Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.01.2013, 15:19   #1
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Hallo zusammen,
habe mir gestern um 9.42 Uhr den "BKA- Trojaner" eingefangen. Nach Trennen vom Internet blieb ein weißer Bildschirm und ich konnte nur noch den Netzstecker ziehen. Konnte nach mehreren Versuchen im "safe mode mit Eingabeaufforderung" starten. Habe dann Malwarebytes laufen lassen, und anschließend OLT. Rechner läuft jetzt wieder im normalen Mode. Bin bislang nicht mehr am Netz gewesen. Habe dann gerade gesehen, dass folgende Ordner gesperrt sind: Documents and Settings, Program Data\Application Data, \Desktop, \Documents, \Favorites, \Start Menu, \Templates
Benutze Spybot-SD resident und das Windows Security Center, was aber wohl off geschaltet war.
Wäre schön, wenn ich Hilfe bekommen könnte. Danke vorab!

Code:
ATTFilter
OTL logfile created on: 21.01.2013 10:04:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,15% Memory free
6,22 Gb Paging File | 5,25 Gb Available in Paging File | 84,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,62 Gb Total Space | 11,12 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 238,47 Gb Total Space | 64,71 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive J: | 240,29 Mb Total Space | 221,66 Mb Free Space | 92,24% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (eRecoveryService) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (ACDaemon) --  File not found
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (incdrm) --  File not found
DRV - (InCDrec) --  File not found
DRV - (InCDPass) -- System32\DRIVERS\InCDPass.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (PhyDrive) -- C:\Windows\System32\drivers\PhyDrive.sys (Foxconn)
DRV - (XIO) -- C:\Windows\System32\drivers\XIO32.sys (Foxconn)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (Win32IO) -- C:\Windows\System32\drivers\Win32IO.sys (Foxconn)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (sfvfs02) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (sfsync02) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (SMBus) -- C:\Windows\System32\drivers\SMBus.sys (Foxconn)
DRV - (IR) -- C:\Windows\System32\drivers\IR.sys (Foxconn)
DRV - (PARIO) -- C:\Windows\System32\drivers\PARIO.sys (Foxconn)
DRV - (RTC) -- C:\Windows\System32\drivers\RTC.sys (PHD Computer Consultants Ltd)
DRV - (LAN) -- C:\Windows\System32\drivers\LAN.sys (Foxconn)
DRV - (PciBus) -- C:\Windows\System32\drivers\PciBus.sys (Foxconn)
DRV - (SIO) -- C:\Windows\System32\drivers\SIO.sys (Foxconn)
DRV - (DMI) -- C:\Windows\System32\drivers\DMI.sys (Foxconn)
DRV - (PSII) -- C:\Windows\System32\drivers\PSII.sys (Foxconn)
DRV - (CPUID) -- C:\Windows\System32\drivers\CPUID.sys (Foxconn)
DRV - (SBKUPNT) -- C:\Windows\System32\drivers\SBKUPNT.SYS ()
DRV - (Wdm1) -- C:\Windows\System32\drivers\usbbc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.acer.com/worldwide/selection.html [binary data]
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=280612_5_&babsrc=SP_ss&mntrId=702a2e3d00000000000000242178f0ce
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\SearchScopes\{81091EB1-3921-47AE-9398-A3AD540FDC25}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\SearchScopes\{E6184D4D-6CB3-477B-B476-B0C0CD1571E0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=434c2084-eddb-4f2b-b6e8-0150caddc607&apn_sauid=FB684EDE-1C8C-4A32-A3E5-929C02F63D25
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: info%40youtube-mp3.org:1.0.4
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.55472
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.7.2
FF - prefs.js..extensions.enabledItems: {06a1dc27-e4f4-28fc-0c1d-b00228472fdd}:1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: flvripper@harsha:2.0
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: thumbnailexpander@extensions.danwendorf.com:1.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "74.115.1.12"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.10.12 17:08:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: E:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.02 19:30:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: E:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.02 19:30:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2011.12.25 17:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.12.25 17:27:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.15 09:14:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.21 10:31:54 | 000,000,000 | ---D | M]
 
