Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.08.2012, 16:29   #1
mster
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Hallo zusammen,

leider bin ich ebenfalls Opfer eines "BKA-Trojaners" geworden. Sobald ich meinen Rechenr einschalte, erscheint im Vollbild-Modus (Kiosk) die Aufforderung zur Zahlung, wie man sie kennt ...

Ich habe bereits mehrere Tools wie im Forum vorgeschlagen in folgender Reihenfolge eingesetzt:

1. OTL
2. Anti-Malware (habe im Anschluss gefundenes gecleaned)
3. AdwCleaner (habe im Anschluss gefundenes gecleaned)
4. ESET Online Scanner (habe im Anschluss gefundenes gecleaned)


Könnt Ihr mir vielleicht sagen, ob ich noch etwas unternehmen muss / soll, oder ob die Maßnahemn gereicht haben.

Vielen Dank schon mal!

Hier die Log-Files, die (vor dem Cleanen) erstellt wurden:

OTL: OTL.Txt

Code:
ATTFilter
OTL logfile created on: 04.08.2012 13:10:05 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Administrator\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,48 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 81,65% Memory free
6,97 Gb Paging File | 6,36 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 12,06 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive D: | 25,60 Gb Total Space | 12,27 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
Drive F: | 249,01 Mb Total Space | 129,21 Mb Free Space | 51,89% Space Free | Partition Type: FAT32
 
Computer Name: ROSIE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\1_OTL.exe (OldTimer Tools)
PRC - C:\Programme\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gizmo\gshell.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Gizmo Central) -- C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Programme\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (vmount2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PnSson) --  File not found
DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 FF D9 67 6B 83 CB 01  [binary data]
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes,DefaultScope = {515D24D4-11BB-448D-B1E5-AE1FAF28ED25}
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes\{515D24D4-11BB-448D-B1E5-AE1FAF28ED25}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.29 08:44:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012.03.20 12:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.31 08:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 08:45:09 | 000,000,000 | ---D | M]
 
[2010.11.14 20:39:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.07.30 17:36:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\d58o56qj.default\extensions
[2011.03.14 23:19:54 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\d58o56qj.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.09.21 18:58:13 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\d58o56qj.default\extensions\ffxtlbr@Facemoods.com
[2011.12.01 20:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.31 08:55:37 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.10.12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.10.12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.10.12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.10.12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011.06.08 08:44:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010.10.12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012.07.31 08:55:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.31 08:55:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.31 08:55:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.31 08:55:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.31 08:55:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.31 08:55:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Programme\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-180218754-3121414949-2768419842-500..\Run: [GizmoDriveDelegate] C:\Program Files\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer.exe - Verknüpfung.lnk = C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51D1FF81-7574-42F6-8243-303EB004F328}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.04 13:08:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\1_OTL.exe
[2012.08.04 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\bundestrojaner
[2012.07.12 10:51:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 10:51:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 10:51:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 10:51:13 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 10:51:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 10:51:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 10:51:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 10:50:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.12 10:44:07 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 14:02:05 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.04 13:07:59 | 000,649,822 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.04 13:07:59 | 000,612,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.04 13:07:59 | 000,128,408 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.04 13:07:59 | 000,105,424 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.04 13:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 13:06:04 | 2805,444,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.31 12:56:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\1_OTL.exe
[2012.07.31 11:35:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 11:11:49 | 000,001,893 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.31 08:55:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.31 08:55:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.31 08:54:15 | 000,017,476 | ---- | M] () -- C:\Windows\System32\OPC3100.cah
[2012.07.31 08:54:06 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.07.31 08:54:06 | 000,000,065 | ---- | M] () -- C:\Windows\System32\BD7820N.DAT
[2012.07.31 07:45:12 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 07:45:12 | 000,014,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 11:15:03 | 000,418,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.31 11:11:49 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.31 11:11:49 | 000,001,893 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.03.05 21:27:55 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.04.05 13:45:08 | 000,281,065 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.03.10 21:31:17 | 000,000,099 | ---- | C] () -- C:\Windows\abreg.ini
[2010.11.28 17:44:43 | 000,000,132 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.11.14 21:24:30 | 000,000,077 | ---- | C] () -- C:\Windows\OPHA.INI
[2010.11.14 20:39:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.14 19:38:38 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.11.14 19:38:38 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.11.14 19:38:08 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.14 19:38:08 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7820N.DAT
[2010.11.14 19:37:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.11.14 19:37:31 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.11.14 19:37:31 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
 
