Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista: Bundespolizei-Virus!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.10.2013, 22:07   #1
virus6610
 
Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



Habe leider seit heute morgen den Bundespolizei-Virus auf dem Rechner. Abgesicherter Modus funktioniert nicht (fährt runter bzw. normal hoch kurz bevor der abgesicherte Modus kommt) und normal komme ich natürlich auch nicht rein.

Habe die .txt-Dateien die ich nach dem OTLPE-Scan bekommen habe in den Anhang gepackt, ich hoffe jemand kann mir helfen

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 10/20/2013 11:33:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576.15 Gb Total Space | 251.67 Gb Free Space | 43.68% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 12.38 Gb Free Space | 61.87% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/10/20 11:53:16 | 000,264,664 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\h2jzi7h.plz -- (Winmgmt)
SRV - [2013/10/08 22:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/15 13:01:16 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Disabled] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/17 10:01:50 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/26 08:43:20 | 001,051,968 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/08/26 08:40:24 | 000,030,016 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/01/29 16:11:54 | 000,050,504 | ---- | M] (VoiceFive Networks, Inc.) [Auto] -- C:\Program Files\PremierOpinion\pmservice.exe -- (PremierOpinion)
SRV - [2008/11/24 08:10:31 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/07 11:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/08 11:13:46 | 000,212,480 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (upperdev)
DRV - File not found [Kernel | System] --  -- (sysaro)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (djlzwpnvwg)
DRV - [2011/08/29 18:54:22 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2011/05/31 01:14:41 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/24 08:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/23 04:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/06/09 01:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/06 11:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/01/06 16:05:42 | 000,199,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2003/10/15 12:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=f54a70ce-3952-11e1-9a63-0021853e7754
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://windiwsfsearch.com
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://windiwsfsearch.com/search?q=%s
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
 
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://windiwsfsearch.com
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://windiwsfsearch.com/search?q=%s
IE - HKU\*****_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\*****_ON_C\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKU\*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\System32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 07:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\PremierOpinion [2010/03/27 09:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/07 10:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/07 10:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/16 15:38:36 | 000,000,000 | ---D | M]
 
