Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.05.2012, 11:34   #1
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Hallo.

Sitze hier vor dem Rechner meiner Mutter, und sehe nach dem normalen Start von Windows (W7 pro - 32bit) - nur den Bilderschirm "willkommen bei microsoft windows update" und das ich 100€ bzw. 50€ per eingabe eines codes zahlen soll. Task manager geht. Aber sonst nichts.

Was kann ich tun - vielen Dank für Eure Hilfe.

Grüße,
patric

Alt 14.05.2012, 13:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 14.05.2012, 13:15   #3
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Habe ich gerade versucht - JA funktioniert noch!
__________________

Alt 14.05.2012, 13:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2012, 15:27   #5
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Hallo Arne,

erstmal vielen Dank, dass Du mir hilfst.

Gerade läuft der Scan mit malwarebytes. Die infizierten Dateien lösche ich nach dem Scan und poste den Log. Dauert wohl noch ein bisschen.

Gruß

Hier das Log-file von malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.14.03

Windows 7 x86 FAT32 (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Setari :: SETARI-HP [Administrator]

Schutz: Deaktiviert

14.05.2012 16:08:26
mbam-log-2012-05-14 (16-35-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335479
Laufzeit: 25 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|32660706 (Trojan.FakeAlert.H) -> Daten: C:\Users\Setari\AppData\Roaming\Algauerpvlg\ACA21F7E32660706C9FA.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Setari\AppData\Roaming\Algauerpvlg\ACA21F7E32660706C9FA.exe (Trojan.FakeAlert.H) -> Keine Aktion durchgeführt.
C:\Users\Setari\AppData\Local\Temp\xndjtdjtof.pre (Trojan.FakeAlert.H) -> Keine Aktion durchgeführt.
C:\Users\Setari\AppData\Local\Temp\ywfpwfpcky.pre (Trojan.FakeAlert.H) -> Keine Aktion durchgeführt.

(Ende)
         


Alt 14.05.2012, 18:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Lt. Log hast du die Dateien nicht gelöscht mit Malwarebytes
Und was ist mit ESET, braucht das noch?
__________________
--> PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash

Alt 14.05.2012, 21:29   #7
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Hallo Arne,

hier der eset log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b193e506edaac14ca9f4d4f8a0f0b58c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 03:24:37
# local_time=2012-05-14 05:24:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=770 16774142 100 100 49350230 113716476 0 0
# compatibility_mode=5893 16776574 100 94 945341 88637795 0 0
# compatibility_mode=8192 67108863 100 0 87 87 0 0
# scanned=163886
# found=0
# cleaned=0
# scan_time=2473
         
Tut mir leid, dass es so spät wurde.

Habe Besuch bekommen und mußte mit einem Freund drei Flaschne Vin Rouge trinken.......

Alt 15.05.2012, 08:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2012, 10:00   #9
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Soweit ich das sehe ist alles noch da und der normale Modus funktioniert wieder ohne Probleme.

Grüße,
Patric

Alt 15.05.2012, 12:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2012, 18:13   #11
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



So, der OTL Scan ist durch und folgender Log wurde generiert:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/15/2012 6:24:43 PM - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Setari\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.89% Memory free
5.93 Gb Paging File | 5.07 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.86 Gb Total Space | 397.40 Gb Free Space | 87.18% Space Free | Partition Type: NTFS
Drive D: | 9.80 Gb Total Space | 1.18 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive E: | 7.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive G: | 7.53 Gb Total Space | 0.66 Gb Free Space | 8.78% Space Free | Partition Type: FAT32
 