========== LOP Check ==========
 
[2011.06.03 18:59:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AGFEO
[2011.03.10 21:31:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\autobingooo
[2011.03.07 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2011.09.22 21:52:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2012.03.12 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\e-academy Inc
[2012.06.04 09:46:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileZilla
[2010.11.28 17:18:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit Software
[2010.12.06 21:52:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GHISLER
[2011.09.29 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gizmo
[2011.03.21 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2011.06.20 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2012.04.10 19:48:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

OTL: Extras.Txt

Code:
ATTFilter
OTL Extras logfile created on: 04.08.2012 13:10:05 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Administrator\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,48 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 81,65% Memory free
6,97 Gb Paging File | 6,36 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 12,06 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive D: | 25,60 Gb Total Space | 12,27 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
Drive F: | 249,01 Mb Total Space | 129,21 Mb Free Space | 51,89% Space Free | Partition Type: FAT32
 
Computer Name: ROSIE | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018D15F2-257B-4124-9D8D-BF2ABC73B2F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13F189BA-281E-4B07-BE5B-77370A5DEE18}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{155EBF44-F712-4B5A-AE9B-2C879D35CF1B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{192D74AB-1480-45FF-AA15-B8CAAF6CF923}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{224C016E-5424-4690-8325-F976EA0E4EED}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{235D7678-6437-4111-AD1F-24827CC38295}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2634C3E5-8D1A-43B3-9CD8-3F0B6590D738}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2928760C-E7E6-448D-8D82-6896056165EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2CD63117-DD64-4760-AC26-361C5DDA04D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2FAC3EAF-2066-475D-920C-C3144E24F573}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{56714D74-93A5-40E5-92DE-A9936F9820F5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6052582B-1DE2-473E-AE50-B601FA4549A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{613CB5E6-4D7C-4CCA-A7EA-26294CB74230}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6196A5C0-2481-450F-AB10-B7E46E3AADC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{890E697E-C47E-4A74-8697-861928EA974C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{89642D6A-9460-4B0B-8B57-C25588D8D3BA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{90B65C04-3F89-4E6D-9E40-51B6EEE217AF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{94363E55-E0C7-4D27-B348-0CBCC440B144}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A64062A7-506C-48BD-9946-FEFA6AB86D67}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A94316A0-F794-41B9-8667-55908C24D6B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B5CB7B20-A73E-4A99-9DBF-43A7F388D495}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BA259496-4864-4393-9292-7BE7C95F4235}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C210B27F-976C-4503-8CD7-9D66153197DA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C43A81BB-D4AA-4F02-A72D-018912CD8292}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CD399CE8-E5C3-4587-8CCB-D5CB84658F35}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CDE688A9-91E7-44B4-A5A2-0E3975FE7D42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2BB68F4-60A4-4520-9DB5-57C624514F0B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D906DF4B-D5E2-4452-ADFC-370BB39F2E61}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035ECCC1-D004-48A9-A7AE-7DB4BBD16A21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09D5D89B-C872-4E1A-A346-BFB3C7E97C4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A6BACF6-11B7-4808-9C50-96FC203AC964}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{1199BAEF-3BC8-4555-9CE1-DF1FCCEE66C8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1828D96F-B74E-402E-821C-27353A1B8F0C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1F0FA267-E325-4A91-8B6A-A94FFE38780E}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3E7D6FAC-DEBA-4614-8E28-314B769D0E04}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{409A3C0F-0923-4BCA-A5BC-8B7B5B71CFF5}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{440337DD-8C9A-4E19-B4E4-4832E29BCD17}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{454EBF42-4275-4C5D-A2C2-6EEC97A66F61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AE986D1-2FF5-4205-8794-B6D8E0E91BA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65D39C1A-6FED-4DD3-AAA2-BA86330A7492}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{675C8DAD-F5FE-4E23-84C4-738871BFB4C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67D7FECE-0055-48B9-ACE9-5084FFC179C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{71E582BF-E04D-4CA9-8D32-C3E055CD8FDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8071DC30-6267-4FD6-B4BF-8DF7BE0B3BBF}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8779EC93-0715-4246-80C9-C8483FBDDECA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{87FB8397-AE17-4521-BE77-7C89FAFBB658}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95C16764-ACCB-4C69-BB04-520E48CB384F}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\dropbox\bin\dropbox.exe | 
"{96D9B5F3-36BE-4E40-9820-F68256AB65DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{98192773-726C-4F0B-A97B-56CDC31B569E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{9A2D3845-BBF4-478A-860E-3143C13274EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ACC2B364-9529-42B0-9B35-B2157CB53222}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{AD7291AD-6F70-4C48-A759-56C45DDB9821}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{B7208709-5FE3-4C11-959C-05C756095935}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B96831F4-5905-4791-A3FE-1D46BFE68A96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE97E476-C41C-42A7-AA35-35A03613E058}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{C70C9A3A-26C7-46C6-8D70-4783EFE3F49E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CBE83C6B-BCDE-42A5-B372-F49E4BA4044C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E570DF0C-B825-44A2-86A9-79B369315A0E}" = protocol=6 | dir=out | app=system | 
"{F01B3E12-A552-44D7-84E5-99C51D923E77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F1014875-4ABE-4CD9-98D4-97603A4F8B32}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F2AD37A4-4B9E-4751-B8A8-D9812CA3BD06}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{FA2C553B-1CE5-4622-8050-74A994F30278}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0B0A8CEA-A7F9-4E74-9358-4E94E97CE023}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F1F7A90-E71B-4E45-A066-2891619F22E1}" = Citrix Online Plug-in (PNA)
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CF4F553-5E00-42DC-85AB-9A1A29C7D9D2}" = Citrix Online Plug-in (SSON)
"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java(TM) SE Development Kit 6 Update 26
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoBINGOOO_is1" = AutoBINGOOO 2.2
"CitrixOnlinePluginFull" = Citrix Online Plug-in
"ENTERPRISER" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.3.4.1
"Foxit Reader" = Foxit Reader
"Gizmo Central" = Gizmo Central
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Webclient für Win32
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PSPad editor_is1" = PSPad editor
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"TeamViewer 5" = TeamViewer 5
"tksuite_tksuite_server" = AGFEO TK-Suite Server
"Totalcmd" = Total Commander (Remove or Repair)
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2012 14:41:01 | Computer Name = Rosie | Source = vmauthd | ID = 100
Description = 
 
