.27 18:06:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 18:32:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.04 22:03:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.18 16:35:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.22 20:26:13 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.18 16:35:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 16:35:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 16:35:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 16:35:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 16:35:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.31 11:15:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C94AE1D-7EB5-4D41-9A56-4189F8ED8A41}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89DF2FDA-1BFE-402E-BC6B-59235B560BFF}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E89151B0-AF3C-4E42-B4B0-91995286FF8F}: NameServer = 10.150.127.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 21:26:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.07.18 13:00:44 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\BMW Daten
[2012.07.12 17:48:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 17:48:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 17:48:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 17:48:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 17:48:29 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 17:48:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 17:48:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 17:42:32 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 14:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Neuer Ordner SA
[2012.07.12 08:00:23 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 08:00:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.12 08:00:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.05 19:52:30 | 000,000,000 | ---D | C] -- C:\Users\Jonas\Desktop\Gimp
[2012.06.21 16:19:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 16:19:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 16:18:34 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 16:18:34 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 16:18:34 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 16:18:15 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 16:18:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 15:24:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 11:57:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.20 11:57:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.20 11:57:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.20 11:57:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.20 11:57:38 | 000,015,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 11:57:38 | 000,015,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 11:50:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 11:50:00 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 21:26:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012.07.19 20:20:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.16 19:16:51 | 000,566,355 | ---- | M] () -- C:\Users\Jonas\Desktop\Maria_Dorfen_Altar.jpg
[2012.07.12 20:40:50 | 000,440,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 08:24:52 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 08:24:52 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.19 19:51:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.16 19:14:07 | 000,566,355 | ---- | C] () -- C:\Users\Jonas\Desktop\Maria_Dorfen_Altar.jpg
[2012.05.14 22:26:31 | 000,002,710 | ---- | C] () -- C:\Users\Jonas\.recently-used.xbel
[2012.04.04 22:15:57 | 000,001,225 | ---- | C] () -- C:\Users\Jonas\ia_remove.sh.0
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.08.12 20:50:26 | 000,000,264 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.12 20:49:37 | 000,001,288 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.02 13:12:00 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.05.15 21:18:42 | 000,001,064 | ---- | C] () -- C:\Users\Jonas\ia_remove.sh
[2010.01.08 00:40:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.05.13 15:13:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.08.12 20:54:11 | 000,000,000 | ---D | M] -- C:\BMW95
[2011.08.29 14:57:28 | 000,000,000 | ---D | M] -- C:\BMWgroup
[2012.03.30 08:04:06 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.07 23:10:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.18 20:21:57 | 000,000,000 | ---D | M] -- C:\Downloads
[2012.02.19 16:30:18 | 000,000,000 | ---D | M] -- C:\Incomplete
[2012.02.13 20:23:34 | 000,000,000 | ---D | M] -- C:\lm.dat
[2010.01.19 13:42:29 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.01.08 00:47:21 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.07.19 23:15:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.19 19:51:45 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.01.07 23:10:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.07 23:10:05 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.08.12 09:34:37 | 000,000,000 | ---D | M] -- C:\savw_97_sa
[2010.12.12 12:09:58 | 000,000,000 | ---D | M] -- C:\SWSETUP
[2012.07.20 14:49:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.30 13:54:08 | 000,000,000 | ---D | M] -- C:\Temp
[2010.01.07 23:10:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.19 21:06:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2008b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.01.19 13:12:19 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.14 22:26:31 | 000,002,710 | ---- | M] () -- C:\Users\Jonas\.recently-used.xbel
[2012.02.13 23:37:30 | 000,004,193 | ---- | M] () -- C:\Users\Jonas\CmDust-Result.log
[2010.05.15 21:18:42 | 000,001,064 | ---- | M] () -- C:\Users\Jonas\ia_remove.sh
[2012.04.04 22:15:57 | 000,001,225 | ---- | M] () -- C:\Users\Jonas\ia_remove.sh.0
[2012.07.20 15:42:54 | 003,670,016 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT
[2012.07.20 15:42:54 | 000,262,144 | -HS- | M] () -- C:\Users\Jonas\ntuser.dat.LOG1
[2010.01.07 23:10:11 | 000,000,000 | -HS- | M] () -- C:\Users\Jonas\ntuser.dat.LOG2
[2010.01.07 23:47:09 | 000,065,536 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.01.07 23:47:09 | 000,524,288 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.01.07 23:47:09 | 000,524,288 | -HS- | M] () -- C:\Users\Jonas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.01.07 23:10:12 | 000,000,020 | -HS- | M] () -- C:\Users\Jonas\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---

