Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Bundespolizei?

Trojaner Bundespolizei?


Log-Analyse und Auswertung: Trojaner Bundespolizei?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 29.08.2012, 11:54   #1
Karl92
 
Trojaner Bundespolizei? - Standard

Trojaner Bundespolizei?


Hallo Ich habe vermutlich einen Trojaner.

WIndows im gesicherten Modus und ohne Netzwerkverbindung funktioniert.

Die nachfolgende Datei aus OTL-Berichtt
..... [2012/08/28 18:12:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
kommt mir selbst spanisch vor.

Folgendes gemacht Malware gecheckt gemäß Forum + OTL:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.28.07

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [Administrator]

28.08.2012 23:01:37
mbam-log-2012-08-28 (23-01-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440457
Laufzeit: 55 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt.
C:\Program Files\Microsoft Office\WLX\mini-KMS Activator v1.1 FiNAL.exe (Riskware.Keygen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\AppData\Local\Temp\roper0dun.exe (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2efa1291-15a7b472 (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\Downloads\Mindjet.MindManager.Pro.v7.0.429-ZWT\www.softarchive.netMindjet.MindManager.Pro.v7.0.429-ZWT\Mindjet.MindManager.Pro.v7.0.429-ZWT\keygen.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Sowie Prüfung mit OTL.exe gemacht:

OTL logfile created on: 8/29/2012 6:35:18 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Marcel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.18 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 60.66% Memory free
6.35 Gb Paging File | 4.97 Gb Available in Paging File | 78.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 565.07 Gb Total Space | 434.86 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 6.60 Gb Free Space | 22.00% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 2.23 Gb Free Space | 59.96% Space Free | Partition Type: FAT32

Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 21:01:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
PRC - [2012/08/15 10:54:43 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/10 22:33:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/10 22:33:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/10 22:33:52 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/04 07:36:58 | 000,955,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\KiesHelper.exe
PRC - [2012/05/01 08:02:14 | 000,695,296 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe
PRC - [2011/12/23 13:59:48 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
PRC - [2011/10/12 16:11:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009/07/14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 18:55:19 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/06/13 18:25:22 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/13 18:21:37 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/13 18:21:23 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/13 18:21:13 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/13 18:21:11 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/05/14 18:25:30 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/05/14 18:24:01 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 18:23:59 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d366dc4740be07fae77ff39bd82b8b\System.EnterpriseServices.ni.dll
MOD - [2012/05/14 18:23:59 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d366dc4740be07fae77ff39bd82b8b\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/14 18:23:58 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1d20e8edb2de76eeb13916f96cc7d7e9\System.Transactions.ni.dll
MOD - [2012/05/14 18:23:53 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/13 22:26:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 22:24:16 | 006,841,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\24ac1dde2e59fd7d816228b87a8c7c50\System.Data.ni.dll
MOD - [2012/05/13 22:24:09 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/13 22:24:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/13 22:24:01 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/05/13 22:23:59 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/13 22:23:54 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ca79e608c5338a36466e9afffa2cbd5\System.Numerics.ni.dll
MOD - [2012/05/13 22:23:53 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/05/05 10:17:43 | 000,115,137 | ---- | M] () -- C:\Users\Marcel\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
MOD - [2012/05/04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/12/23 13:59:02 | 000,720,896 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\LDBCShConv.dll
MOD - [2011/09/16 11:56:08 | 000,839,680 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\System.Data.SQLite.dll
MOD - [2011/09/16 11:56:04 | 000,712,704 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
MOD - [2011/09/16 11:56:02 | 000,237,568 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\DeviceModules\drmcm.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/04/06 11:13:24 | 000,459,600 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\libxml2.dll
MOD - [2010/02/25 17:43:38 | 000,067,920 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2010/02/12 16:46:34 | 000,091,984 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/23 19:48:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/10 22:33:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/10 22:33:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/12 16:11:22 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/30 16:32:35 | 000,122,760 | ---- | M] (BullGuard Ltd.) [Disabled | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV - [2010/10/30 16:32:35 | 000,058,248 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/10/30 16:32:25 | 000,305,032 | ---- | M] (BullGuard Ltd.) [Disabled | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2010/10/30 16:32:25 | 000,270,728 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/10/30 16:32:25 | 000,175,496 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/10/30 16:32:16 | 000,169,864 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/10/30 16:32:08 | 000,355,720 | ---- | M] (BullGuard Ltd.) [Disabled | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aakixkh6)
DRV - [2012/07/30 13:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/05/10 22:33:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/10 22:33:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/01/03 17:28:54 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012/01/03 17:28:47 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012/01/03 17:28:47 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011/10/12 16:11:20 | 000,131,344 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/06/02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/12/21 07:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/12/21 07:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010/12/21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/06 18:04:51 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2010/07/08 15:59:54 | 000,056,400 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/06/23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/02/11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6D6CE201-F2D8-446D-9589-45CDE47064FD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://medion.msn.com
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.aldi.com [binary data]
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aldi.com [binary data]
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\SearchScopes\{480AB9A0-4D14-430C-A40F-1104254345A6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\SearchScopes\{6D6CE201-F2D8-446D-9589-45CDE47064FD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\SearchScopes\{795EF36F-C7F5-4D8B-82F5-83DFE2C5206B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=1&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0user_pref("network.proxy.socks", "");
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcel\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2010/08/09 14:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 19:48:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 11:24:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/23 19:48:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/25 11:24:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2010/08/09 14:09:36 | 000,000,000 | ---D | M]