Error - 25.06.2012 14:45:22 | Computer Name = Rosie | Source = vmauthd | ID = 100
Description = 
 
Error - 25.06.2012 16:38:19 | Computer Name = Rosie | Source = RapiMgr | ID = 7
Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, jedoch kann
 keine Netzwerkverbindung mit dem Desktop hergestellt werden.
 
Error - 05.07.2012 03:45:06 | Computer Name = Rosie | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Gizmo\glauncher-x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.07.2012 03:38:35 | Computer Name = Rosie | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Gizmo\glauncher-x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.07.2012 04:45:10 | Computer Name = Rosie | Source = vmauthd | ID = 100
Description = 
 
Error - 16.07.2012 04:53:16 | Computer Name = Rosie | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Gizmo\glauncher-x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.07.2012 14:04:13 | Computer Name = Rosie | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Gizmo\glauncher-x64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.07.2012 15:06:20 | Computer Name = Rosie | Source = vmauthd | ID = 100
Description = 
 
Error - 31.07.2012 05:12:54 | Computer Name = Rosie | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16447,
 Zeitstempel: 0x4fc9cd53  Name des fehlerhaften Moduls: Flash32_11_3_300_265.ocx_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4febd543  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x5c8fc2f0  ID des fehlerhaften Prozesses: 0x1130  Startzeit der fehlerhaften Anwendung:
 0x01cd6efc55627681  Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: Flash32_11_3_300_265.ocx  Berichtskennung: e89820f9-daef-11e1-922b-005056c00008
 
[ OSession Events ]
Error - 16.03.2011 16:37:00 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4388
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 16.03.2011 16:37:59 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.03.2011 16:40:13 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2011 14:50:44 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2011 14:52:18 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2011 14:53:41 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2011 06:20:53 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 08.07.2011 06:24:24 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 191
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2012 07:36:34 | Computer Name = Rosie | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:00 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:07:27 | Computer Name = Rosie | Source = DCOM | ID = 10005
Description = 
 