--- --- ---

Alt 22.07.2012, 00:10   #2
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (agpc15i8) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109986&babsrc=HP_ss&mntrId=b8beb5f2000000000000001a6bdf9957 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=b8beb5f2000000000000001a6bdf9957 
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=5BC85245-6A11-4E11-A940-4150835FE7FE&apn_sauid=9D3D27C9-C9A3-4108-AF47-6874B4756727 
IE - HKCU\..\SearchScopes\{231ED4DC-B7BF-4BEA-94AC-9D44F7E50DDB}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=b8beb5f2000000000000001a6bdf9957&q=" 
FF - prefs.js..network.proxy.autoconfig_url: "http://sww.stusta.mhn.de/proxy.pac" 
FF - prefs.js..network.proxy.http: "prox.stusta.mhn.de" 
FF - prefs.js..network.proxy.http_port: 3230 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found 
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) 
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O32 - HKLM CDRom: AutoRun - 1 
< %USERPROFILE%\Local Settings\Temp\*.exe > 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 

[2012.07.20 15:24:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.19 20:20:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad 
[2012.07.19 19:51:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad 
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 22.07.2012, 13:03   #3
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



OK, vielen Dank erstmal für die Unterstützung!
Hier das Logfile:
Code:
ATTFilter
All processes killed
========== OTL ==========
Error: No service named agpc15i8 was found to stop!
Service\Driver key agpc15i8 not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{231ED4DC-B7BF-4BEA-94AC-9D44F7E50DDB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231ED4DC-B7BF-4BEA-94AC-9D44F7E50DDB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "https://www.google.de/" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 removed from extensions.enabledItems
Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.12.2.16749 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=109986&babsrc=KW_ss&mntrId=b8beb5f2000000000000001a6bdf9957&q=" removed from keyword.URL
Prefs.js: "hxxp://sww.stusta.mhn.de/proxy.pac" removed from network.proxy.autoconfig_url
Prefs.js: "prox.stusta.mhn.de" removed from network.proxy.http
Prefs.js: 3230 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\ProgramData\pmt_0piot.pad moved successfully.
File C:\ProgramData\pmt_0piot.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jonas\Desktop\cmd.bat deleted successfully.
C:\Users\Jonas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 355313384 bytes
->Temporary Internet Files folder emptied: 7412253 bytes
->Java cache emptied: 1996004 bytes
->FireFox cache emptied: 164080052 bytes
->Flash cache emptied: 16998 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79758592 bytes
RecycleBin emptied: 259064 bytes
 
Total Files Cleaned = 581,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Jonas
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07222012_125741

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 22.07.2012, 19:13   #4
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 01:28   #5
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



System läuft wieder super, danke!

Hier die Logdatei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jonas :: JONAS-PC [Administrator]

22.07.2012 23:32:51
mbam-log-2012-07-22 (23-32-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 593679
Laufzeit: 1 Stunde(n), 49 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und die Textdatei von adwcleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 01:27:21
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Jonas\AppData\Local\Babylon
Folder Found : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Users\Jonas\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Jonas\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Jonas\AppData\Roaming\Babylon
Folder Found : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files\BabylonToolbar
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "b8beb5f2000000000000001a6bdf9957");
Found : user_pref("extensions.BabylonToolbar_i.id", "b8beb5f2000000000000001a6bdf9957");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:26:21");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [7128 octets] - [23/07/2012 01:27:21]

########## EOF - C:\AdwCleaner[R1].txt - [7256 octets] ##########
         


Alt 23.07.2012, 01:33   #6
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Bundespolizei Zahlungsaufforderung bei Internetverbindung

Alt 23.07.2012, 09:24   #7
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Ok, hier die Logdatei vom adwCleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 09:19:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jonas\AppData\Local\Babylon
Folder Deleted : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jonas\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\BabylonToolbar
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\prefs.js

