Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.05.2013, 17:35   #1
sun1234
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hallo,

ich habe heute beim Onlinebanking die Aufforderung bekommen alle meine TAN Nummern einzugeben, daraufhin habe ich mein Konto sperren lassen und einen Avira scan durchgeführt, der mehrere Dateien in Quarantäne verschoben hat.

1. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpebc9744b\37.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgjy' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e5d5957.qua' verschoben!

2. Die Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1a33e6d6-27145a5b'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Konstr.F' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56cf7706.qua' verschoben!

3. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpd579ec59\53.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c0203bb.qua' verschoben!

4. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpc8db2e25\70.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.65536.24' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a354c7a.qua' verschoben!

5. Die Datei 'C:\Users\J***\AppData\Roaming\ie_util.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5cc5374f.qua' verschoben!
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.

6. In der Datei 'C:\Users\***\AppData\Roaming\ie_util.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Ich habe auch schon OTL parallel laufen lassen und es wurde folgende Dateien erstellt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.05.2013 15:06:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jenny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,98% Memory free
6,18 Gb Paging File | 4,35 Gb Available in Paging File | 70,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 37,56 Gb Free Space | 26,07% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 46,93 Gb Free Space | 32,59% Space Free | Partition Type: NTFS
Drive F: | 14,55 Gb Total Space | 13,30 Gb Free Space | 91,39% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: Jenny_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jenny\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\decleaner\setup\deCleaner.exe (Avira GmbH)
PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Programme\GfKLSPService\GfKLspService.exe (GfK)
PRC - C:\Programme\GfKLSPService\GfK-WatchDog.exe ()
PRC - C:\Programme\GfK Internet-Monitor 2.0\GfK-Reporting.exe ()
PRC - C:\Programme\GfK Internet-Monitor 2.0\GfK-Updater.exe ()
PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\avwebloader.exe (Avira GmbH)
PRC - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe ()
PRC - C:\Programme\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Programme\GfKLSPService\GfK-WatchDog.exe ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll ()
MOD - C:\Users\Jenny\AppData\Local\Temp\decleaner\scewxmlw.dll ()
MOD - C:\Windows\libactivboardex.dll ()
MOD - C:\Programme\Activ Software\ActivDriver\QtXml4.dll ()
MOD - C:\Programme\Activ Software\ActivDriver\QtGui4.dll ()
MOD - C:\Programme\Activ Software\ActivDriver\QtNetwork4.dll ()
MOD - C:\Programme\Activ Software\ActivDriver\QtCore4.dll ()
MOD - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (GfkLSPService) -- C:\Programme\GfKLSPService\GfKLspService.exe (GfK)
SRV - (GfK-Reporting-Service) -- C:\Programme\GfK Internet-Monitor 2.0\GfK-Reporting.exe ()
SRV - (GfK-Update-Service) -- C:\Programme\GfK Internet-Monitor 2.0\GfK-Updater.exe ()
SRV - (Sony SCSI Helper Service) -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ssudmdm) -- system32\DRIVERS\ssudmdm.sys File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (dg_ssudbus) -- system32\DRIVERS\ssudbus.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (prmvmouse) -- C:\Windows\System32\drivers\activmouse.sys (Promethean Technologies Ltd)
DRV - (ACTIVhidmini) -- C:\Windows\System32\drivers\ACTIVhidmini.sys (Promethean Technologies Ltd)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80
 
 
 
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{40946376-3BB8-41B5-B624-0C382256B44B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_deDE302
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80
 
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32 File not found
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{04AAAA96-6964-442B-AF85-5B3F39AC3B29}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_deDE302
IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\GfK Internet-Monitor 2.0\ [2013.05.28 14:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 09:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.28 09:40:15 | 000,000,000 | ---D | M]
 