[2009.10.31 15:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013.01.19 15:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions
[2013.01.10 23:41:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.12 14:51:42 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2013.01.08 15:01:51 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\firefox@ghostery.com
[2013.01.19 15:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\staged
[2012.12.31 16:16:22 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\info@youtube-mp3.org.xpi
[2012.11.12 20:02:48 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\text2voice@vik.josh.xpi
[2012.12.09 09:00:51 | 000,010,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.12.29 11:09:23 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.24 09:16:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.13 17:40:17 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.01.19 15:37:59 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.04.22 07:53:39 | 000,002,399 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\searchplugins\askcom.xml
[2012.03.08 23:07:39 | 000,001,800 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\yoemv6sd.default\searchplugins\funmoods.xml
[2012.08.16 16:40:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.13 23:46:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.11.05 08:56:22 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.12.15 09:14:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.12.15 09:14:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.15 09:14:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.15 09:14:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.15 09:14:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.15 09:14:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.15 09:14:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.0_0\background/registryAccess.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = E:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.15.1.22466_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: DivX HiQ = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2012.12.25 11:27:54 | 000,444,910 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15282 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-1593476106-3477651793-1192387325-500..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autoexec.bat ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled ()
O7 - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Open in SmartFTPPlayer - E:\Program Files\SmartFTPPlayer\IEGet.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE9E3906-AE34-4FB2-96DA-C813939D9C4C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.08.09 15:08:34 | 000,001,715 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{253d0f1f-9433-11e0-bd8f-00242178f0ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GroßadminIStRATor.exE
O33 - MountPoints2\{853d1426-0f60-11df-b6d8-00242178f0ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\großADmINisTRAtOR.EXE
O33 - MountPoints2\{b2e50d4a-c6f8-11de-a49e-00242178f0ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\gRoßAdmINisTRAtoR.EXe
O33 - MountPoints2\{b2e50d4e-c6f8-11de-a49e-00242178f0ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\GroßadminIStRATor.ExE
O33 - MountPoints2\{b2e50d54-c6f8-11de-a49e-00242178f0ce}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\GrOßADminIsTRAtOr.Exe
O33 - MountPoints2\{d161d243-de7a-11dd-a9b4-0021856e4a11}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 10:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.15 09:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.14 19:52:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2013.01.14 19:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013.01.14 19:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013.01.05 00:12:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2013.01.05 00:12:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WindSolutions
[2013.01.05 00:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.12.31 00:21:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Frankenstein
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 10:05:06 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{74339810-BF1E-4007-8AE1-B006578804FD}.job
[2013.01.21 10:03:04 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.21 10:03:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.21 09:17:10 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593476106-3477651793-1192387325-500UA.job
[2013.01.21 09:11:11 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 08:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.20 23:43:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 23:43:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.20 20:46:11 | 000,159,744 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.20 20:17:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1593476106-3477651793-1192387325-500Core.job
[2013.01.20 20:11:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.20 19:43:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.01.20 18:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.01.19 22:38:25 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.15 09:13:26 | 000,000,964 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.15 09:13:15 | 000,000,948 | ---- | M] () -- C:\Users\Administrator\Desktop\Dropbox.lnk
[2013.01.14 19:58:09 | 000,000,997 | ---- | M] () -- C:\Users\Administrator\Desktop\Auslogics BoostSpeed.lnk
[2013.01.14 19:52:42 | 000,001,004 | ---- | M] () -- C:\Users\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2013.01.12 17:07:28 | 000,665,534 | ---- | M] () -- C:\Users\Administrator\Desktop\PICT1240.JPG
[2013.01.12 14:16:12 | 000,708,532 | ---- | M] () -- C:\Users\Administrator\Desktop\PICT1236.JPG
[2013.01.12 14:16:10 | 000,709,166 | ---- | M] () -- C:\Users\Administrator\Desktop\PICT1238.JPG
[2013.01.12 14:16:09 | 000,672,205 | ---- | M] () -- C:\Users\Administrator\Desktop\PICT1237.JPG
[2013.01.12 14:16:02 | 000,676,395 | ---- | M] () -- C:\Users\Administrator\Desktop\PICT1239.JPG
[2013.01.10 19:17:02 | 000,002,089 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.01.10 19:17:02 | 000,002,087 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2013.01.05 16:36:37 | 000,003,340 | ---- | M] () -- C:\Users\Administrator\Documents\05.01.13.kmz
[2013.01.05 00:41:05 | 000,001,361 | ---- | M] () -- C:\Users\Administrator\Desktop\CopyTrans Control Center (2).lnk
[2013.01.05 00:12:40 | 000,001,361 | ---- | M] () -- C:\Users\Administrator\Desktop\CopyTrans Control Center.lnk
[2012.12.31 17:15:54 | 000,003,303 | ---- | M] () -- C:\Users\Administrator\Documents\31.12.12.kmz
[2012.12.31 00:32:44 | 000,029,271 | ---- | M] () -- C:\Windows\cdplayer.ini