Computer Name: SETARI-HP | User Name: Setari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/15 14:04:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/02/11 19:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/08/25 04:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/30 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
MOD - [2008/02/22 10:22:32 | 000,055,792 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/14 14:15:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/04/04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/26 15:15:45 | 000,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/02/26 11:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/07/31 13:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)
DRV - [2008/02/22 10:22:52 | 000,009,168 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2008/02/22 10:22:38 | 000,094,384 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2008/02/22 10:22:38 | 000,034,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2008/02/22 10:22:36 | 000,097,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2008/02/22 10:22:36 | 000,026,032 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2008/02/22 10:22:34 | 000,032,208 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2008/02/22 10:22:34 | 000,014,256 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2008/02/22 10:22:32 | 000,104,240 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {43DB6CC5-647F-44C2-909C-377D1057BA8C}
IE - HKLM\..\SearchScopes\{32A14230-3B47-4D55-9695-F7AA5DBC8E67}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{43DB6CC5-647F-44C2-909C-377D1057BA8C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes,DefaultScope = {43DB6CC5-647F-44C2-909C-377D1057BA8C}
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes\{32A14230-3B47-4D55-9695-F7AA5DBC8E67}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes\{43DB6CC5-647F-44C2-909C-377D1057BA8C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/05/14 22:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 14:15:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/14 14:15:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/09 16:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/10/21 17:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Extensions
[2010/10/21 17:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/15 18:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Firefox\Profiles\eof36ric.default\extensions
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-1.xml.szne
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-10.xml.ijnx
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-11.xml.bgvr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-12.xml.xotb
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-13.xml.nkot
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-14.xml.pkmf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-15.xml.kmft
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-16.xml.mwpc
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-17.xml.nmwp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-18.xml.cyyo
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-19.xml.cfcf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-2.xml.ftih
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-20.xml.mdxs
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-21.xml.qyfq
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-3.xml.fcwn
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-4.xml.yftd
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-5.xml.yywp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-6.xml.eavr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-7.xml.fpeg
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-8.xml.xjnh
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-9.xml.fcnq
[2012/05/03 18:04:45 | 000,000,962 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin.xml.yykm
[2012/05/14 14:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/14 22:32:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/05/14 14:15:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 14:15:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/14 14:15:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/14 14:15:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/14 14:15:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/14 14:15:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/14 14:15:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-627805222-3500879786-540079800-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31543A93-69F3-4A0F-BCB1-824256E1F042}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/17 10:45:10 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF1.02 ]
O32 - AutoRun File - [2008/07/29 12:38:20 | 000,000,081 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - E:\AutoRunCD.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2010/08/19 13:37:50 | 000,000,192 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/15 18:21:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
[2012/05/14 22:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 22:45:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/14 22:33:47 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/14 22:32:33 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/14 16:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/14 16:07:50 | 000,000,000 | ---D | C] -- C:\Users\Setari\AppData\Roaming\Malwarebytes
[2012/05/14 16:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/14 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2012/05/03 16:08:09 | 000,000,000 | R--D | C] -- C:\Users\Setari\Documents\Scanned Documents