[2010/10/30 17:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Extensions
[2012/08/16 10:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\b3d6n3jy.default\extensions
[2010/11/22 22:08:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\b3d6n3jy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 17:56:38 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Marcel\AppData\Roaming\mozilla\Firefox\Profiles\b3d6n3jy.default\extensions\vshare@toolbar
[2012/01/06 15:46:03 | 000,000,933 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\11-suche.xml
[2012/01/06 15:46:03 | 000,002,419 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\englische-ergebnisse.xml
[2012/01/06 15:46:03 | 000,010,525 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\gmx-suche.xml
[2012/01/06 15:46:03 | 000,002,457 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\lastminute.xml
[2011/07/11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\startsear.xml
[2012/01/06 15:46:03 | 000,005,508 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\b3d6n3jy.default\searchplugins\webde-suche.xml
[2012/02/08 18:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/07/23 19:48:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/09/29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marcel\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcel\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcel\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marcel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Google Mail = C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1000..\RunOnce: [Screensaver] C:\Windows\Web\Wallpaper\MEDION\start.vbs ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..Trusted Domains: fritz.repeater ([]* in Local intranet)
O15 - HKU\S-1-5-21-1731855035-3034938435-3512848007-1001\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{095b4898-e99b-11df-88e9-00262dc17a00}\Shell - "" = AutoRun
O33 - MountPoints2\{095b4898-e99b-11df-88e9-00262dc17a00}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 06:34:39 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012/08/28 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes
[2012/08/28 21:35:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/28 21:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 21:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/28 21:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/25 11:54:32 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\SelfMV
[2012/08/25 11:47:28 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/25 11:47:28 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/25 11:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/08/25 11:15:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/23 19:14:34 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2012/08/23 19:14:34 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2012/08/23 19:14:34 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2012/08/23 19:14:34 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2012/08/23 19:14:34 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2012/08/23 19:14:21 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2012/08/23 19:14:21 | 000,100,224 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bserd.sys
[2012/08/23 19:14:21 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2012/08/23 19:14:21 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2012/08/23 19:14:21 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2012/08/23 19:14:21 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2012/08/15 13:36:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 13:36:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 13:36:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 13:36:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 13:36:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 13:36:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 13:36:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/15 11:44:04 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/15 11:10:32 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/15 11:10:31 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 11:10:24 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/07/30 13:32:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/07/30 13:32:08 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 06:37:56 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/08/29 06:37:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/29 06:37:56 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/08/29 06:37:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/29 06:36:07 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 06:36:07 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 06:28:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 06:28:35 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 22:53:36 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/08/28 21:01:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe
[2012/08/28 20:36:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012/08/28 20:00:37 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731855035-3034938435-3512848007-1001Core.job
[2012/08/28 20:00:36 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731855035-3034938435-3512848007-1001UA.job
[2012/08/25 11:47:28 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/25 11:47:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/25 11:24:18 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/23 21:14:59 | 000,060,315 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012/08/23 19:01:20 | 000,002,463 | ---- | M] () -- C:\Users\Marcel\Desktop\Google Chrome.lnk
[2012/08/16 10:02:04 | 000,429,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 11:44:04 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/07/30 13:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012/07/30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 22:53:36 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/08/28 18:12:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012/08/25 11:24:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/25 11:24:18 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/05/05 10:35:08 | 000,060,315 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012/05/04 20:06:25 | 000,007,649 | ---- | C] () -- C:\Users\Marcel\AppData\Local\Resmon.ResmonCfg
[2011/09/16 11:54:48 | 000,030,568 | -H-- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/09/16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/09/16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/09/16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/09/16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/08/20 12:32:54 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/01/05 16:16:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/11/29 12:31:14 | 000,074,240 | -H-- | C] () -- C:\Windows\AKDeInstall.exe
[2010/11/04 22:04:28 | 000,001,870 | -H-- | C] () -- C:\Windows\Sandboxie.ini

< End of report >


Habe leider gerade nicht mehr Zeit! Vielen Dank für die Antwort!

Gruß

Alt 29.08.2012, 14:30   #2
markusg
/// Malware-holic
 
Trojaner Bundespolizei? - Standard

Trojaner Bundespolizei?


hi
C:\Users\Marcel\Downloads\Mindjet.MindManager.Pro.v7.0.429-ZWT\http://www.softarchive.netMindjet.Mi...ZWT\keygen.exe
(Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
verwendung von keygens ist nicht legal, deswegen gibts hier nur hilfe beim neu aufsetzen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________
Antwort

Themen zu Trojaner Bundespolizei?
adobe, antivir, autorun, avg, avira, bingbar, bonjour, browser, converter, defender, document, firefox, format, helper, homepage, intranet, logfile, malware, mozilla, mp3, nvpciflt.sys, pdfforge toolbar, plug-in, realtek, registry, riskware.keygen, scan, senden, software, temp, trojaner, usb, usb 3.0


« System verseucht mit Trojan.Win32.Jorik1456291289 | Cybercrime investigation department österreich »

Ähnliche Themen: Trojaner Bundespolizei?


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Bundespolizei? - Hallo Ich habe vermutlich einen Trojaner. WIndows im gesicherten Modus und ohne Netzwerkverbindung funktioniert. Die nachfolgende Datei aus OTL-Berichtt ..... [2012/08/28 18:12:31 | 004,503,728 | ---- | C] () -- - Trojaner Bundespolizei?...
Archiv
Du betrachtest: Trojaner Bundespolizei? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129