[2012/10/16 15:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/14 14:41:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/08/26 18:30:33 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/07 08:22:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/19 09:47:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/05/29 17:18:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/02/14 03:36:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/15 15:12:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/10/27 07:56:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/10/16 15:39:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/01/07 08:21:57 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/01/07 08:21:57 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2010/07/05 16:09:02 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/07/13 09:47:22 | 000,174,592 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Program Files\mozilla firefox\plugins\libcurl.dll
[2009/04/06 20:29:00 | 001,044,480 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/04/06 20:28:36 | 001,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2011/01/07 08:22:02 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 15:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2012/03/07 10:46:38 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/30 13:41:10 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/03/07 10:47:05 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2012/03/07 10:46:33 | 000,108,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/10/09 09:48:38 | 000,083,456 | ---- | M] (Sobee) -- C:\Program Files\mozilla firefox\plugins\NPSobeeICFLauncherMOZ.dll
[2010/03/01 08:37:48 | 000,018,432 | ---- | M] (Sobee) -- C:\Program Files\mozilla firefox\plugins\NPSobeeICFLauncherMOZ36.dll
[2011/10/27 09:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2009/04/06 20:29:00 | 000,200,704 | ---- | M] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2011/01/07 08:22:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/04/12 08:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/01/07 08:22:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/01/07 08:22:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/07/05 16:09:03 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2011/01/07 08:22:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/01/07 08:22:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/01/07 08:22:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {51B15F5A-E98B-4658-B9CB-9307B74773A7} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Sobee.ICFLauncherIE.Launcher) - {95a0101d-f8f8-4063-9545-0edd223b7819} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKU\*****_ON_C\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\*****_ON_C..\Run: [Google Update] C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\*****_ON_C..\Run: [Spotify Web Helper] C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp]  File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://www.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\*****_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/20 11:53:16 | 000,264,664 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\h2jzi7h.plz
[2013/10/18 10:10:50 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner
[2013/09/21 12:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(10)
[2013/09/21 12:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(11)
[2013/09/21 12:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(61)
[2013/06/12 06:52:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\qe7loqe.dat
[2013/06/12 06:52:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/20 14:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 14:25:21 | 277,482,642 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/20 14:23:35 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 14:23:35 | 000,004,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 14:19:40 | 095,025,368 | ---- | M] () -- C:\ProgramData\h7izj2h.pff
[2013/10/20 14:19:33 | 000,000,000 | ---- | M] () -- C:\ProgramData\h7izj2h.ctrl
[2013/10/20 13:17:18 | 001,593,856 | ---- | M] () -- C:\ProgramData\h7izj2h.fki
[2013/10/20 11:53:27 | 000,000,874 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7izj2h.lnk
[2013/10/20 11:53:16 | 000,264,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\h2jzi7h.plz
[2013/10/20 11:14:24 | 000,699,572 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/10/20 11:14:24 | 000,655,734 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/20 11:14:24 | 000,156,896 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/10/20 11:14:24 | 000,128,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/18 13:33:17 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA1ce82d78bb0d16b.job
[2013/10/18 08:33:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core1ce82d78b24604b.job
[2013/10/16 22:39:38 | 000,042,953 | ---- | M] () -- C:\Users\*****\Desktop\ste.JPG
[2013/10/16 21:44:40 | 000,000,216 | ---- | M] () -- C:\Users\*****\Desktop\Football Manager 2014.url
[2013/10/08 09:37:51 | 000,000,004 | ---- | M] () -- C:\Users\*****\AppData\Roaming\settings.ini
[2013/10/03 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****\AppData\Roaming\*.tmp files -> C:\Users\*****\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/20 11:58:08 | 001,593,856 | ---- | C] () -- C:\ProgramData\h7izj2h.fki
[2013/10/20 11:53:27 | 000,000,874 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h7izj2h.lnk
[2013/10/20 11:53:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\h7izj2h.ctrl
[2013/10/20 11:53:25 | 095,025,368 | ---- | C] () -- C:\ProgramData\h7izj2h.pff
[2013/10/16 22:39:34 | 000,042,953 | ---- | C] () -- C:\Users\*****\Desktop\ste.JPG
[2013/10/16 21:44:40 | 000,000,216 | ---- | C] () -- C:\Users\*****\Desktop\Football Manager 2014.url
[2013/10/08 09:37:11 | 000,000,004 | ---- | C] () -- C:\Users\*****\AppData\Roaming\settings.ini
[2013/09/14 12:45:53 | 000,181,113 | ---- | C] () -- C:\Users\*****\AppData\Local\7813e97f-519c-4e1c-8e0a-4aba8d383d10
[2013/06/12 07:18:45 | 000,001,152 | ---- | C] () -- C:\ProgramData\eqol7eq.js
[2013/06/12 06:52:54 | 095,023,320 | ---- | C] () -- C:\ProgramData\eqol7eq.pad
[2012/07/09 11:08:54 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/30 19:13:57 | 000,000,912 | ---- | C] () -- C:\Users\*****\AppData\Roaming\EasyToolz.ini
[2010/12/27 18:51:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/10/09 14:26:07 | 000,001,356 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2010/10/09 14:19:21 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2010/10/09 14:16:49 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/09/10 02:24:55 | 000,117,800 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/07/02 16:41:11 | 000,000,132 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/03/25 10:27:52 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010/03/25 10:27:51 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010/03/25 10:27:51 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010/01/26 14:25:46 | 000,280,376 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr_nav.dat
[2010/01/26 14:25:46 | 000,003,423 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr.dat
[2010/01/26 14:25:46 | 000,001,735 | ---- | C] () -- C:\Users\*****\AppData\Local\fstfr_navps.dat
[2009/09/24 08:20:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:20:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/02 10:06:56 | 000,000,088 | ---- | C] () -- C:\Users\*****\AppData\Local\bdaoknj.bat
[2009/02/03 10:33:43 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/03 10:33:43 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2009/02/03 10:12:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/11/06 14:34:55 | 000,000,093 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat
[2008/10/05 11:55:19 | 000,013,504 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2008/09/29 10:16:28 | 000,000,583 | ---- | C] () -- C:\Windows\eReg.dat
[2008/09/29 07:19:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/29 06:38:26 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/09/29 06:38:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/09/29 06:38:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/09/29 06:38:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/09/29 06:38:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/09/29 06:38:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/09/29 06:38:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/09/29 06:38:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/09/29 06:38:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/09/29 06:38:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/09/29 06:38:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/09/29 06:38:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/09/29 06:38:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/09/29 06:38:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/09/29 06:38:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/09/29 06:38:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/09/29 06:38:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/09/29 06:38:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/09/29 06:38:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/29 06:34:25 | 000,077,312 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/29 06:32:39 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/08/08 09:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/04 09:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/04 06:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/05/16 06:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/01/30 22:03:26 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/01/21 03:15:58 | 000,699,572 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,156,896 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 003,732,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,655,734 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,128,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2013/08/25 18:32:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2009/09/27 07:28:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BraCa_Soft
[2008/09/29 06:52:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Buhl Data Service GmbH
[2011/05/31 01:19:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2012/10/29 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Das Fussball Studio
[2012/09/10 13:41:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2011/09/25 15:30:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/09/30 12:37:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EA
[2008/11/03 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EasyMangosHandler
[2012/11/07 08:44:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FMRTE13
[2009/09/02 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FunkyEmoticons
[2008/11/01 15:12:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRight
[2012/12/06 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2013/09/18 06:46:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2010/02/01 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2012/08/10 08:28:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam
[2009/04/08 06:07:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MobMapUpdater
[2012/04/29 14:41:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MotioninJoy
[2008/11/20 17:22:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nokia
[2008/11/20 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NSeries
[2011/03/13 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\nswb
[2012/02/14 03:41:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2008/12/12 13:10:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2009/02/03 10:11:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit
[2013/08/05 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2008/11/20 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PC Suite
[2012/07/09 11:05:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC
[2010/02/28 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Publish Providers
[2008/11/28 19:13:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SecondLife
[2010/02/28 00:29:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony
[2012/11/03 05:39:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sports Interactive
[2013/10/20 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Spotify
[2011/09/06 10:44:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2010/02/28 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp
[2009/01/27 11:24:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Template
[2010/12/08 17:09:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2008/11/02 17:01:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2008/11/06 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Turbine
[2008/09/29 06:52:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2009/11/07 14:42:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2013/10/03 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/09/21 12:42:48 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1(61)
[2012/05/15 15:05:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/05/15 21:04:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2008/09/29 06:52:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2011/05/31 01:14:09 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2012/10/29 12:42:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Das Fussball Studio
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/27 18:33:56 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2010/09/17 11:15:28 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011/10/21 17:47:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/09/29 06:37:51 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/08/08 09:17:49 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2010/11/13 12:13:25 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2008/11/20 17:54:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2009/04/25 18:09:58 | 000,000,000 | ---D | M] -- C:\ProgramData\KONAMI
[2010/04/11 09:03:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2008/11/20 18:14:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2013/07/23 14:17:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2008/11/20 17:55:44 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/07/02 15:57:11 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/02/28 00:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2012/04/25 13:12:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Sports Interactive
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010/01/04 11:13:54 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/09/17 10:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/10/15 16:09:19 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2008/08/04 07:07:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/29 06:14:26 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/12/10 10:32:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2008/08/04 08:07:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/09/02 18:49:08 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/27 17:41:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/09/17 10:00:18 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/06/12 07:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2013/06/08 17:57:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core.job
[2013/06/11 14:57:01 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA.job
[2013/10/20 14:03:00 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal (1).mp4:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >
         