[2012/05/03 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\Setari\Documents\Fax
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/15 18:25:49 | 000,707,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/15 18:25:49 | 000,661,300 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/15 18:25:49 | 000,153,190 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/15 18:25:49 | 000,125,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/15 18:23:05 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 18:23:05 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 18:15:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/15 18:15:19 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 14:04:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
[2012/05/14 22:57:56 | 000,354,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/14 22:32:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/03 18:05:05 | 000,540,874 | ---- | M] () -- C:\Users\Setari\locked-Personalfragebogen.eml.avrw
[2012/04/30 10:40:49 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSetari.job
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:15:37 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/20 18:10:55 | 000,000,094 | ---- | C] () -- C:\Users\Setari\AppData\Local\fusioncache.dat
[2011/10/30 19:07:55 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/30 19:07:55 | 000,022,328 | ---- | C] () -- C:\Users\Setari\AppData\Roaming\PnkBstrK.sys
[2011/10/30 19:07:35 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/30 19:07:33 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/10/30 19:07:33 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/24 20:17:05 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/11/13 20:34:21 | 000,000,066 | ---- | C] () -- C:\Windows\disney.ini
[2010/10/21 22:39:26 | 000,055,792 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/10/21 22:39:26 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/21 18:03:26 | 000,000,078 | ---- | C] () -- C:\Windows\wiso.ini
[2010/09/15 05:27:49 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/09/15 05:27:49 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/09/15 05:27:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/09/15 05:27:49 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/09/15 05:27:49 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/15 05:27:49 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/15 05:27:49 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/09/15 05:27:48 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/09/15 05:14:49 | 000,707,704 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/09/15 05:14:49 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/09/15 05:14:49 | 000,153,190 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/09/15 05:14:49 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012/05/14 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2011/04/27 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Atari
[2010/10/21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Buhl
[2012/01/16 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\elsterformular
[2011/11/20 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Imaxel
[2011/04/24 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Leadertech
[2010/10/21 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Phase6
[2010/10/21 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\TeamViewer
[2010/10/21 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Thunderbird
[2011/09/24 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WinBatch
[2010/10/21 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WindSolutions
[2012/01/18 16:55:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/03 11:50:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Adobe
[2012/05/14 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2011/04/27 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Atari
[2010/10/21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Buhl
[2012/01/16 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\elsterformular
[2011/09/24 18:44:52 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Hewlett-Packard
[2012/05/03 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\hpqLog
[2010/10/21 11:31:17 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Identities
[2011/11/20 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Imaxel
[2011/04/24 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Leadertech
[2010/10/21 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Macromedia
[2012/05/14 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Media Center Programs
[2011/08/03 18:54:46 | 000,000,000 | --SD | M] -- C:\Users\Setari\AppData\Roaming\Microsoft
[2010/10/21 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Mozilla
[2010/10/21 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Phase6
[2010/10/21 18:29:58 | 000,000,000 | RH-D | M] -- C:\Users\Setari\AppData\Roaming\SecuROM
[2010/10/21 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\TeamViewer
[2010/10/21 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Thunderbird
[2011/09/24 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WinBatch
[2010/10/21 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/09/15 05:27:24 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010/09/15 05:27:24 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/09/15 05:27:24 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010/09/15 05:27:24 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 801 bytes -> C:\Users\Setari\locked-Personalfragebogen.eml.avrw:OECustomProperty