C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109986");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "b8beb5f2000000000000001a6bdf9957");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "b8beb5f2000000000000001a6bdf9957");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109986&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:26:21");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [7257 octets] - [23/07/2012 01:27:21]
AdwCleaner[S1].txt - [7460 octets] - [23/07/2012 09:19:09]

########## EOF - C:\AdwCleaner[S1].txt - [7588 octets] ##########
         

Alt 23.07.2012, 10:56   #8
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Emsisoft Log bitte noch.
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.07.2012, 22:29   #9
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Ich hatte den Scan tagsüberlaufen lassen. Ich habe jetzt auf deinen Hinweis die Funde nicht in Quarantäne gestellt. Hier der Log:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.07.2012 09:49:14

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	23.07.2012 09:51:53

C:\Users\Jonas\Documents\TIS_copy\KDS\BOSCH_NG\KDS\KDS\DATA1.CAB -> ChartingComponents.dll 	gefunden: Trojan.SuspectCRC!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20098.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20023.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adcbdas16jrexp.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20019.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adgesada1.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adkmdas1800hr.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adrtddm6420.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\adrtddm6430.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\dicbpdiso16.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\docbpdiso16.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\encadapci1710.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\encadpa1700.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fiforeadhdr.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\fiforeadbinhdr.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\rs232_rec.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\rs232_send.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\rs232_sendrec.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\scblock.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\xpcbytepacking.mexw32 	gefunden: Trojan.Win32.Agent!E2
C:\Program Files\MATLAB\R2008b\toolbox\rtw\targets\xpc\target\build\xpcblocks\xpcregstack.mexw32 	gefunden: Trojan.Win32.Agent!E2
D:\Fallout\FalloutLauncher.exe 	gefunden: Trojan.Win32.Agent.bqpu!E1

Gescannt	849968
Gefunden	22

Scan Ende:	23.07.2012 12:15:14
Scan Zeit:	2:23:21
         

Alt 23.07.2012, 22:41   #10
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.07.2012, 08:49   #11
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



So, hier die Logfile von Eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1e4b9816813d594e934f404dd4b6bac5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-24 03:11:43
# local_time=2012-07-24 05:11:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 61011 94721937 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=8449 16775165 50 97 7716950 52910942 0 0
# scanned=416401
# found=2
# cleaned=2
# scan_time=8756
C:\_OTL\MovedFiles\07222012_125741\C_Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\07222012_125741\C_Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 25.07.2012, 01:47   #12
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Sehr gut!

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 13:41   #13
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Ok, hier die ComboFix.txt Log-Datei:
Code:
ATTFilter
ComboFix 12-07-25.04 - Jonas 25.07.2012  13:17:48.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2046.1109 [GMT 2:00]
ausgeführt von:: c:\users\Jonas\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-25 bis 2012-07-25  ))))))))))))))))))))))))))))))
.
.
2012-07-25 11:28 . 2012-07-25 11:28	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-07-25 11:28 . 2012-07-25 11:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-25 11:02 . 2012-07-25 11:02	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE8AD3C-1AB9-424C-9B85-DEC29BF24533}\offreg.dll
2012-07-25 10:57 . 2012-06-29 08:44	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FE8AD3C-1AB9-424C-9B85-DEC29BF24533}\mpengine.dll
2012-07-23 07:38 . 2012-07-24 00:39	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-07-22 10:57 . 2012-07-22 10:57	--------	d-----w-	C:\_OTL
2012-07-12 15:42 . 2012-06-12 02:40	2345984	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:24 . 2012-04-04 19:21	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 06:24 . 2012-04-04 19:21	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-03 11:46 . 2012-04-01 11:24	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 14:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:18	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:18	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:19	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:18	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 14:18	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 14:18	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-06 13:14	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-05-01 04:44 . 2012-06-14 16:42	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 16:42	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-07-19 16:32 . 2011-07-20 11:10	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2012-04-10 900120]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-12-16 220744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B12\intel_a\code\bin\CATSysDemon.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 Transbase;Transbase;c:\bmwgroup\ETKLokal\transbase\tbmux32.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
TCP: Interfaces\{E89151B0-AF3C-4E42-B4B0-91995286FF8F}: NameServer = 10.150.127.2
FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\a4hannnw.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-25  13:31:01
ComboFix-quarantined-files.txt  2012-07-25 11:31
.
Vor Suchlauf: 19 Verzeichnis(se), 13.795.651.584 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 13.610.274.816 Bytes frei
.
- - End Of File - - C09C2F40858C2E1CDDA3FB5A80D64079
         