Angehängte Dateien
Dateityp: txt Extras.txt (39,9 KB, 146x aufgerufen)

Alt 21.10.2013, 06:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 22.10.2013, 16:42   #3
virus6610
 
Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



Der abgesicherte Modus funktioniert mittlerweile wieder.
Direkt nach dem (normalen) Hochfahren sehe ich für einige Sekunden meinen Desktop und es kommt die Nachricht (siehe Bild im Anhang).


Habe im abgesicherten Modus mit FRST gescant. Im Anhang FRST.txt und addition.txt
__________________
Miniaturansicht angehängter Grafiken
Windows Vista: Bundespolizei-Virus!-image.jpg  
Angehängte Dateien
Dateityp: txt Addition.txt (22,9 KB, 136x aufgerufen)
Dateityp: txt FRST.txt (35,2 KB, 156x aufgerufen)

Alt 23.10.2013, 06:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2013, 13:11   #5
virus6610
 
Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013
Ran by ***** at 2013-10-22 17:38:50
Running from J:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
AAA Logo 3.10 Free Trial
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 2.0.2.12610)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Reader 9 - Deutsch (Version: 9.0.0)
Adobe Shockwave Player (Version: 11)
Apache HTTP Server 2.2.14 (Version: 2.2.14)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007)
Audacity 1.2.6
avast! Free Antivirus (Version: 5.0.677.0)
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour (Version: 3.0.0.10)
Bus-Simulator 2009
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.2.0.0)
CamStudio
CCleaner (Version: 3.00)
Click to Call with Skype (Version: 5.6.8153)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Counter-Strike(TM) (Version: 1.0.0.0)
Counter-Strike: Source (Version: 1.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Das Fussball Studio 8.5.1 (Version: 8.5.1)
Diablo III (Version: 1.0.8.16603)
Die Sims Deluxe
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Web Player (Version: 1.4.3)
Emoticon Maker
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.3.0.0)
EPSON Easy Photo Print (Version: 1.5.0.0)
EPSON File Manager (Version: 1.3.0.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
EPSON-Drucker-Software
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Favorit
FIFA 12 (Version: 1.5.0.0)
FLV to AVI Converter
FM Genie Scout 13 version 1.0 13.3.3 (Version: 1.0 13.3.3)
FMRTE (Version: 3.0.231)
FMRTE (Version: 5.0.0)
FMRTE 13.1.3.40 (Version: 13.1.3.40)
FMRTE 5.2.5 (Version: 5.2.5)
fmXML version 0.3
Football Manager 2009 (Version: 9.0.0.1)
Football Manager 2010
Football Manager 2011
Football Manager 2012
Football Manager 2012 Editor
Football Manager 2013
Football Manager 2013 Editor
Football Manager 2014
Free Audio CD Burner version 1.4.7
Free FLV Converter V 6.6.4
Free NaturalReader (Version: 9.0)
Free Video to iPhone Converter version 2.2
Free Video to Mp3 Converter version 3.2
Free YouTube Download version 3.0.16.923
Free YouTube to iPhone Converter version 2.11.30.903 (Version: 2.11.30.903)
Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903)
FUSSBALL MANAGER 12 (Version: 1.0.0.3)
GIF Movie Gear
GIMP 2.6.9 (Version: 2.6.9)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Desktop (Version: 5.9.1005.12335)
Grand Theft Auto San Andreas (Version: 1.00.00001)
iCloud (Version: 1.1.0.40)
ICQ7.5 (Version: 7.5)
Intel(R) Network Connections 13.0.42.0 (Version: 13.0.42.0)
Intel® Matrix Storage Manager
IrfanView (remove only)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.2)
Java(TM) 6 Update 22 (Version: 6.0.220)
Java(TM) 6 Update 37 (Version: 6.0.370)
LetsTrade Komponenten
LiveVDO plugin 1.3 (Version: 1.3)
Logitech Eyetoy Webcam
LogMeIn Hamachi (Version: 2.1.0.274)
Malwarebytes Anti-Malware Version 1.61.0.1400 (Version: 1.61.0.1400)
ManyCam 2.6.43 (remove only) (Version: 2.6.43)
Messenger Plus! 5 (Version: 5.01.0.706)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2003 Runtime (Version: 11.0.8173.0)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007-Testversion (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Minecraft Beta Version 1.7.3 (Version: 1.7.3)
MobileMe Control Panel (Version: 3.1.8.0)
MobMap 5.30
MotioninJoy ds3 driver version 0.6.0004 (Version: 0.6.00001)
Mozilla Firefox (3.6.8) (Version: 3.6.8 (de))
MSN BackUp 1.3.2 (Version: 1.3.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MtfSE  2.50
MtfSE300 (Version: 3.0.1)
Nero 8 Essentials (Version: 8.3.124)
neroxml (Version: 1.0.0)
Norton Security Scan (Version: 2.7.3.34)
Nuclear Coffee - VideoGet (Version: 2011)
NVIDIA Drivers
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.61 (Version: 11.61.1250)
Origin (Version: 8.5.2.23)
Paint.NET v3.5.10 (Version: 3.60.0)
PC Connectivity Solution (Version: 6.43.14.0)
PDFCreator (Version: 1.1.0)
PokerStars.eu
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5618)
REALTEK RTL8187 Wireless LAN Driver (Version: 1.00.0000)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
Search Settings 1.2
Segoe UI (Version: 15.4.2271.0615)
SimCity™ (Version: 1.0.0.0)
Skype™ 5.10 (Version: 5.10.116)
SopCast 3.0.3 (Version: 3.0.3)
Source SDK
Source SDK Base
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Steam(TM) (Version: 1.0.0.0)
StuffPlug 3 (Version: 3.5.590)
SUPER © Version 2009.bld.35 (Jan 5, 2009) (Version: Version 2009.bld.35 (Jan 5, 2009))
Supreme Auction
TeamSpeak 2 RC2 (Version: 2.0.32.60)
TeamSpeak 3 Client
TuneUp Utilities (Version: 9.0.4600.2)
TuneUp Utilities 2008 (Version: 7.0.8009)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.4600.2)
TVUPlayer 2.5.2.1 (Version: 2.5.2.1)
Ulead PhotoImpact 12 (Version: 12.0)
Uninstall 1.0.0.1
Uninstall Sound Clips for Messenger
Unity Web Player (Version: 2.5.1f5_24931)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Zip Extractor
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
Veetle TV 0.9.17 (Version: 0.9.17)
Vegas Pro 9.0 (Version: 9.0.896)
VLC media player 0.9.8a (Version: 0.9.8a)
vShare.tv plugin 1.3 (Version: 1.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
Wisdom-soft Set up ASR 3.1 Free
World of Warcraft (Version: 5.3.0.17128)
Xfire (remove only)