< End of report >
         
--- --- ---

[/code]

Was mir noch aufgefallen ist, ich glaube windows live mail ist verschwunden. kann man das noch retten?

Alt 15.05.2012, 18:15   #12
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



hier der otl log.

was mir noch aufgefallen ist; das email program windows live mail ist weg - kann man das wiederherstellen?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/15/2012 6:24:43 PM - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Setari\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.89% Memory free
5.93 Gb Paging File | 5.07 Gb Available in Paging File | 85.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.86 Gb Total Space | 397.40 Gb Free Space | 87.18% Space Free | Partition Type: NTFS
Drive D: | 9.80 Gb Total Space | 1.18 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
Drive E: | 7.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF1.02
Drive G: | 7.53 Gb Total Space | 0.66 Gb Free Space | 8.78% Space Free | Partition Type: FAT32
 
Computer Name: SETARI-HP | User Name: Setari | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/15 14:04:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/02/11 19:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/08/25 04:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2009/05/09 01:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/09 01:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/30 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/10/16 12:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 12:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 12:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/02 23:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
MOD - [2008/02/22 10:22:32 | 000,055,792 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/14 14:15:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/04/04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/26 15:15:45 | 000,022,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/02/26 11:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/07/14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/07/31 13:13:18 | 000,082,048 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OxPPort.sys -- (OxPPort)
DRV - [2008/02/22 10:22:52 | 000,009,168 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2008/02/22 10:22:38 | 000,094,384 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2008/02/22 10:22:38 | 000,034,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2008/02/22 10:22:36 | 000,097,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2008/02/22 10:22:36 | 000,026,032 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2008/02/22 10:22:34 | 000,032,208 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2008/02/22 10:22:34 | 000,014,256 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2008/02/22 10:22:32 | 000,104,240 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {43DB6CC5-647F-44C2-909C-377D1057BA8C}
IE - HKLM\..\SearchScopes\{32A14230-3B47-4D55-9695-F7AA5DBC8E67}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{43DB6CC5-647F-44C2-909C-377D1057BA8C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes,DefaultScope = {43DB6CC5-647F-44C2-909C-377D1057BA8C}
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes\{32A14230-3B47-4D55-9695-F7AA5DBC8E67}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\SearchScopes\{43DB6CC5-647F-44C2-909C-377D1057BA8C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-627805222-3500879786-540079800-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/05/14 22:32:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/14 14:15:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/14 14:15:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/09 16:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/10/21 17:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Extensions
[2010/10/21 17:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/15 18:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setari\AppData\Roaming\mozilla\Firefox\Profiles\eof36ric.default\extensions
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-1.xml.szne
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-10.xml.ijnx
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-11.xml.bgvr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-12.xml.xotb
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-13.xml.nkot
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-14.xml.pkmf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-15.xml.kmft
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-16.xml.mwpc
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-17.xml.nmwp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-18.xml.cyyo
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-19.xml.cfcf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-2.xml.ftih
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-20.xml.mdxs
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-21.xml.qyfq
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-3.xml.fcwn
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-4.xml.yftd
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-5.xml.yywp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-6.xml.eavr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-7.xml.fpeg
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-8.xml.xjnh
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-9.xml.fcnq
[2012/05/03 18:04:45 | 000,000,962 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin.xml.yykm
[2012/05/14 14:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/14 22:32:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/05/14 14:15:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 14:15:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/14 14:15:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/14 14:15:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/14 14:15:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/14 14:15:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/14 14:15:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-627805222-3500879786-540079800-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31543A93-69F3-4A0F-BCB1-824256E1F042}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/17 10:45:10 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF1.02 ]
O32 - AutoRun File - [2008/07/29 12:38:20 | 000,000,081 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - E:\AutoRunCD.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2010/08/19 13:37:50 | 000,000,192 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/15 18:21:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
[2012/05/14 22:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/05/14 22:45:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/14 22:33:47 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/05/14 22:32:33 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/05/14 16:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/14 16:07:50 | 000,000,000 | ---D | C] -- C:\Users\Setari\AppData\Roaming\Malwarebytes
[2012/05/14 16:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/14 14:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/14 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 17:53:24 | 000,000,000 | ---D | C] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2012/05/03 16:08:09 | 000,000,000 | R--D | C] -- C:\Users\Setari\Documents\Scanned Documents
[2012/05/03 16:08:09 | 000,000,000 | ---D | C] -- C:\Users\Setari\Documents\Fax
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/15 18:25:49 | 000,707,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/05/15 18:25:49 | 000,661,300 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/15 18:25:49 | 000,153,190 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/05/15 18:25:49 | 000,125,386 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/15 18:23:05 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 18:23:05 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 18:15:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/15 18:15:19 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 14:04:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Setari\Desktop\OTL.exe
[2012/05/14 22:57:56 | 000,354,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/14 22:32:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/05/03 18:05:05 | 000,540,874 | ---- | M] () -- C:\Users\Setari\locked-Personalfragebogen.eml.avrw
[2012/04/30 10:40:49 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSetari.job
 