Error - 04.08.2012 07:07:27 | Computer Name = Rosie | Source = DCOM | ID = 10005
Description = 
 
Error - 04.08.2012 07:07:27 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 04.08.2012 07:09:24 | Computer Name = Rosie | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

Anti-Malware: mbam-log-2012-08-04 (13-26-53).txt

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Administrator :: ROSIE [Administrator]

Schutz: Deaktiviert

04.08.2012 13:26:53
mbam-log-2012-08-04 (13-26-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331438
Laufzeit: 31 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Administrator\AppData\Local\Temp\deo0_sar.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

AdwCleaner: AdwCleaner[R1].txt

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 08/04/2012 at 14:10:36
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : Administrator - ROSIE
# Running from : C:\Users\Administrator\Desktop\3_adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\ADMINI~1\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\ADMINI~1\AppData\Local\Temp\Conduit
Folder Found : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Found : C:\Users\Administrator\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\d58o56qj.default\Conduit
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\d58o56qj.default\extensions\ffxtlbr@Facemoods.com
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\facemoods.com
Folder Found : C:\Program Files\ZoneAlarm-Sicherheit
File Found : C:\Users\ADMINI~1\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Found : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\d58o56qj.default\prefs.js

Found : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2613550.CTID", "ct2613550");
Found : user_pref("CT2613550.CurrentServerDate", "8-3-2011");
Found : user_pref("CT2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.DownloadReferralCookieData", "");
Found : user_pref("CT2613550.EMailNotifierPollDate", "Tue Mar 08 2011 13:13:20 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602533", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602539", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602545", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602551", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602557", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602563", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602569", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602575", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602581", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602587", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602593", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602599", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602605", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602611", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602617", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602623", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedPollDate129254982599602629", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Found : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Found : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Found : user_pref("CT2613550.FirstServerDate", "8-3-2011");
Found : user_pref("CT2613550.FirstTime", true);
Found : user_pref("CT2613550.FirstTimeFF3", true);
Found : user_pref("CT2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.FixPageNotFoundErrors", true);
Found : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2613550.Initialize", true);
Found : user_pref("CT2613550.InitializeCommonPrefs", true);
Found : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Found : user_pref("CT2613550.InstalledDate", "Tue Mar 08 2011 13:13:20 GMT+0100");
Found : user_pref("CT2613550.IsGrouping", false);
Found : user_pref("CT2613550.IsMulticommunity", false);
Found : user_pref("CT2613550.IsOpenThankYouPage", false);
Found : user_pref("CT2613550.IsOpenUninstallPage", false);
Found : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Mar 08 2011 13:13:25 GMT+0100");
Found : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2613550.LastLogin_2.7.1.3", "Tue Mar 08 2011 13:13:23 GMT+0100");
Found : user_pref("CT2613550.LatestVersion", "2.7.1.3");
Found : user_pref("CT2613550.Locale", "de-de");
Found : user_pref("CT2613550.LoginCache", 4);
Found : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Found : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Found : user_pref("CT2613550.RadioIsPodcast", false);
Found : user_pref("CT2613550.RadioMediaID", "8546");
Found : user_pref("CT2613550.RadioMediaType", "Media Player");
Found : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
Found : user_pref("CT2613550.RadioStationName", "Radio%208");
Found : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
Found : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Found : user_pref("CT2613550.SearchInNewTabEnabled", true);
Found : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.SettingsLastCheckTime", "Tue Mar 08 2011 13:13:20 GMT+0100");
Found : user_pref("CT2613550.SettingsLastUpdate", "1298419708");
Found : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Mon Mar 07 2011 19:07:07 GMT+0100");
Found : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2613550.UserID", "UN46237005499400685");
Found : user_pref("CT2613550.WeatherNetwork", "");
Found : user_pref("CT2613550.WeatherPollDate", "Tue Mar 08 2011 13:13:23 GMT+0100");
Found : user_pref("CT2613550.WeatherUnit", "C");
Found : user_pref("CT2613550.alertChannelId", "1006347");
Found : user_pref("CT2613550.clientLogIsEnabled", false);
Found : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Found : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 398);
Found : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Found : user_pref("CT2613550.ct2613550.InvalidateCache", false);
Found : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Mar 08 2011 13:13:26 GMT+0100");
Found : user_pref("CT2613550.ct2613550.Locale", "de-de");
Found : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Tue Mar 08 2011 13:13:21 GMT+0100");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
Found : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Tue Mar 08 2011 13:13:20 GMT+0100");
Found : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1298419708");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Mar 08 2011 13:13:20 GMT+0100");
Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2613550.myStuffEnabled", true);
Found : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 08 2011 13:13:22 GMT+0100");
Found : user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.4.1,{df4e4df5-5cb7-46b0-9aef-6c784c32[...]
Found : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Found : user_pref("extensions.facemoods.dfltSrch", false);
Found : user_pref("extensions.facemoods.dnsErr", false);
Found : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.first_time", false);
Found : user_pref("extensions.facemoods.hmpg", false);
Found : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Found : user_pref("extensions.facemoods.id", "_#bee3ea07000000000000001cc49af3a4");
Found : user_pref("extensions.facemoods.instlDay", "_#15238");
Found : user_pref("extensions.facemoods.mntz", "");
Found : user_pref("extensions.facemoods.newTab", false);
Found : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Found : user_pref("extensions.facemoods.searchProviderAdded", false);
Found : user_pref("extensions.facemoods.sid", "_#f7de7f2bb8e846199c9ee1ab57dbaffe");
Found : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Found : user_pref("extensions.facemoods.update", "_#v1.4.0");
Found : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Found : user_pref("extensions.vshare@toolbar.update.enabled", false);