==================== Restore Points  =========================

27-05-2013 14:31:00 Geplanter Prüfpunkt
28-05-2013 11:08:54 Windows Update
31-05-2013 14:40:41 Windows Update
01-06-2013 03:01:47 Geplanter Prüfpunkt
04-06-2013 10:13:54 Windows Update
07-06-2013 14:06:28 Windows Update
09-06-2013 14:43:18 Geplanter Prüfpunkt
11-06-2013 06:19:57 Geplanter Prüfpunkt
11-06-2013 06:57:52 Windows Update
13-06-2013 01:00:31 Windows Update
13-06-2013 01:21:57 Windows Update
06-08-2013 14:16:24 Removed Ask Toolbar.
18-09-2013 10:02:35 Installed LibreOffice 4.1.1.2
18-09-2013 10:11:21 Microsoft Office Access Runtime (German) 2007 wird installiert
18-09-2013 10:24:36 Removed LibreOffice 4.1.1.2
18-09-2013 19:27:58 Microsoft Office Access Runtime (German) 2007 wird entfernt
21-09-2013 16:36:17 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
21-09-2013 16:37:23 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
17-10-2013 01:58:51 DirectX wurde installiert

==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10B65E1F-0513-41D8-B67D-BAB9E9F5796F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core1ce82d78b24604b => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-23] (Google Inc.)
Task: {DDF6D19F-0D57-4706-B3EF-F14286B1A982} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA1ce82d78bb0d16b => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-23] (Google Inc.)
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core1ce82d78b24604b.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA1ce82d78bb0d16b.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for *****.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
AlternateDataStreams: C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal (1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\*****\Documents\Elano_blumer_GALATASARAY_first_goal.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: Nokia N95
Description: Nokia N95
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2013 05:39:31 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Removed LibreOffice 4.1.1.2). Zusätzliche Informationen: .

Error: (10/22/2013 05:35:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 05:34:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/22/2013 05:29:48 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 08:26:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 08:06:24 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Gerätetreiber-Paketinstallation: Apple Netzwerkadapter). Zusätzliche Informationen: .

Error: (10/22/2013 08:03:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 08:02:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/22/2013 06:22:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/22/2013 06:11:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/22/2013 05:35:19 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: AFD
aswRdr
aswSP
aswTdi
DfsC
i8042prt
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Netzwerkspeicher-Schnittstellendienst%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: Apache2.2Ancilliary Function Driver for Winsock%%31