[2012.12.29 15:38:04 | 000,005,069 | ---- | M] () -- C:\Users\Administrator\Documents\29.12.12.kmz
[2012.12.27 07:05:06 | 000,318,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.25 11:27:54 | 000,444,910 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2013.01.14 19:58:09 | 000,000,997 | ---- | C] () -- C:\Users\Administrator\Desktop\Auslogics BoostSpeed.lnk
[2013.01.14 19:52:42 | 000,001,004 | ---- | C] () -- C:\Users\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2013.01.12 14:15:09 | 000,709,166 | ---- | C] () -- C:\Users\Administrator\Desktop\PICT1238.JPG
[2013.01.12 14:15:09 | 000,708,532 | ---- | C] () -- C:\Users\Administrator\Desktop\PICT1236.JPG
[2013.01.12 14:15:09 | 000,676,395 | ---- | C] () -- C:\Users\Administrator\Desktop\PICT1239.JPG
[2013.01.12 14:15:09 | 000,672,205 | ---- | C] () -- C:\Users\Administrator\Desktop\PICT1237.JPG
[2013.01.12 14:15:09 | 000,665,534 | ---- | C] () -- C:\Users\Administrator\Desktop\PICT1240.JPG
[2013.01.06 18:29:17 | 000,000,964 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.05 16:33:17 | 000,003,340 | ---- | C] () -- C:\Users\Administrator\Documents\05.01.13.kmz
[2013.01.05 00:41:05 | 000,001,361 | ---- | C] () -- C:\Users\Administrator\Desktop\CopyTrans Control Center (2).lnk
[2013.01.05 00:12:40 | 000,001,361 | ---- | C] () -- C:\Users\Administrator\Desktop\CopyTrans Control Center.lnk
[2012.12.31 17:15:54 | 000,003,303 | ---- | C] () -- C:\Users\Administrator\Documents\31.12.12.kmz
[2012.12.29 15:38:03 | 000,005,069 | ---- | C] () -- C:\Users\Administrator\Documents\29.12.12.kmz
[2012.07.09 19:19:20 | 000,019,307 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.06 23:59:07 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2012.03.06 23:59:07 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2012.03.06 23:59:07 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2012.03.06 23:59:05 | 000,000,307 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2012.03.06 23:58:40 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011.12.25 17:03:06 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2011.12.25 17:02:22 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.12.25 17:02:22 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.12.21 17:17:49 | 000,000,376 | ---- | C] () -- C:\Users\Administrator\.jajuk_bootstrap.xml
[2011.12.21 15:06:27 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2011.12.21 15:06:27 | 000,207,360 | ---- | C] () -- C:\Windows\System32\LAME_ENC.DLL
[2011.12.21 15:06:27 | 000,139,776 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2011.12.21 15:06:27 | 000,122,368 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2011.12.20 15:51:22 | 000,103,872 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.10 17:02:47 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011.11.27 16:26:58 | 000,000,275 | ---- | C] () -- C:\Users\Administrator\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.11.27 16:18:27 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.11.27 16:18:27 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.11.10 03:11:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.04.09 09:51:04 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2010.10.02 22:47:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.23 16:39:17 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2010.01.01 19:13:56 | 000,159,744 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.21 21:27:11 | 000,000,000 | ---- | C] () -- C:\Program Files\New World2d.exe
[2009.12.10 18:20:50 | 000,000,018 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Sys386k1.dat
[2009.12.10 18:19:45 | 000,000,005 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\cxxprot
[2007.12.13 14:40:36 | 000,002,032 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2011.11.18 21:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\@
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\L
[2013.01.20 09:42:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U
[2013.01.20 09:42:24 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U\00000001.@
[2012.11.20 14:16:41 | 000,011,776 | ---- | M] () -- C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U\80000000.@
[2012.07.09 19:15:44 | 000,002,048 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\{a55202f9-85c5-9f0b-107a-79a43e83542c}\@
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Local\{a55202f9-85c5-9f0b-107a-79a43e83542c}\L
[2011.11.18 21:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Local\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.01.23 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ashampoo
[2012.04.14 19:29:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Audacity
[2013.01.15 19:37:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2012.02.16 07:33:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\congstar WebRadio
[2013.01.20 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Dropbox
[2012.06.07 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2012.06.07 16:36:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.20 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FOG Downloader
[2010.01.24 09:24:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2010.01.24 09:26:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeVideoConverter
[2012.09.25 22:47:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GlarySoft
[2011.02.06 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2011.02.02 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Local
[2012.04.03 23:30:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2009.12.23 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MP3toiPodAudioBookConverter
[2012.03.31 11:40:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NASA
[2012.02.25 15:33:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Neverball
[2011.12.20 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenCandy
[2010.08.18 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010.01.23 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011.12.21 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\pics
[2010.05.31 17:52:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RouterControl
[2010.01.14 00:19:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SharePod
[2010.02.13 08:30:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Software4u
[2010.06.26 07:44:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010.01.14 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tobit
[2012.04.10 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2013.01.05 00:14:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WindSolutions
[2010.02.14 12:43:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft Corporation
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F768B6EF