..und die Add-Remove Programs.txt Log-Datei:
Code:
ATTFilter
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
ApexDC++ 1.2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
Bonjour
CCleaner
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 
Dassault Systemes Software B12
EasyBits GO
ETK (Lokal)
Fallout 3
Foxit Reader
GIMP 2.6.11
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware Version 1.62.0.1300
MATLAB 2007a
MATLAB R2008b
Media Go
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
PDF24 Creator 4.1.2
PlayStation(R)Network Downloader
PlayStation(R)Store
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
Sony Ericsson Update Engine
Sony PC Companion 2.10.030
Sophos Anti-Virus
Sophos AutoUpdate
swMSM
TeamViewer 6
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 1.0.3
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-Bit)
         

Alt 25.07.2012, 14:35   #14
t'john
/// Helfer-Team
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Sehr gut!

damit bist Du sauber und entlassen!

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 15:35   #15
Priamus
 
Bundespolizei Zahlungsaufforderung bei Internetverbindung - Standard

Bundespolizei Zahlungsaufforderung bei Internetverbindung



Ok, habe ich alles gemacht. Dann kann ich den PC ja wieder beruhigt benutzen. Vielen herzlichen Dank!

Antwort

Themen zu Bundespolizei Zahlungsaufforderung bei Internetverbindung
application/pdf:, autorun, babylon toolbar, babylontoolbar, bonjour, browser, ctfmon.lnk, defender, error, failed, fehler, firefox, flash player, format, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, install.exe, langs, logfile, microsoft office word, mozilla, nodrives, problem, registry, required, rundll, scan, search the web, searchscopes, security, senden, software, svchost.exe, trojaner, udp



Ähnliche Themen: Bundespolizei Zahlungsaufforderung bei Internetverbindung


  1. BKA Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (10)
  2. Zahlungsaufforderung von 100€
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (15)
  3. GVU Zahlungsaufforderung
    Log-Analyse und Auswertung - 19.12.2012 (2)
  4. GVU Trojaner mit 100€ Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (9)
  5. Suisa - Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (4)
  6. Verschlüsselungstrojaner mit Zahlungsaufforderung
    Log-Analyse und Auswertung - 19.05.2012 (17)
  7. Windows Blockiert Blackscreen und zahlungsaufforderung bei bestehender internetverbindung
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (7)
  8. Bundespolizei Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (1)
  9. Windowssystem gesperrt - Zahlungsaufforderung!
    Log-Analyse und Auswertung - 23.03.2012 (15)
  10. Trojaner mit Zahlungsaufforderung!
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (1)
  11. Windows XP Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 23.01.2012 (19)
  12. BKA-Trojaner und Zahlungsaufforderung
    Log-Analyse und Auswertung - 14.01.2012 (3)
  13. 50€ Zahlungsaufforderung
    Log-Analyse und Auswertung - 13.01.2012 (21)
  14. BKA-Virus 100€ Zahlungsaufforderung
    Log-Analyse und Auswertung - 09.01.2012 (1)
  15. Windowssystem blockiert mit Zahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (13)
  16. Desktopsperrung mit Zahlungsaufforderung
    Log-Analyse und Auswertung - 21.12.2011 (6)
  17. Windowssperrung mit Zahlungsaufforderung
    Log-Analyse und Auswertung - 17.12.2011 (20)

Zum Thema Bundespolizei Zahlungsaufforderung bei Internetverbindung - Hallo, mich hat nun auch der Trojaner erwischt mit der Zahlungsaufforderung von 100€, angeblich von der Bundespolizei. Ich habe schon mal den Anti-Malware Scan gemacht und die Auswahl an infizierten - Bundespolizei Zahlungsaufforderung bei Internetverbindung...
Archiv
Du betrachtest: Bundespolizei Zahlungsaufforderung bei Internetverbindung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.