Error: (10/22/2013 05:35:16 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-22 17:37:34.221
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:37:34.034
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:37:33.863
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:37:33.675
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:36:52.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:36:52.725
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:36:52.476
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 17:36:52.289
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 20:04:54.871
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 20:04:54.700
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\aswSP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 3069.45 MB
Available physical RAM: 2378.89 MB
Total Pagefile: 6339.9 MB
Available Pagefile: 5879.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.56 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:576.15 GB) (Free:248.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:12.38 GB) FAT32
Drive j: () (Removable) (Total:3.94 GB) (Free:0.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: E9D76B77)
Partition 1: (Active) - (Size=576 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 3F5AEF5E)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by ***** (administrator) on *****-PC on 22-10-2013 17:37:18
Running from J:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(Microsoft Corporation) C:\Windows\system32\rstrui.exe
(Microsoft Corporation) C:\Windows\helppane.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Runonce: [ Malwarebytes Anti-Malware  (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
HKLM\...\Runonce: [Del147592] - cmd.exe /Q /D /c del "C:\Users\*****\AppData\Local\Temp\0.del"
HKCU\...\Runonce: [Del147592] - cmd.exe /Q /D /c del "C:\Users\*****\AppData\Local\Temp\0.del"
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
MountPoints2: {7d70b266-8b40-11e0-ad93-0021853e7754} - I:\cdstart.exe
MountPoints2: {b5d22c87-10ee-11e0-82d5-0021853e7754} - I:\Menu.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\testt\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [ 2010-07-05] (Google)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
URLSearchHook: (No Name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&q={searchTerms}
SearchScopes: HKLM - {2896495D-3682-48B2-9738-9B3F41F1E321} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKLM - {59E7C0BB-76B2-49D2-8C71-13F73B2F7785} URL = hxxp://startsear.ch/?aff=2&src=sp&cf=f54a70ce-3952-11e1-9a63-0021853e7754&q={searchTerms}
SearchScopes: HKLM - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://startsear.ch/?aff=2&src=sp&cf=f54a70ce-3952-11e1-9a63-0021853e7754&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62&q={searchTerms}
SearchScopes: HKCU - {0B385EE3-EE18-4C69-BF55-6B6B406EF591} URL = hxxp://www.qwewebsearch.com/index.php?b=1&t=0&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKCU - {2896495D-3682-48B2-9738-9B3F41F1E321} URL = 
SearchScopes: HKCU - {4A26FB10-3BED-4EBE-A27A-D0605AC6D059} URL = hxxp://windiwsfsearch.com/search?q={searchTerms}
SearchScopes: HKCU - {5C079016-055C-4F20-B2D7-316B746DE73E} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://startsear.ch/?aff=2&src=sp&cf=f54a70ce-3952-11e1-9a63-0021853e7754&q={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=jE761PY-X9Nf-dkEl7wQXPJKh2s?q={searchTerms}
SearchScopes: HKCU - {8487A698-B542-4125-9AF8-F94A2E683A61} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=f54a70ce-3952-11e1-9a63-0021853e7754&q={searchTerms}
SearchScopes: HKCU - {877BB750-F8DF-4412-85C0-FD044D5D09FE} URL = hxxp://www.dealio.com/products.html?kwd={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = hxxp://search.bearshare.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {F815C029-29EE-4A42-BD73-79FAF4650706} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vdio2&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Sobee.ICFLauncherIE.Launcher - {95a0101d-f8f8-4063-9545-0edd223b7819} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
Toolbar: HKCU - No Name - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} -  No File
Toolbar: HKCU - No Name - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://www.powerchallenge.com/applet/PowerLoader.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\user.js
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://startsear.ch/?aff=2&cf=f54a70ce-3952-11e1-9a63-0021853e7754
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF DefaultSearchEngine: ICQ Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\3his33us.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\PremierOpinion
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome: 
=======
CHR DefaultSearchURL: (Conduit Search) - hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPE7CEA549-C30E-4516-9D57-B4A163989F62&q={searchTerms}
CHR DefaultSuggestURL: (Conduit Search) - hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (AdBlock) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Proxy link for YouTube\u2122) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpccpcaielehgefaagocjkkgkafaabdp\1.2.3_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (vshare plugin) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0
CHR Extension: (Click to call with Skype) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (LiveVDO plugin) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [pbiamblgmkgbcgbcgejjgebalncpmhnp] - C:\Program Files\StartSearch plugin\vshareplg.crx
CHR StartMenuInternet: Google Chrome - C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-11-24] (Lavasoft)
S2 Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [24645 2009-09-28] (Apache Software Foundation)