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 21.01.2013 10:04:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,15% Memory free
6,22 Gb Paging File | 5,25 Gb Available in Paging File | 84,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,62 Gb Total Space | 11,12 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 238,47 Gb Total Space | 64,71 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive J: | 240,29 Mb Total Space | 221,66 Mb Free Space | 92,24% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1593476106-3477651793-1192387325-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{113EBE84-73FA-4C44-8C4D-CAAA3AEE960C}" = COMPUTERBILD Datei-Reparierer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FA20C9C-F458-45C5-A53F-EE16D8DE04C6}" = Foxconn DiagPro
"{224A804F-ABB4-4938-96EA-EC65BB699933}" = OfficeRecovery 2010 Essential 10.0.38278.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5e684de5-f863-479b-9d85-95bb3464f80f}" = Nero 9
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6669784C-0C28-415D-A688-6BEDECBF79D8}" = COMPUTERBILD Datei-Reparierer
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5182E71-DC63-4DD3-AE01-8C2E8E8417DC}" = MAGIX Audio Cleaning Lab MX Download-Version
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1D2C6EA-3382-440C-BBEC-8A2B18CAB1DF}" = Registry Optimierer 2.0
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Renamer 2_is1" = Ant Renamer
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.02
"Audacity_is1" = Audacity 2.0
"Audio Video Suite" = Audio Video Suite 1.7
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Autostartmanager" = Autostartmanager 1.45
"AviSynth" = AviSynth 2.5
"Beyond the Alley of the Dolls" = Sam and Max - The Devil's Playhouse - Beyond the Alley of the Dolls
"Canon LBP2900" = Canon LBP2900
"CDCheck" = CDCheck
"Cleanersoft Free Registry Fix" = Cleanersoft Free Registry Fix
"ClearProg" = ClearProg 1.6.1 Beta 3
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"congstar WebRadio_is1" = congstar WebRadio Version 2.01.2
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DIVXCodec" = DivX Codec 3.1alpha release
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FormatFactory" = FormatFactory 2.95
"Free Studio_is1" = Free Studio version 5.5.0
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"FreeBASIC" = FreeBASIC 0.23.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"Mediaport" = Mediaport
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"p.i.c.s. CD-Manager" = p.i.c.s. CD-Manager
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.393
"RouterControl" = RouterControl 2.0
"SmartFTPPlayer" = SmartFTPPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpellForce" = SpellForce
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Tobit ClipInc Server" = WDR RadioRecorder
"Tobit Radio.fx Server 4" = SWR RadioRecorder
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TwoDirs_is1" = TwoDirs V4.7.7.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.5.6
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"VarioPlus Creator" = VarioPlus Creator
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2013 19:34:47 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
 