[2009.03.30 12:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny_2\AppData\Roaming\mozilla\Extensions
[2013.05.28 09:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.28 09:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.28 09:40:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.28 09:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2013.05.28 09:40:12 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Gacela Plugin (Enabled) = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.2.503_0\plugin/npgacela.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GfK Internet-Monitor = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.3.57_0\
CHR - Extension: GfK Internet-Monitor = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.59_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\GfK Internet-Monitor 2.0\Gacela2.dll (GfK)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ActivControl] C:\Programme\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [GfK-WatchDog] C:\Program Files\GfKLSPService\GfK-WatchDog.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [CyberGhost VPN] "C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe" /autostart File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [IExplorer Util] C:\Users\Jenny\AppData\Roaming\ie_util.exe (Sysinternals - www.sysinternals.com)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [Vuadmytiow] C:\Users\Jenny\AppData\Roaming\Ifexv\ziupt.exe (Sysinternals - www.sysinternals.com)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [!iLividOnce] C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VUGXU70\iLividSetupV1.exe File not found
O4 - HKLM..\RunOnce: [awde7zip19498] "C:\Users\Jenny_2\AppData\Local\Temp\BI_RunOnce.exe" /affid "awde7zip19498" /id "7zip" /name "7 Zip for Vista - 7-Zip" File not found
O4 - HKLM..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Jenny_2\AppData\Local\Temp\nro.tmp\" File not found
O4 - HKLM..\RunOnce: [ControlLSP] C:\Program Files\GfKLSPService\ControlLSP.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKLM..\RunOnce: [SymInstallStub] C:\ProgramData\DivX\Symantec\SymInstallStub.exe (Symantec Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\GfK Internet-Monitor 2.0\Gacela2.dll (GfK)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\GfKLSPService.DLL (GfK)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\GfKLSPService.DLL (GfK)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..Trusted Domains: neue-schulen-potsdam.de ([mail] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C275ECA8-A5C7-450E-A83E-C8D0C15433BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F492D0D3-0EB9-4339-8F6F-E48A0AA3F04E}: DhcpNameServer = 10.16.1.1 10.16.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 09:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.05.15 20:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
[2013.05.15 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Jenny_2\AppData\Local\Sony Corporation
[2013.05.15 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2013.05.15 13:05:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 12:57:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 12:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 12:57:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.15 12:57:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 12:57:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 12:57:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.15 12:57:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 12:19:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.15 12:19:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 15:15:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F949FDF0-DB18-43FD-B7DA-0A72B46A814B}.job
[2013.05.28 14:46:48 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.28 14:46:48 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.28 14:46:48 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.28 14:46:48 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.28 14:42:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.28 14:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.28 14:17:09 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 14:17:09 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 14:11:01 | 000,431,027 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.28 14:11:01 | 000,431,027 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.05.28 14:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 12:25:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.28 12:16:47 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 12:15:47 | 000,002,247 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.05.16 11:53:06 | 003,910,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 20:58:07 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2013.05.15 12:11:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 12:11:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.05.15 20:58:07 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2013.04.18 21:11:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.04.18 21:11:04 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.31 10:48:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347pl3.dll
[2009.04.14 07:12:00 | 000,014,848 | ---- | C] () -- C:\Users\Jenny_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 08:46:30 | 000,000,047 | ---- | C] () -- C:\Program Files\autorun.inf
[2008.06.24 08:09:24 | 000,431,027 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.24 08:09:21 | 000,431,027 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.01.24 12:31:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ACTIV Software
[2012.11.06 17:16:42 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.03.25 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\EPSON
[2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ifexv
[2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ovis
[2012.11.06 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PDAppFlex
[2012.01.20 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PeerNetworking
[2009.06.27 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PIXELA
[2012.01.24 15:58:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Promethean
[2012.12.22 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung
[2009.04.22 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SCHLECKERFotobuch
[2013.05.28 15:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Xiit
[2012.01.23 13:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\ACTIV Software
[2009.12.07 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Cornelsen
[2009.09.14 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\FMZilla
[2010.09.01 08:08:22 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\FreeFLVConverter
[2010.09.21 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Leadertech
[2012.01.23 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Promethean
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

und:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.05.2013 15:06:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jenny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,98% Memory free
6,18 Gb Paging File | 4,35 Gb Available in Paging File | 70,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 37,56 Gb Free Space | 26,07% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 46,93 Gb Free Space | 32,59% Space Free | Partition Type: NTFS
Drive F: | 14,55 Gb Total Space | 13,30 Gb Free Space | 91,39% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: Jenny_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21EF2F13-CE9E-4260-B347-3D94DA3DDA09}" = lport=4672 | protocol=17 | dir=in | name=emuleudp2 | 
"{56F8858F-9EFC-4F93-B168-FC50CF71EB6B}" = lport=4711 | protocol=6 | dir=in | name=emuletcp3 | 
"{86995495-649C-4F83-A788-B13773F26D52}" = lport=61129 | protocol=17 | dir=in | name=emuleudp | 
"{BD670CB9-C442-4303-ACA5-A5EC1B8E4D5A}" = lport=61119 | protocol=6 | dir=in | name=emuletcp | 
"{F32CE106-D8C6-4C18-BF47-D97A890232D1}" = lport=4662 | protocol=6 | dir=in | name=emuletcp2 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1250DEE8-555B-4A22-95D8-D21A823EF1F8}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"{18C034B7-F5EA-4832-9942-3B3FE0EA9316}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{19C03EB0-1C02-4A9C-8F85-31F69D900378}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{393D61E4-E9B8-4960-97AE-FB2CA3506C1A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{3ADE0B64-7E33-4AB7-8A6D-B7C8749CCE93}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | 
"{3D7C29CA-0C77-4269-B1AB-7C532D5E3CC0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{4AE5CA44-CAEF-4590-90C3-AD38BA780980}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4DE0182F-1620-428E-B719-9DD2F1144EDF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{6355E299-98A9-49B0-A715-197514A7FB2D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | 
"{87FE85FA-A284-47D1-8E2A-3753B9F30A20}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{C86975BA-D19F-4B46-A335-26CCBE4EFD82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E0254986-9FAA-4A28-BBD2-69F23BC5EB3D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | 
"{EA38D699-F9BF-46F2-97FC-C3D57D900059}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | 
"TCP Query User{38EA80B8-F36C-4964-ACE8-A92FA9DFC0E6}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{3C3DF2F2-10C8-4FF7-84DF-D9DA35AB6172}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{43880C8F-A128-40D2-A2E0-0730DFC5A07E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{4F63F594-DFD8-4D4F-B40F-2525466933B5}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"TCP Query User{F60CDD19-F122-4FE3-9DD1-50C297BEF95A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{6D01E75D-549A-437A-8D74-CFDAF4590F81}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"UDP Query User{CA0B6A31-6011-4D79-BB13-012C2F1D2E2F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{D8C28144-51FC-4C45-8922-F657E06CBDE7}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{E0E93B65-193A-4BBE-A7D0-CA71786B3155}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{F58A22F6-133D-4904-B057-96B59B364162}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}" = Reader for PC
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{382BE32D-6CFD-4F62-B072-B2B87C0DFEB7}" = ActivInspire Core Resources (DEU) v1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = GfK Internet-Monitor
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6332D268-FCEE-47A0-8AD6-6948E25AA786}" = ActivInspire v1
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{79314E44-DF84-4A58-AD2A-802DE91033C3}" = ActivInspire Help (DEU) v1
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{936E2131-D9DB-42F9-96E7-52D2050ACB09}" = ActivDriver x86 v5.7
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DBF47CB5-73EC-4DB3-B5A8-A961F41F5F1D}" = ActivInspire HWR Resources (DEU) v1
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Civilization II Ultimate Classic Collection" = Civilization II Ultimate Classic Collection
"Digital Editions" = Adobe Digital Editions
"EPSON Scanner" = EPSON Scan
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"MasterTool - Autorensystem_is1" = MasterTool - Autorensystem
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NuragoLSP" = NuragoLSP
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PSNPMONV1" = Network Print Monitor for Windows 2000/XP
"Samsung ML-3470 Series" = Samsung ML-3470 Series
"SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX Series PCL/PS Printer Driver
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
"GeoGebra 5.0 Beta" = GeoGebra 5.0 Beta
"GeoGebra WebStart" = GeoGebra WebStart
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2012 21:20:35 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:35 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:38 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.06.2012 21:20:38 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = 
 
[ OSession Events ]
Error - 31.05.2010 14:27:37 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 428
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2010 06:57:27 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 06:02:37 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.08.2010 14:47:26 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 66
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.09.2010 02:17:26 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 742
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 27.01.2011 04:08:13 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 579
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 02.11.2011 15:29:21 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 958
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.11.2011 12:55:44 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 148
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.01.2012 07:06:22 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 157
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2012 13:12:47 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2347
 seconds with 1620 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.05.2013 17:01:33 | Computer Name = Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 24.05.2013 01:49:52 | Computer Name = Laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 01:43:58 | Computer Name = Laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 27.05.2013 10:03:33 | Computer Name = Laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.34 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 27.05.2013 10:03:45 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description = 
 
Error - 28.05.2013 02:17:25 | Computer Name = Laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.34 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.05.2013 06:20:38 | Computer Name = Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---
Für Tipps wie ich die Trojaner dauerhaft loswerde wäre ich dankbar!

Geändert von sun1234 (28.05.2013 um 17:40 Uhr)

Alt 28.05.2013, 17:42   #2
markusg
/// Malware-holic
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [Vuadmytiow] C:\Users\Jenny\AppData\Roaming\Ifexv\ziupt.exe (Sysinternals - www.sysinternals.com)
O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [IExplorer Util] C:\Users\Jenny\AppData\Roaming\ie_util.exe (Sysinternals - www.sysinternals.com)
[2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ifexv
[2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ovis
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 28.05.2013, 19:22   #3
sun1234
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hallo,

ich habe den Inhalt aus der Codebox in OTL kopiert und dann alle Programme geschlossen und FIX gestartet. Das Programm hat zu arbeiten begonnen und dann kam die Fehlermeldung:

Otl funktioniert aufgrund eines Programmfehlers nicht mehr, sie werden benachrichtigt, wenn eine Lösung verfügbar ist. mit dem Button Programm schließen
Nach langem Warten habe ich das Programm geschlossen und weiter gewartet, als nichts passiert ist, habe ich den Laptop aus dem Taskmanager heraus runtergefahren und neu gestartet.
Es gibt zwar den beschriebenen Ordner MovedFiles, aber darin ist keine Textdatei zu finden.