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-09-07] (AVAST Software)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-05] (Google)
S4 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-11-15] (LogMeIn Inc.)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2010-09-17] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051968 2010-08-26] (TuneUp Software)
S3 usprserv; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [17744 2010-09-07] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [50768 2010-09-07] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [23376 2010-09-07] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [165584 2010-09-07] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [46672 2010-09-07] (AVAST Software)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-05-31] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2011-08-30] (MotioninJoy)
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [199680 2007-01-06] (Realtek Semiconductor Corporation                           )
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-24] (TuneUp Software)
S3 djlzwpnvwg; \??\C:\Users\*****\Desktop\djlzwpnvwg.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U1 sysaro; \??\C:\Windows\system32\drivers\sysaro.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 20:26 - 2013-10-22 20:26 - 00000020 ___SH C:\Users\testt\ntuser.ini
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Startmenü
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Netzwerkumgebung
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Druckumgebung
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Documents\Eigene Musik
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Documents\Eigene Bilder
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\AppData\Local\Verlauf
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 ____D C:\Users\testt\AppData\Local\VirtualStore
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 ____D C:\Users\testt
2013-10-22 20:26 - 2010-03-26 13:43 - 00000000 ____D C:\Users\testt\AppData\Roaming\Macromedia
2013-10-22 20:26 - 2008-10-02 13:34 - 00000000 ____D C:\Users\testt\AppData\Local\Microsoft Help
2013-10-22 20:26 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\testt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-22 20:26 - 2008-01-21 04:42 - 00000000 ___RD C:\Users\testt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-22 20:01 - 2013-10-22 20:01 - 00142936 _____ C:\Windows\Minidump\Mini102213-02.dmp
2013-10-22 18:09 - 2013-10-22 18:09 - 00142936 _____ C:\Windows\Minidump\Mini102213-01.dmp
2013-10-22 17:37 - 2013-10-22 17:37 - 00000000 ____D C:\FRST
2013-10-22 17:35 - 2013-10-22 17:35 - 00000938 _____ C:\Users\*****\Desktop\Continue Zip Extractor Installation.lnk
2013-10-22 17:35 - 2013-10-22 17:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\DigitalSite
2013-10-22 17:28 - 2013-10-22 17:28 - 00142936 _____ C:\Windows\Minidump\Mini102213-03.dmp
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\Users\testt\AppData\Roaming\TuneUp Software
2013-10-21 20:22 - 2013-10-21 20:22 - 00142936 _____ C:\Windows\Minidump\Mini102113-08.dmp
2013-10-21 17:23 - 2013-10-21 17:23 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-21 17:23 - 2012-04-04 15:56 - 00022344 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 17:22 - 2013-10-21 13:46 - 10063000 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup.exe
2013-10-21 17:21 - 2013-10-21 17:22 - 00095746 _____ C:\Users\*****\Desktop\Extras.Txt
2013-10-21 17:20 - 2013-10-21 17:21 - 00098816 _____ C:\Users\*****\Desktop\OTL.Txt
2013-10-21 17:10 - 2013-10-21 13:41 - 00602112 _____ (OldTimer Tools) C:\Users\*****\Desktop\OTL.exe
2013-10-21 16:44 - 2013-10-21 16:44 - 00142936 _____ C:\Windows\Minidump\Mini102113-07.dmp
2013-10-21 09:02 - 2013-10-21 09:02 - 00000000 ____D C:\_OTL
2013-10-21 05:35 - 2013-10-21 05:35 - 00115456 _____ C:\OTL.Txt
2013-10-21 05:35 - 2013-10-21 05:35 - 00040822 _____ C:\Extras.Txt
2013-10-21 03:41 - 2013-10-21 03:41 - 00142936 _____ C:\Windows\Minidump\Mini102113-06.dmp
2013-10-21 03:21 - 2013-10-21 03:21 - 00142936 _____ C:\Windows\Minidump\Mini102113-05.dmp
2013-10-21 03:19 - 2013-10-21 03:19 - 00142936 _____ C:\Windows\Minidump\Mini102113-04.dmp
2013-10-21 03:10 - 2013-10-21 03:11 - 00142936 _____ C:\Windows\Minidump\Mini102113-03.dmp
2013-10-21 03:08 - 2013-10-21 03:08 - 00142936 _____ C:\Windows\Minidump\Mini102113-02.dmp
2013-10-21 03:06 - 2013-10-21 03:06 - 00142936 _____ C:\Windows\Minidump\Mini102113-01.dmp
2013-10-20 23:57 - 2013-10-20 23:57 - 00142936 _____ C:\Windows\Minidump\Mini102013-08.dmp
2013-10-20 23:52 - 2013-10-20 23:52 - 00142936 _____ C:\Windows\Minidump\Mini102013-07.dmp
2013-10-20 20:25 - 2013-10-20 20:25 - 00142936 _____ C:\Windows\Minidump\Mini102013-06.dmp
2013-10-20 20:21 - 2013-10-20 20:21 - 00142936 _____ C:\Windows\Minidump\Mini102013-05.dmp
2013-10-20 20:16 - 2013-10-20 20:16 - 00142936 _____ C:\Windows\Minidump\Mini102013-04.dmp
2013-10-20 20:02 - 2013-10-20 20:02 - 00142936 _____ C:\Windows\Minidump\Mini102013-03.dmp
2013-10-20 19:56 - 2013-10-20 19:56 - 00142936 _____ C:\Windows\Minidump\Mini102013-02.dmp
2013-10-20 19:30 - 2013-10-20 19:30 - 00142936 _____ C:\Windows\Minidump\Mini102013-01.dmp
2013-10-18 16:10 - 2013-10-18 16:11 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner
2013-10-18 16:10 - 2013-10-18 16:10 - 00657314 _____ C:\Users\*****\Downloads\sprachkursjobbeninparisbewerbungsunterlagen.zip
2013-10-17 16:37 - 2013-10-17 16:37 - 00000865 _____ C:\Users\*****\.recently-used.xbel
2013-10-17 03:44 - 2013-10-17 03:44 - 00000216 _____ C:\Users\*****\Desktop\Football Manager 2014.url
2013-10-08 15:43 - 2011-11-18 22:23 - 00108544 _____ C:\Users\*****\AppData\Roaming\trz5BB6.tmp
2013-10-08 15:37 - 2013-10-08 15:37 - 00000004 _____ C:\Users\*****\AppData\Roaming\settings.ini