[ Media Center Events ]
Error - 30.03.2010 12:21:38 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
 returned 0D  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 30.03.2010 12:31:28 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
[ System Events ]
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.01.2013 14:44:44 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Hier sind noch die Log-Files von malwarebytes:

Code:
ATTFilter
OTL Extras logfile created on: 21.01.2013 10:04:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,15% Memory free
6,22 Gb Paging File | 5,25 Gb Available in Paging File | 84,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,62 Gb Total Space | 11,12 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 238,47 Gb Total Space | 64,71 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive J: | 240,29 Mb Total Space | 221,66 Mb Free Space | 92,24% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1593476106-3477651793-1192387325-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{113EBE84-73FA-4C44-8C4D-CAAA3AEE960C}" = COMPUTERBILD Datei-Reparierer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FA20C9C-F458-45C5-A53F-EE16D8DE04C6}" = Foxconn DiagPro
"{224A804F-ABB4-4938-96EA-EC65BB699933}" = OfficeRecovery 2010 Essential 10.0.38278.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5e684de5-f863-479b-9d85-95bb3464f80f}" = Nero 9
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6669784C-0C28-415D-A688-6BEDECBF79D8}" = COMPUTERBILD Datei-Reparierer
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5182E71-DC63-4DD3-AE01-8C2E8E8417DC}" = MAGIX Audio Cleaning Lab MX Download-Version
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1D2C6EA-3382-440C-BBEC-8A2B18CAB1DF}" = Registry Optimierer 2.0
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Renamer 2_is1" = Ant Renamer
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.02
"Audacity_is1" = Audacity 2.0
"Audio Video Suite" = Audio Video Suite 1.7
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Autostartmanager" = Autostartmanager 1.45
"AviSynth" = AviSynth 2.5
"Beyond the Alley of the Dolls" = Sam and Max - The Devil's Playhouse - Beyond the Alley of the Dolls
"Canon LBP2900" = Canon LBP2900
"CDCheck" = CDCheck
"Cleanersoft Free Registry Fix" = Cleanersoft Free Registry Fix
"ClearProg" = ClearProg 1.6.1 Beta 3
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"congstar WebRadio_is1" = congstar WebRadio Version 2.01.2
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DIVXCodec" = DivX Codec 3.1alpha release
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FormatFactory" = FormatFactory 2.95
"Free Studio_is1" = Free Studio version 5.5.0
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"FreeBASIC" = FreeBASIC 0.23.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"Mediaport" = Mediaport
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"p.i.c.s. CD-Manager" = p.i.c.s. CD-Manager
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.393
"RouterControl" = RouterControl 2.0
"SmartFTPPlayer" = SmartFTPPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpellForce" = SpellForce
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Tobit ClipInc Server" = WDR RadioRecorder
"Tobit Radio.fx Server 4" = SWR RadioRecorder
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TwoDirs_is1" = TwoDirs V4.7.7.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.5.6
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"VarioPlus Creator" = VarioPlus Creator
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2013 19:34:47 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
 
