Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: verschlüsselungs trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.06.2012, 12:20   #1
FloTho
 
verschlüsselungs trojaner - Standard

verschlüsselungs trojaner



Hallo

ich versuche es mit einem eigenen Thema. Ich bin neu hier und habe auch garnicht so soviel erfahrung damit.

Mein Problem:

Ich habe eine E-Mail geöffnet und habe mir wohl diesen neuen Trojaner eingefangen.
Ich habe gestern und heute schon einiges gelesen, aber erlich gesagt habe ich garkein durchblick mehr, deshalb versuche ich das jetzt und hoffe das mir jemand helfen kann das richtig hier reinzustellen.
Allso bitte nicht böse sein wenn was fehlt, sagt mir was noch benötigt wird und evtl. wie ich das machen kann, versuche es dann so schnell wie möglich zu machen.

Mein Leptop hat Microsoft Windows 7 Home Premium --- Systemtyp:x64-basierter PC

Mein Problem: Nach "wohl" geöffneter E-Mail kam ein Hinweis das ich ein Update kaufen muss für 100,-€ den ich über ein Code eingeben soll.
Dannach soll die Verschlüsselung wirder entschlüsselt werden. Das habe ich nicht getan. PC geht wieder habe auch mit MC Afee mein PC noch mal prüfen lassen da kam raus das 6 Trojaner auf meinem PC sind. Alle meine Datein (Foto, Word, Exel.......) haben ihren ursprünglichen Namen bzw. bezeichnung nicht mehr, jetzt z. bsp. "olVdAqjQtpLonEuvQJ"

So was ist der nächste bzw. der Erste schritt??

danke schonmal im Voraus

So ich bin gerade dabei die Punkte aus "Für alle Hilfesuchenden!" abzuarbeiten.

Das Defogger kann ich nicht öffnen bzw. speichern was nun???

So hier ist der erste teil
OTL Logfile:
Code:
ATTFilter
otl logfile created on: 05.06.2012 13:37:08 - run 1
otl by oldtimer - version 3.2.46.1     folder = c:\users\***\downloads
64bit- home premium edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
3,86 gb total physical memory | 1,57 gb available physical memory | 40,61% memory free
7,73 gb paging file | 4,57 gb available in paging file | 59,15% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files (x86)
drive c: | 452,48 gb total space | 372,29 gb free space | 82,28% space free | partition type: Ntfs
drive d: | 270,88 mb total space | 0,00 mb free space | 0,00% space free | partition type: Udf
 
computer name: ***-pc | user name: *** | logged in as administrator.
Boot mode: Normal | scan mode: Current user | quick scan | include 64bit scans
company name whitelist: On | skip microsoft files: On | no company name whitelist: On | file age = 30 days
 
========== processes (safelist) ==========
 
prc - [2012.06.05 13:30:26 | 000,596,480 | ---- | m] (oldtimer tools) -- c:\users\***\downloads\otl.exe
prc - [2012.04.04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
prc - [2012.04.04 15:56:38 | 000,981,680 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbam.exe
prc - [2012.04.04 15:56:38 | 000,462,408 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe
prc - [2012.03.07 01:15:17 | 004,241,512 | ---- | m] (avast software) -- c:\programme\avast software\avast\avastui.exe
prc - [2012.03.07 01:15:14 | 000,044,768 | ---- | m] (avast software) -- c:\programme\avast software\avast\avastsvc.exe
prc - [2012.02.24 18:24:11 | 000,307,824 | ---- | m] (google inc.) -- c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe
prc - [2012.02.13 21:19:20 | 000,240,408 | ---- | m] (microsoft corporation.) -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\seaport.exe
prc - [2012.01.23 06:43:08 | 000,247,728 | ---- | m] (tomtom) -- c:\program files (x86)\tomtom home 2\tomtomhomerunner.exe
prc - [2012.01.23 06:43:08 | 000,092,592 | ---- | m] (tomtom) -- c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe
prc - [2011.11.25 15:35:01 | 000,247,968 | ---- | m] (adobe systems, inc.) -- c:\windows\syswow64\macromed\flash\flashutil11e_activex.exe
prc - [2011.11.14 13:02:04 | 000,435,672 | ---- | m] (tomtom) -- c:\program files (x86)\mytomtom 3\mytomtomsa.exe
prc - [2011.09.01 21:52:37 | 000,347,008 | ---- | m] (easybits software as) -- c:\programdata\gamexn\gamexngo.exe
prc - [2011.01.30 17:13:14 | 000,253,952 | ---- | m] (huawei technologies co., ltd.) -- c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe
prc - [2010.05.28 16:29:26 | 002,650,112 | ---- | m] (data becker gmbh & co kg) -- c:\program files (x86)\common files\data becker shared\dbservice.exe
prc - [2010.04.08 22:18:40 | 000,908,368 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\lmanager.exe
prc - [2010.04.08 22:18:40 | 000,312,400 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\dsiwmis.exe
prc - [2010.04.08 22:18:40 | 000,298,064 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\lmworker.exe
prc - [2010.03.09 01:58:24 | 000,250,368 | ---- | m] (newtech infosystems, inc.) -- c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe
prc - [2010.03.09 01:56:38 | 000,260,608 | ---- | m] (newtech infosystems, inc.) -- c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe
prc - [2010.03.03 14:42:02 | 002,320,920 | ---- | m] (intel corporation) -- c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
prc - [2010.03.03 14:41:58 | 000,268,824 | ---- | m] (intel corporation) -- c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
prc - [2010.02.01 20:05:02 | 000,349,552 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec mywinlocker\x86\mwldaemon.exe
prc - [2010.02.01 20:04:40 | 000,305,520 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe
prc - [2010.01.29 01:27:36 | 000,243,232 | ---- | m] (acer group) -- c:\programme\acer\acer updater\updaterservice.exe
prc - [2010.01.08 15:21:22 | 000,023,584 | ---- | m] (acer incorporated) -- c:\program files (x86)\acer\registration\gregsvc.exe
prc - [2009.12.31 15:13:52 | 000,110,592 | ---- | m] (huawei technologies co., ltd.) -- c:\users\florence\appdata\roaming\t-mobile internet manager\ouc.exe
prc - [2009.12.25 03:45:16 | 000,401,192 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec ips\pmmupdate.exe
prc - [2009.12.25 03:44:48 | 000,201,512 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec ips\egisupdate.exe
prc - [2009.10.14 13:36:56 | 002,793,304 | ---- | m] () -- c:\programme\logitech\logitech webcam software\lws.exe
prc - [2009.10.14 13:34:18 | 000,560,472 | ---- | m] () -- c:\program files (x86)\common files\logishrd\lqcvfx\cocimanager.exe
prc - [2009.10.07 01:47:22 | 000,125,464 | ---- | m] (logitech inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\lvprs64h.exe
 