==================== One Month Modified Files and Folders =======

2013-10-22 20:26 - 2013-10-22 20:26 - 00000020 ___SH C:\Users\testt\ntuser.ini
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Startmenü
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Netzwerkumgebung
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Druckumgebung
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Documents\Eigene Musik
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\Documents\Eigene Bilder
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 _SHDL C:\Users\testt\AppData\Local\Verlauf
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 ____D C:\Users\testt\AppData\Local\VirtualStore
2013-10-22 20:26 - 2013-10-22 20:26 - 00000000 ____D C:\Users\testt
2013-10-22 20:26 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 20:26 - 2006-11-02 14:47 - 00004144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 20:26 - 2006-11-02 14:47 - 00004144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 20:08 - 2011-11-29 23:05 - 01919245 _____ C:\Windows\WindowsUpdate.log
2013-10-22 20:01 - 2013-10-22 20:01 - 00142936 _____ C:\Windows\Minidump\Mini102213-02.dmp
2013-10-22 18:09 - 2013-10-22 18:09 - 00142936 _____ C:\Windows\Minidump\Mini102213-01.dmp
2013-10-22 17:37 - 2013-10-22 17:37 - 00000000 ____D C:\FRST
2013-10-22 17:35 - 2013-10-22 17:35 - 00000938 _____ C:\Users\*****\Desktop\Continue Zip Extractor Installation.lnk
2013-10-22 17:35 - 2013-10-22 17:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\DigitalSite
2013-10-22 17:28 - 2013-10-22 17:28 - 00142936 _____ C:\Windows\Minidump\Mini102213-03.dmp
2013-10-22 17:28 - 2012-08-13 16:37 - 275074130 _____ C:\Windows\MEMORY.DMP
2013-10-22 17:28 - 2008-09-29 12:44 - 00000000 ____D C:\Windows\Minidump
2013-10-22 17:26 - 2013-10-22 17:26 - 00000000 ____D C:\Users\testt\AppData\Roaming\TuneUp Software
2013-10-21 20:22 - 2013-10-21 20:22 - 00142936 _____ C:\Windows\Minidump\Mini102113-08.dmp
2013-10-21 20:20 - 2013-01-14 17:21 - 00020664 _____ C:\Windows\PFRO.log
2013-10-21 20:19 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Speech
2013-10-21 17:23 - 2013-10-21 17:23 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 17:23 - 2013-10-21 17:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-21 17:22 - 2013-10-21 17:21 - 00095746 _____ C:\Users\*****\Desktop\Extras.Txt
2013-10-21 17:21 - 2013-10-21 17:20 - 00098816 _____ C:\Users\*****\Desktop\OTL.Txt
2013-10-21 16:44 - 2013-10-21 16:44 - 00142936 _____ C:\Windows\Minidump\Mini102113-07.dmp
2013-10-21 13:46 - 2013-10-21 17:22 - 10063000 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Desktop\mbam-setup.exe
2013-10-21 13:41 - 2013-10-21 17:10 - 00602112 _____ (OldTimer Tools) C:\Users\*****\Desktop\OTL.exe
2013-10-21 09:02 - 2013-10-21 09:02 - 00000000 ____D C:\_OTL
2013-10-21 05:35 - 2013-10-21 05:35 - 00115456 _____ C:\OTL.Txt
2013-10-21 05:35 - 2013-10-21 05:35 - 00040822 _____ C:\Extras.Txt
2013-10-21 05:33 - 2008-09-29 12:17 - 00000000 ____D C:\Users\*****
2013-10-21 03:49 - 2010-09-19 21:48 - 00002488 _____ C:\Windows\system32\OSSService.log
2013-10-21 03:41 - 2013-10-21 03:41 - 00142936 _____ C:\Windows\Minidump\Mini102113-06.dmp
2013-10-21 03:21 - 2013-10-21 03:21 - 00142936 _____ C:\Windows\Minidump\Mini102113-05.dmp
2013-10-21 03:19 - 2013-10-21 03:19 - 00142936 _____ C:\Windows\Minidump\Mini102113-04.dmp
2013-10-21 03:11 - 2013-10-21 03:10 - 00142936 _____ C:\Windows\Minidump\Mini102113-03.dmp
2013-10-21 03:08 - 2013-10-21 03:08 - 00142936 _____ C:\Windows\Minidump\Mini102113-02.dmp
2013-10-21 03:06 - 2013-10-21 03:06 - 00142936 _____ C:\Windows\Minidump\Mini102113-01.dmp
2013-10-20 23:57 - 2013-10-20 23:57 - 00142936 _____ C:\Windows\Minidump\Mini102013-08.dmp
2013-10-20 23:52 - 2013-10-20 23:52 - 00142936 _____ C:\Windows\Minidump\Mini102013-07.dmp
2013-10-20 20:25 - 2013-10-20 20:25 - 00142936 _____ C:\Windows\Minidump\Mini102013-06.dmp
2013-10-20 20:21 - 2013-10-20 20:21 - 00142936 _____ C:\Windows\Minidump\Mini102013-05.dmp
2013-10-20 20:19 - 2012-03-01 16:19 - 00000000 ___RD C:\Users\*****\Desktop\0
2013-10-20 20:16 - 2013-10-20 20:16 - 00142936 _____ C:\Windows\Minidump\Mini102013-04.dmp
2013-10-20 20:03 - 2006-11-02 15:01 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 20:02 - 2013-10-20 20:02 - 00142936 _____ C:\Windows\Minidump\Mini102013-03.dmp
2013-10-20 19:56 - 2013-10-20 19:56 - 00142936 _____ C:\Windows\Minidump\Mini102013-02.dmp
2013-10-20 19:30 - 2013-10-20 19:30 - 00142936 _____ C:\Windows\Minidump\Mini102013-01.dmp
2013-10-20 17:24 - 2013-06-09 02:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\Spotify
2013-10-20 17:14 - 2008-01-21 09:16 - 01635950 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-20 15:51 - 2008-09-29 15:42 - 00000000 ____D C:\Program Files\Steam
2013-10-18 19:33 - 2013-07-17 12:22 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001UA1ce82d78bb0d16b.job
2013-10-18 16:11 - 2013-10-18 16:10 - 00000000 ____D C:\Users\*****\Desktop\Neuer Ordner
2013-10-18 16:10 - 2013-10-18 16:10 - 00657314 _____ C:\Users\*****\Downloads\sprachkursjobbeninparisbewerbungsunterlagen.zip
2013-10-18 14:33 - 2013-07-17 12:22 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205083441-3424720398-1257785724-1001Core1ce82d78b24604b.job
2013-10-17 16:38 - 2009-01-18 03:08 - 00000000 ____D C:\Users\*****\.gimp-2.6
2013-10-17 16:37 - 2013-10-17 16:37 - 00000865 _____ C:\Users\*****\.recently-used.xbel
2013-10-17 04:02 - 2010-10-21 02:27 - 00000000 ____D C:\Users\*****\AppData\Local\Sports Interactive
2013-10-17 04:02 - 2009-06-28 19:34 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2013-10-17 04:02 - 2009-04-17 23:32 - 00000000 ____D C:\Users\*****\Documents\Sports Interactive
2013-10-17 03:44 - 2013-10-17 03:44 - 00000216 _____ C:\Users\*****\Desktop\Football Manager 2014.url
2013-10-17 03:39 - 2008-09-29 15:49 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-10-17 00:25 - 2013-06-09 02:36 - 00000000 ____D C:\Users\*****\AppData\Local\Spotify
2013-10-08 15:37 - 2013-10-08 15:37 - 00000004 _____ C:\Users\*****\AppData\Roaming\settings.ini
2013-10-03 21:57 - 2013-09-21 18:37 - 00000000 ____D C:\Users\*****\{ab52a2f7-b140-4edf-8fa7-2308f5c93de3}
2013-10-03 21:57 - 2012-09-20 11:24 - 00000000 ____D C:\Program Files\iPod
2013-10-03 21:57 - 2012-09-20 11:23 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-03 21:57 - 2012-09-20 11:23 - 00000000 ____D C:\Program Files\iTunes
2013-10-03 21:57 - 2009-10-04 17:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-10-03 21:57 - 2008-10-14 13:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-03 21:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-03 21:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-10-03 21:57 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-10-03 21:57 - 2006-11-02 12:22 - 60293120 _____ C:\Windows\system32\config\software_previous
2013-10-03 21:57 - 2006-11-02 12:22 - 43778048 _____ C:\Windows\system32\config\components_previous
2013-10-03 21:57 - 2006-11-02 12:22 - 36438016 _____ C:\Windows\system32\config\system_previous
2013-10-03 21:57 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-03 21:57 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-03 21:57 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-09-30 19:04 - 2010-10-29 16:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\*****\AppData\Roaming\settings.ini
C:\ProgramData\qe7loqe.dat
C:\Users\*****\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\2cxsaquh.dll
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\bapcmodbkbslkhtmclu.bfg
C:\Users\*****\AppData\Local\Temp\bgyuvlqekjictrvfkmq.bfg
C:\Users\*****\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\*****\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jvdssmovoibaaeakkhm.bfg
C:\Users\*****\AppData\Local\Temp\nsd95C4.exe
C:\Users\*****\AppData\Local\Temp\nsd97E7.exe
C:\Users\*****\AppData\Local\Temp\nshD2FB.exe
C:\Users\*****\AppData\Local\Temp\nsi3941.exe
C:\Users\*****\AppData\Local\Temp\nsy34BD.exe
C:\Users\*****\AppData\Local\Temp\nsy36E0.exe
C:\Users\*****\AppData\Local\Temp\nsy92E6.exe
C:\Users\*****\AppData\Local\Temp\osoxedjltq.exe
C:\Users\*****\AppData\Local\Temp\pibanxyqldmatypbjka.exe
C:\Users\*****\AppData\Local\Temp\pydthtmtemxaxqgwbvq.bfg
C:\Users\*****\AppData\Local\Temp\udjtlldaokktincgsya.bfg
C:\Users\*****\AppData\Local\Temp\vwqbiytiyg0.exe
C:\Users\*****\AppData\Local\Temp\WinProcess.exe
C:\Users\*****\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 17:46