[ Media Center Events ]
Error - 30.03.2010 12:21:38 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
 returned 0D  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 30.03.2010 12:31:28 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
[ System Events ]
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.01.2013 14:44:44 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19222
Administrator :: USER-PC [Administrator]

20.01.2013 16:33:52
mbam-log-2013-01-20 (17-50-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449045
Laufzeit: 1 Stunde(n), 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AVF7XZA5EGSVD (Trojan.Spyeyes) -> Daten: C:\Recycle.Bin\B6232F3A833.exe /q -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\Administrator\AppData\Roaming\skype.dat -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1593476106-3477651793-1192387325-500\$a55202f985c59f0b107a79a43e83542c\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\$RECYCLE.BIN\S-1-5-21-1593476106-3477651793-1192387325-500\$a55202f985c59f0b107a79a43e83542c\n (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Roaming\addon.dat (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Recycle.Bin\B6232F3A833.exe (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Roaming\skype.dat (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Recycle.Bin\458258E84248D76 (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 21.01.2013, 15:27   #2
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Code:
ATTFilter
OTL Extras logfile created on: 21.01.2013 10:04:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,15% Memory free
6,22 Gb Paging File | 5,25 Gb Available in Paging File | 84,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,62 Gb Total Space | 11,12 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 238,47 Gb Total Space | 64,71 Gb Free Space | 27,14% Space Free | Partition Type: NTFS
Drive J: | 240,29 Mb Total Space | 221,66 Mb Free Space | 92,24% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1593476106-3477651793-1192387325-500]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{113EBE84-73FA-4C44-8C4D-CAAA3AEE960C}" = COMPUTERBILD Datei-Reparierer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1FA20C9C-F458-45C5-A53F-EE16D8DE04C6}" = Foxconn DiagPro
"{224A804F-ABB4-4938-96EA-EC65BB699933}" = OfficeRecovery 2010 Essential 10.0.38278.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{31D888B7-9DA0-4219-9371-9A0037A097C6}" = MAGIX Screenshare
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C98D841-6392-41F1-A80E-B1A741F32A95}" = DSL-Speedtest
"{5e684de5-f863-479b-9d85-95bb3464f80f}" = Nero 9
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6669784C-0C28-415D-A688-6BEDECBF79D8}" = COMPUTERBILD Datei-Reparierer
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{808FAA20-4C3A-11D4-8A57-00201853C903}" = PC-Linq
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5182E71-DC63-4DD3-AE01-8C2E8E8417DC}" = MAGIX Audio Cleaning Lab MX Download-Version
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF399570-0FB0-122E-0C35-849F15AFAB19}" = Application Profiles
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1D2C6EA-3382-440C-BBEC-8A2B18CAB1DF}" = Registry Optimierer 2.0
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8F9302E-27C2-45FA-A2D3-3880616A2BD1}" = MAGIX Speed burnR (MSI)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Renamer 2_is1" = Ant Renamer
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.02
"Audacity_is1" = Audacity 2.0
"Audio Video Suite" = Audio Video Suite 1.7
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Autostartmanager" = Autostartmanager 1.45
"AviSynth" = AviSynth 2.5
"Beyond the Alley of the Dolls" = Sam and Max - The Devil's Playhouse - Beyond the Alley of the Dolls
"Canon LBP2900" = Canon LBP2900
"CDCheck" = CDCheck
"Cleanersoft Free Registry Fix" = Cleanersoft Free Registry Fix
"ClearProg" = ClearProg 1.6.1 Beta 3
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"congstar WebRadio_is1" = congstar WebRadio Version 2.01.2
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DIVXCodec" = DivX Codec 3.1alpha release
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FormatFactory" = FormatFactory 2.95
"Free Studio_is1" = Free Studio version 5.5.0
"Free Video Converter_is1" = Free Video Converter V 2.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.3.1206
"FreeBASIC" = FreeBASIC 0.23.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME_is1" = LAME v3.99.3 (for Windows)
"MAGIX_MSI_mclab_mx" = MAGIX Audio Cleaning Lab MX Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"Mediaport" = Mediaport
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"p.i.c.s. CD-Manager" = p.i.c.s. CD-Manager
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.393
"RouterControl" = RouterControl 2.0
"SmartFTPPlayer" = SmartFTPPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpellForce" = SpellForce
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Tobit ClipInc Server" = WDR RadioRecorder
"Tobit Radio.fx Server 4" = SWR RadioRecorder
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TwoDirs_is1" = TwoDirs V4.7.7.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.5.6
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1593476106-3477651793-1192387325-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"VarioPlus Creator" = VarioPlus Creator
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.01.2013 19:34:47 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1139
 