========== Files Created - No Company Name ==========
 
[2012/05/14 14:15:37 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/20 18:10:55 | 000,000,094 | ---- | C] () -- C:\Users\Setari\AppData\Local\fusioncache.dat
[2011/10/30 19:07:55 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/10/30 19:07:55 | 000,022,328 | ---- | C] () -- C:\Users\Setari\AppData\Roaming\PnkBstrK.sys
[2011/10/30 19:07:35 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/10/30 19:07:33 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/10/30 19:07:33 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/04/24 20:17:05 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/11/13 20:34:21 | 000,000,066 | ---- | C] () -- C:\Windows\disney.ini
[2010/10/21 22:39:26 | 000,055,792 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2010/10/21 22:39:26 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/21 18:03:26 | 000,000,078 | ---- | C] () -- C:\Windows\wiso.ini
[2010/09/15 05:27:49 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/09/15 05:27:49 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/09/15 05:27:49 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/09/15 05:27:49 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/09/15 05:27:49 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/09/15 05:27:49 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/15 05:27:49 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/09/15 05:27:48 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/09/15 05:14:49 | 000,707,704 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/09/15 05:14:49 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/09/15 05:14:49 | 000,153,190 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/09/15 05:14:49 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012/05/14 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2011/04/27 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Atari
[2010/10/21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Buhl
[2012/01/16 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\elsterformular
[2011/11/20 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Imaxel
[2011/04/24 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Leadertech
[2010/10/21 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Phase6
[2010/10/21 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\TeamViewer
[2010/10/21 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Thunderbird
[2011/09/24 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WinBatch
[2010/10/21 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WindSolutions
[2012/01/18 16:55:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/03 11:50:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Adobe
[2012/05/14 16:40:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Algauerpvlg
[2011/04/27 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Atari
[2010/10/21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Buhl
[2012/01/16 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\elsterformular
[2011/09/24 18:44:52 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Hewlett-Packard
[2012/05/03 18:02:55 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\hpqLog
[2010/10/21 11:31:17 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Identities
[2011/11/20 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Imaxel
[2011/04/24 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Leadertech
[2010/10/21 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Macromedia
[2012/05/14 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Malwarebytes
[2009/07/14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Media Center Programs
[2011/08/03 18:54:46 | 000,000,000 | --SD | M] -- C:\Users\Setari\AppData\Roaming\Microsoft
[2010/10/21 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Mozilla
[2010/10/21 18:30:24 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Phase6
[2010/10/21 18:29:58 | 000,000,000 | RH-D | M] -- C:\Users\Setari\AppData\Roaming\SecuROM
[2010/10/21 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\TeamViewer
[2010/10/21 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\Thunderbird
[2011/09/24 18:46:42 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WinBatch
[2010/10/21 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\Setari\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/09/15 05:27:24 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010/09/15 05:27:24 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/09/15 05:27:24 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010/09/15 05:27:24 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/09/15 05:23:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 801 bytes -> C:\Users\Setari\locked-Personalfragebogen.eml.avrw:OECustomProperty

< End of report >
         
--- --- ---


was ich gerade sehe, alle erstellten dateien können nicht mehr aufgerufen werden und sind mit dem zusatz "locked-" versehen.

was kann man da machen?

auch alle bilder, etc. alle mit dem zusatz "locked-" versehen und können nicht geöffnet!

Bitte um Hilfe.

Alt 16.05.2012, 12:13   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Zitat:
was mir noch aufgefallen ist; das email program windows live mail ist weg - kann man das wiederherstellen?
Kann ich nicht nachvollziehen. Warum Windows Live nicht einfach nochmal neu nachinstallieren?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - user.js - File not found
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-1.xml.szne
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-10.xml.ijnx
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-11.xml.bgvr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-12.xml.xotb
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-13.xml.nkot
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-14.xml.pkmf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-15.xml.kmft
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-16.xml.mwpc
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-17.xml.nmwp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-18.xml.cyyo
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-19.xml.cfcf
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-2.xml.ftih
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-20.xml.mdxs
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-21.xml.qyfq
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-3.xml.fcwn
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-4.xml.yftd
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-5.xml.yywp
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-6.xml.eavr
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-7.xml.fpeg
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-8.xml.xjnh
[2012/05/03 18:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-9.xml.fcnq
[2012/05/03 18:04:45 | 000,000,962 | ---- | M] () -- C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin.xml.yykm
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-627805222-3500879786-540079800-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/17 10:45:10 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF1.02 ]
O32 - AutoRun File - [2008/07/29 12:38:20 | 000,000,081 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ]
O32 - AutoRun File - [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - E:\AutoRunCD.exe -- [ UDF1.02 ]
O32 - AutoRun File - [2010/08/19 13:37:50 | 000,000,192 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- [2008/08/10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2012, 12:44   #14
PatZel
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



OTL läuft gerade durch.......

Jetzt fertig! Bekomme die Info, dass der Rechner durch drücken von "OK" neu gestartet wird. Soll ich das tun?

So, ist durch und ich habe OK gedrückt.

Keine Fehlermeldung, aber die Daten sind immer noch "locked-".

Gruß,
Patric

Ah jetzt.