Was kann ich weiter tun?

vielen Dank im Vorraus

Hi,

habe die vorhandene Datei gezipt und in dem Uploadchannel hochgeladen.
Ich hoffe, dass das auch ohne Textdatei etwas hilft.

Danke
__________________

Alt 28.05.2013, 19:58   #4
markusg
/// Malware-holic
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hi, danke hat aber geklappt.

Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC
für onlinebanking, verwendest
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.
Wenn es mein PC währe, würd ich ihn einmal neu machen, dann können wir ihn auch gleich absichern, Anleitungen erhältst du, egal wofür du dich entscheidest.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.05.2013, 20:10   #5
sun1234
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Danke für das Angebot, aber plane sowieso schon einen neuen Laptop zu kaufen, den werde ich dann besser absichern, vielleicht könnt ihr mir dann einen Tipp geben, aber eine Neuinstallation wäre zu aufwendig, werde nicht mehr von diesem Laptop onlinebanking machen.

Vielen Dank nochmal und einen schönen Abend noch!


Alt 28.05.2013, 20:21   #6
markusg
/// Malware-holic
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hi,
frage, wirst du diesen Laptop behalten? denn dann müssten wir weitermachen, ansonsten kannst du den dann, wenn du ihn nicht behältst, zumindest auf Werkseinstellung zurücksetzen denn man sollte keine Festplatten in den Müll tun, wenn da noch persönliche Daten drauf sind
__________________
--> Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'

Alt 29.05.2013, 07:45   #7
sun1234
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Hi,

ich weiß noch nicht, ob ich ihn behalten möchte. Ich habe nur ein Problem, ich bin ab morgen 3 Tage verreist. Da wird der Laptop nicht genutzt. Könntest du mir dann danach weiterhelfen?

Lieben Gruß

Alt 29.05.2013, 10:52   #8
markusg
/// Malware-holic
 
Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Standard

Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'



Ja sicher, musst mir dann nur erst mal sagen, nach den 3 tagen da hattest ja dann Zeit drüber nachzudenken, was wir da machen :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'
32 bit, 7-zip, antivir, autorun, avira, bonjour, cyberghost, desktop, ebanking, firefox, flash player, home, homepage, install.exe, mozilla, plug-in, programm, realtek, registry, server, software, symantec, tr/agent.65536.24, tr/ransom.blocker.bgjy, tr/ransom.blocker.bgtk, trojan, trojaner, virus, vista, windows



Ähnliche Themen: Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'


  1. Wöchentlicher AntiVir-Lauf findet TR/Ransom.Blocker.cafz
    Log-Analyse und Auswertung - 19.08.2013 (4)
  2. TR/Ransom.Blocker.cafz
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (3)
  3. TR/Ransom.Blocker mein OTL-Log
    Log-Analyse und Auswertung - 29.07.2013 (15)
  4. TR/Ransom.Blocker EXP/Java.HLP.FW TR/Drop.Dapato.cdtt PC infiziert
    Log-Analyse und Auswertung - 29.06.2013 (34)
  5. Diverse hartnäckige Trojaner TR/Ransom.Blocker
    Log-Analyse und Auswertung - 09.06.2013 (17)
  6. XP System infiziert! TR/Ransom.Blocker.bgtk/.bgjy-EXP/Pidief.eho-EXP/CVE-2013-1493.A.87
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (13)
  7. Avira hat Trojaner gefunden. TR/Ransom.Blocker.bemi. Bitte um Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2013 (21)
  8. Avira hat Trojaner gefunden TR/Ransom.Blocker
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (1)
  9. Trojaner eingefangen TR/Ransom.Blocker.bejm & Co.
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (9)
  10. Mehrere Trojaner (bublik.I.9 und 10, PWS.Zbot, Ransom.Blocker) von Avira entdeckt!
    Log-Analyse und Auswertung - 12.05.2013 (11)
  11. EXP/Java.HLP.A.1044 und TR/Ransom.Blocker.bajc (BKA Trojaner?)
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (15)
  12. Avira findet Trojaner TR/Ransom.Blocker.bboz und TR/PSW.Zbot.274432.6
    Log-Analyse und Auswertung - 24.04.2013 (5)
  13. Mehrere Trojaner von Avira gefunden
    Log-Analyse und Auswertung - 10.04.2013 (7)
  14. EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (20)
  15. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  16. Avira hat mehrere Schädlinge gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  17. Mehrere Trojaner innerhalb einer Woche mit Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (21)

Zum Thema Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' - Hallo, ich habe heute beim Onlinebanking die Aufforderung bekommen alle meine TAN Nummern einzugeben, daraufhin habe ich mein Konto sperren lassen und einen Avira scan durchgeführt, der mehrere Dateien in - Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'...
Archiv
Du betrachtest: Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.