Error - 08.01.2013 10:00:15 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1139
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279
 
Error - 08.01.2013 10:12:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
 
Error - 08.01.2013 13:03:14 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
 
[ Media Center Events ]
Error - 30.03.2010 12:21:38 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
 returned 0D  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 30.03.2010 12:31:28 | Computer Name = user-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
[ System Events ]
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:17 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.01.2013 13:19:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 20.01.2013 14:44:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.01.2013 14:44:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.01.2013 14:44:44 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19222
Administrator :: USER-PC [Administrator]

20.01.2013 16:33:52
mbam-log-2013-01-20 (17-50-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449045
Laufzeit: 1 Stunde(n), 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AVF7XZA5EGSVD (Trojan.Spyeyes) -> Daten: C:\Recycle.Bin\B6232F3A833.exe /q -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\Administrator\AppData\Roaming\skype.dat -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1593476106-3477651793-1192387325-500\$a55202f985c59f0b107a79a43e83542c\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 6
C:\$RECYCLE.BIN\S-1-5-21-1593476106-3477651793-1192387325-500\$a55202f985c59f0b107a79a43e83542c\n (Trojan.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Roaming\addon.dat (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Recycle.Bin\B6232F3A833.exe (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
C:\Users\Administrator\AppData\Roaming\skype.dat (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Recycle.Bin\458258E84248D76 (Trojan.Spyeyes) -> Keine Aktion durchgeführt.

(Ende)
         
__________________


Alt 26.01.2013, 11:26   #3
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt





Zitat:
Trojan.Spyeyes
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4Y3Y0C3AVF7XZA5EGSVD
C:\Recycle.Bin
C:\Recycle.Bin\B6232F3A833.exe
C:\Recycle.Bin\458258E84248D76
Trojan.Agent.RNS
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
Trojan.0Access
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32|
C:\$RECYCLE.BIN\S-1-5-21-1593476106-3477651793-1192387325-500\$a55202f985c59f0b107a79a43e83542c\n
Rootkit.0Access
C:\Windows\Installer\{a55202f9-85c5-9f0b-107a-79a43e83542c}\U\800000cb.@
Malware.Trace
C:\Users\Administrator\AppData\Roaming\addon.dat
Trojan.Agent
C:\Users\Administrator\AppData\Roaming\skype.dat


Schlechte Nachrichten!

Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html
Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern.
Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen.


Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:





2. Formatieren, Windows neu instalieren:





3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
__________________

Alt 26.01.2013, 13:32   #4
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Hallo t´John,
danke für die Antwort. Jetzt muss ich mal schauen, wie ich das mache, da Vista schon auf dem Rechner vorinstalliert war und ich keine Betriebssystem-DVD habe. Gibt es wirklich keine Chance die Rootkits zu finden und zu entfernen oder ist das gar keinen Versuch wert?

MfG Boromir

Alt 26.01.2013, 19:25   #5
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Es ist keinen Versuch wert, da das System mit dieser Art von Infektion nie wieder 100%ig sicher sein kann.

__________________
Mfg, t'john
Das TB unterstützen

Alt 26.01.2013, 19:40   #6
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Okay, schade- trotzdem danke für die Beantwotung! MfG Boromir

Alt 27.01.2013, 15:43   #7
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Melde dich nach dem Neuaufsetzen wieder.
Bei Problemen / Fragen melden!
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.02.2013, 10:10   #8
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Hallo t´john,

habe das System neu aufgesetzt. (Vista-iso)
Hat etwas gedauert.