*************************

AdwCleaner[R1].txt - [18311 octets] - [04/08/2012 14:08:22]
AdwCleaner[R2].txt - [18372 octets] - [04/08/2012 14:09:36]
AdwCleaner[R3].txt - [18433 octets] - [04/08/2012 14:09:57]
AdwCleaner[R4].txt - [18363 octets] - [04/08/2012 14:10:36]

########## EOF - C:\AdwCleaner[R4].txt - [18492 octets] ##########
         

ESET Online Scanner: log.txt

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9952f17ac73b59408c58ec861456d849
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-04 01:29:31
# local_time=2012-08-04 03:29:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777175 100 0 38618915 38618915 0 0
# compatibility_mode=4096 16777215 100 0 38619153 38619153 0 0
# compatibility_mode=5893 16776574 100 94 38807010 96521651 0 0
# compatibility_mode=8192 67108863 100 0 209 209 0 0
# scanned=143917
# found=4
# cleaned=4
# scan_time=4062
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDRTSRAR\firstload_com[1].htm	HTML/ScrInject.B.Gen virus (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Administrator\AppData\Local\Temp\V.class	Java/Exploit.CVE-2011-3544.BO trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2accdd98-6c10afe4	Java/Exploit.CVE-2012-1723.X trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Administrator\Downloads\SoftonicDownloader_fuer_foxit-pdf-reader.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Beste Grüsse
mster

Alt 04.08.2012, 17:09   #2
t'john
/// Helfer-Team
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found 
DRV - (PnSson) -- File not found 
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes,DefaultScope = {515D24D4-11BB-448D-B1E5-AE1FAF28ED25} 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\SearchScopes\{515D24D4-11BB-448D-B1E5-AE1FAF28ED25}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found 
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found 
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) 
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found 
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found 
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) 
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) 
O3 - HKU\S-1-5-21-180218754-3121414949-2768419842-500\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer.exe - Verknüpfung.lnk = C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O7 - HKU\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.07.31 11:35:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad 
[2012.07.31 11:11:49 | 000,001,893 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 04.08.2012, 18:07   #3
mster
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Hab ich bereits gemacht. Logs siehe meinen ersten Post.

mster
__________________

Alt 04.08.2012, 19:02   #4
t'john
/// Helfer-Team
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Du sollst den Fix ausfuehren!