==================== End Of Log ============================
         
--- --- ---


Alt 23.10.2013, 15:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista: Bundespolizei-Virus! - Standard

Windows Vista: Bundespolizei-Virus!



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows Vista: Bundespolizei-Virus!

Antwort

Themen zu Windows Vista: Bundespolizei-Virus!
ad-aware, antivirus, autorun, avast, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, helper, home, logfile, realtek, registry, rundll, schannel.dll, searchsettings.dll, security, senden, software, spotify web helper, vista, windows



Ähnliche Themen: Windows Vista: Bundespolizei-Virus!


  1. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  2. Windows XP: Sperrschirm nach Bundespolizei-Virus
    Log-Analyse und Auswertung - 02.02.2014 (9)
  3. Windows Vista - Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (3)
  4. Bundespolizei Virus - Windows Vista
    Log-Analyse und Auswertung - 13.11.2013 (11)
  5. Windows Vista: Fake-nachricht Bundespolizei - jetzt weißer Bildschirm beim hochfahren
    Log-Analyse und Auswertung - 07.08.2013 (15)
  6. Bundespolizei Virus / Windows 7 PC
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (29)
  7. GVU/Bundespolizei Trojaner - Windows Vista Home Version
    Log-Analyse und Auswertung - 15.10.2012 (3)
  8. Bundespolizei Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (25)
  9. Bundespolizei Virus - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  10. bundespolizei virus windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  11. AKM Virus Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (4)
  12. Windows System blockiert - Virus Windows Vista
    Log-Analyse und Auswertung - 17.02.2012 (13)
  13. Bundespolizei-Virus....OTL-logs im Anhang....windows.exe?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (3)
  14. Trojaner Bundespolizei Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 18.10.2011 (6)
  15. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)
  16. Bundespolizei-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  17. Bundespolizei-Virus: Sicherung der Daten (Vista)
    Plagegeister aller Art und deren Bekämpfung - 29.07.2011 (1)

Zum Thema Windows Vista: Bundespolizei-Virus! - Habe leider seit heute morgen den Bundespolizei-Virus auf dem Rechner. Abgesicherter Modus funktioniert nicht (fährt runter bzw. normal hoch kurz bevor der abgesicherte Modus kommt) und normal komme ich natürlich - Windows Vista: Bundespolizei-Virus!...
Archiv
Du betrachtest: Windows Vista: Bundespolizei-Virus! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.