OTL geöffnet und logfile stand da:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-1.xml.szne moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-10.xml.ijnx moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-11.xml.bgvr moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-12.xml.xotb moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-13.xml.nkot moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-14.xml.pkmf moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-15.xml.kmft moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-16.xml.mwpc moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-17.xml.nmwp moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-18.xml.cyyo moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-19.xml.cfcf moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-2.xml.ftih moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-20.xml.mdxs moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-21.xml.qyfq moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-3.xml.fcwn moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-4.xml.yftd moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-5.xml.yywp moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-6.xml.eavr moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-7.xml.fpeg moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-8.xml.xjnh moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin-9.xml.fcnq moved successfully.
C:\Users\Setari\AppData\Roaming\Mozilla\Firefox\Profiles\eof36ric.default\searchplugins\locked-icqplugin.xml.yykm moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-627805222-3500879786-540079800-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\Setari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunCD.exe scheduled to be moved on reboot.
G:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c604c386-c080-11df-8667-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c604c386-c080-11df-8667-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c604c386-c080-11df-8667-806e6f6e6963}\ not found.
File move failed. E:\AutoRunCD.exe scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Setari
->Temp folder emptied: 2100280082 bytes
->Temporary Internet Files folder emptied: 56739456 bytes
->Java cache emptied: 1169765 bytes
->FireFox cache emptied: 86224786 bytes
->Flash cache emptied: 125340 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92789482 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,229.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Setari
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.0 log created on 05162012_134140

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunCD.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Gruß

Alt 16.05.2012, 13:46   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Standard

PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash



Zitat:
Keine Fehlermeldung, aber die Daten sind immer noch "locked-".
Ja was auch sonst? Steht hier irgendwo ein Hinweis, dass man mit OTL Daten entschlüsselt?
Zum Entschlüsseln gibt es hier schon auf der TB-Startseite genügend Hinweise. Es kann sein, dass das Entschlüsseln nicht sofort oder garnicht klappt, einfach Geduld mitbringen - und in Zukunft rechtzeitig an Backups denken, denn wer keine Backups macht hat es selbst versäumt


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash
32bit, codes, eingabe, infiziert, manager, microsoft, mutter, normale, normalen, rechner, start, start von windows, task manager, ukash, update, willkommen, windows, windows update, windows-verschlüsselungs-trojaner, zahlen




Ähnliche Themen: PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash


  1. Windows Verschlüsselungs Trojaner - 100 Eur Ukash + Paysafecard
    Log-Analyse und Auswertung - 30.08.2012 (5)
  2. Windows Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 29.06.2012 (5)
  3. Mit Windows-Verschlüsselungs-Trojaner infiziert.
    Log-Analyse und Auswertung - 19.06.2012 (0)
  4. PC mit Windows Verschlüsselungs-Trojaner infiziert - was tun?
    Plagegeister aller Art und deren Bekämpfung - 14.06.2012 (1)
  5. Windows-Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. PC infiziert mit Windows-Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (13)
  7. Windows Verschlüsselungs Trojaner infiziert!
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (31)
  8. Infiziert mit Windows-Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (6)
  9. Ukash 100€ Trojaner Windows XP SP3 PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (47)
  10. NOTEBOOK INFIZIERT MIT Verschlüsselungs-Trojaner - Windows Update/Ukash
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  11. Infiziert mit Windows-Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  12. Verschlüsselungs-Trojaner - Windows Update/Ukash
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (1)
  13. Sie haben sich mit einem Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash
    Log-Analyse und Auswertung - 04.05.2012 (9)
  14. mit Windows Verschlüsselungs Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (13)
  15. PC mit einem Windows-Verschlüsselungs-Trojaner infiziert ist.
    Mülltonne - 27.04.2012 (2)
  16. Sie haben sich mit einem Windows-Verschlüsselungs-Trojaner infiziert uKash
    Log-Analyse und Auswertung - 27.04.2012 (1)
  17. mit einem Windows-Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 27.04.2012 (16)

Zum Thema PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash - Hallo. Sitze hier vor dem Rechner meiner Mutter, und sehe nach dem normalen Start von Windows (W7 pro - 32bit) - nur den Bilderschirm "willkommen bei microsoft windows update" und - PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash...
Archiv
Du betrachtest: PC mit Windows-Verschlüsselungs-Trojaner infiziert 50€ uKash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.