MfG Boromir

Alt 10.02.2013, 20:10   #9
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Sehr gut!

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.02.2013, 16:02   #10
Boromir
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.98-2
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Alt 16.02.2013, 21:12   #11
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Alles Windows Updates einspielen, inkl. Service Pack und Internet Explorer!
http://windowsupdate.microsoft.com

Dein Rechner ist in diesem Zustand offen fuer die schlimmsten Trojaner....
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.04.2013, 18:50   #12
t'john
/// Helfer-Team
 
Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Standard

Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt
7-zip, audiograbber, avp.exe, bho, bildschirm, bka bundeskriminalamt trojaner, bonjour, canon, converter, desktop, entfernen, excel, firefox, flash player, iexplore.exe, jdownloader, kaspersky, launch, malware.trace, microsoft fix it, plug-in, rechner gesperrt, recycle.bin, rootkit.0access, safer networking, server, software, trojan.0access, trojan.agent, trojan.agent.rns, trojan.spyeyes, trojaner, vista, windows, winload toolbar, wscript.exe




Ähnliche Themen: Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt


  1. TR/Injector.gi in C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Temp\qxtndqxofj.pre
    Log-Analyse und Auswertung - 01.06.2013 (3)
  2. TR/Agent.73728.15 in C:\Dokumente und Einstellungen\Alexander\deadorziwaty.exe und \Lokale Einstellungen\Temp\1463906.exe
    Log-Analyse und Auswertung - 21.12.2012 (27)
  3. 'TR/Crypt.ZPACK.Gen' in C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HYRSHM3\
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  4. Trojan horse Dropper.Generic5.TDZ in C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Te
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (31)
  5. C:\Dokumente und Einstellungen\mein name\Lokale Einstellungen\Temp csrss.exe Win32.FakeAlert.tt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (8)
  6. C:\Dokumente und Einstellungen\*****\Anwendungsdaten\jtNGXSbZSBhC.exe
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (9)
  7. HTML/Malicious.PDF.Gen in C:\Dokumente und Einstellungen\admin\Lokale Einstellungen gefunden.
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  8. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\uninstall.exe
    Plagegeister aller Art und deren Bekämpfung - 22.05.2010 (7)
  9. TR/Crypt.ZPACK.Gen in C:/Dokumente und Einstellungen/***/Lokale Einstellungen/Temp
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (3)
  10. TR/PSW.Kates.CA.7 - C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\...
    Log-Analyse und Auswertung - 16.04.2010 (18)
  11. TR/Crypt.ZPACK.Gen in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\
    Plagegeister aller Art und deren Bekämpfung - 10.04.2010 (17)
  12. Trojaner in C:\Dokumente und Einstellungen\Lokale Einstellungen\Temp\Igl.exe
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (3)
  13. Exploit.JS.Pdfka.bvg in C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\
    Plagegeister aller Art und deren Bekämpfung - 19.03.2010 (8)
  14. TR/Agent.vB.jah in C:\Dokumente und Einstellungen\***\yeioz.exe
    Plagegeister aller Art und deren Bekämpfung - 12.02.2010 (1)
  15. C:\Dokumente und Einstellungen\***\22491.exe
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (10)
  16. Patched.DY.1 in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\tmpF.
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (5)
  17. Vista & Programme bzw. Dokumente und Einstellungen
    Alles rund um Windows - 05.11.2008 (4)

Zum Thema Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt - Hallo zusammen, habe mir gestern um 9.42 Uhr den "BKA- Trojaner" eingefangen. Nach Trennen vom Internet blieb ein weißer Bildschirm und ich konnte nur noch den Netzstecker ziehen. Konnte nach - Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt...
Archiv
Du betrachtest: Verschlüsselungstrojaner am 20.1.13 , Startmenü, Dokumente und Einstellungen, Favoriten und Templates gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.