Anleitung beachten!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.08.2012, 13:46   #5
mster
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Habe den Fix ausgeführt mit folgenden ergebnis nach dem Neustart:

Code:
ATTFilter
All processes killed
========== OTL ==========
Error: Unable to stop service Amsp!
Unable to delete service\driver key Amsp.
File move failed. C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe scheduled to be moved on reboot.
Error: No service named PnSson was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PnSson deleted successfully.
File  File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll not found.
HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Internet Explorer\SearchScopes\{515D24D4-11BB-448D-B1E5-AE1FAF28ED25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{515D24D4-11BB-448D-B1E5-AE1FAF28ED25}\ not found.
HKU\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File Sicherheit\tbZone.dll not found.
Registry value HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamViewer.exe - Verknüpfung.lnk moved successfully.
C:\Programme\TeamViewer\Version5\TeamViewer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-180218754-3121414949-2768419842-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\ras_0oed.pad moved successfully.
File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 140492127 bytes
->Temporary Internet Files folder emptied: 230355853 bytes
->Java cache emptied: 1667476 bytes
->FireFox cache emptied: 60720208 bytes
->Flash cache emptied: 11051 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mster
->Temp folder emptied: 248656 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12666877 bytes
RecycleBin emptied: 10717435 bytes
 
Total Files Cleaned = 436,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: mster
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_131527

Files\Folders moved on Reboot...
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe moved successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe not found!
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe : MD5=BBA1A5B86134F496B926DDAF247DB871
[2012.08.05 13:42:54 | 000,000,085 | ---- | M] () C:\Windows\temp\vmware-vmount.log : Unable to obtain MD5

Registry entries deleted on Reboot...
         

Was nun?


Alt 05.08.2012, 13:47   #6
t'john
/// Helfer-Team
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"

Alt 22.08.2012, 02:16   #7
t'john
/// Helfer-Team
 
BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Standard

BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"
adwcleaner, appdatalow, application/pdf:, bho, bka trojaner bundeskriminalamt, computer, conduit, defender, error, explorer, fehler, firefox, flash player, format, ftp, gesperrt, helper, iexplore.exe, install.exe, jdownloader, langs, logfile, logfiles, object, office 2007, registry, rundll, scan, security, senden, software, svchost.exe, trojaner, udp, windows, zahlung



Ähnliche Themen: BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"


  1. Trojaner - Achtung! Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt.
    Log-Analyse und Auswertung - 07.12.2013 (13)
  2. Windows-XP Sperrbildschirm: Achtung! Ihr Computer ist aus einem oder mehreren der unten ausgeführten Gründen gesperrt.
    Log-Analyse und Auswertung - 06.09.2013 (22)
  3. GVU Trojaner: Achtung! Ihr Computer ist aus einem oder mehreren der unten ausgeführten Gründen gesperrt.
    Log-Analyse und Auswertung - 17.08.2013 (7)
  4. Achtung! lhr Computer ist aus einem oder mehreren der unten ausgeführten Gründen gesperrt.
    Log-Analyse und Auswertung - 08.08.2013 (19)
  5. Achtung! Ihr Computer ist aus einem oder mehreren der unten ausgeführten Gründen gesperrt.
    Log-Analyse und Auswertung - 26.06.2013 (33)
  6. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  7. PC aus einem oder mehreren der unten aufgeführten Gründe gesperrt - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Log-Analyse und Auswertung - 10.09.2012 (12)
  10. Ihr Computer ist aus einem oder mehreren unten aufgeführten Gründe gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. GVU Trojaner "Ihr Compuer wurde aus einem oder mehreren der unten aufgeführtenGründe gesperrt" 100€ Zahlungsaufforderung
    Log-Analyse und Auswertung - 07.09.2012 (8)
  12. (2x) GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Mülltonne - 01.09.2012 (1)
  13. "Ihr Computer ist aus einem oder mehreren der hier aufgeführten Gründe gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.08.2012 (23)
  14. Trojahner: Ihr Computer ist aus einem oder mehreren der untan aufgeführten Gründe gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (16)
  15. GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Log-Analyse und Auswertung - 20.08.2012 (13)
  16. Ihr Computer ist aus einem oder mehreren unten aufgeführten Gründe gesperrt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (15)
  17. Trojaner "Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt worden"
    Log-Analyse und Auswertung - 04.08.2012 (11)

Zum Thema BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" - Hallo zusammen, leider bin ich ebenfalls Opfer eines "BKA-Trojaners" geworden. Sobald ich meinen Rechenr einschalte, erscheint im Vollbild-Modus (Kiosk) die Aufforderung zur Zahlung, wie man sie kennt ... Ich habe - BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt"...
Archiv
Du betrachtest: BKA Trojaner: "ihr computer ist aus mehreren der unten aufgeführten gründe gesperrt" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.