 
========== modules (no company name) ==========
 
mod - [2011.11.14 13:02:08 | 000,202,712 | ---- | m] () -- c:\program files (x86)\mytomtom 3\tomtomsupporterproxy.dll
mod - [2011.11.14 13:02:06 | 000,063,960 | ---- | m] () -- c:\program files (x86)\mytomtom 3\tomtomsupporterbase.dll
mod - [2011.11.14 13:01:52 | 007,964,160 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtgui4.dll
mod - [2011.11.14 13:01:52 | 002,302,464 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtcore4.dll
mod - [2011.11.14 13:01:52 | 000,980,480 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtnetwork4.dll
mod - [2011.11.14 13:01:52 | 000,357,888 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtxml4.dll
mod - [2010.03.09 02:18:10 | 000,465,576 | ---- | m] () -- c:\program files (x86)\newtech infosystems\acer backup manager\sqlite3.dll
mod - [2009.10.14 13:36:56 | 002,793,304 | ---- | m] () -- c:\programme\logitech\logitech webcam software\lws.exe
mod - [2009.10.14 13:34:18 | 000,560,472 | ---- | m] () -- c:\program files (x86)\common files\logishrd\lqcvfx\cocimanager.exe
mod - [2009.05.21 00:02:04 | 000,072,200 | ---- | m] () -- c:\program files (x86)\launch manager\cddirio.dll
 
 
========== win32 services (safelist) ==========
 
srv:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | m] (mcafee, inc.) [auto | running] -- c:\windows\sysnative\mfevtps.exe -- (mfevtp)
srv:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | m] () [auto | running] -- c:\program files\common files\mcafee\systemcore\\mfefire.exe -- (mfefire)
srv:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | m] () [auto | running] -- c:\program files\common files\mcafee\systemcore\\mcshield.exe -- (mcshield)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (msk80service)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcproxy)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcnasvc)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcnaiann)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcmscsvc)
srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcmpfsvc)
srv:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\sysnative\mcx2svc.dll -- (mcx2svc)
srv:64bit: - [2010.01.22 19:01:12 | 000,202,752 | ---- | m] (amd) [auto | running] -- c:\windows\sysnative\atiesrxx.exe -- (amd external events utility)
srv:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\sysnative\mprdim.dll -- (remoteaccess)
srv - [2012.04.04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) [auto | running] -- c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe -- (mbamservice)
srv - [2012.03.22 19:30:56 | 000,502,032 | ---- | m] (mcafee, inc.) [on_demand | stopped] -- c:\programme\mcafee\virusscan\mcods.exe -- (mcods)
srv - [2012.03.07 01:15:14 | 000,044,768 | ---- | m] (avast software) [auto | running] -- c:\programme\avast software\avast\avastsvc.exe -- (avast! Antivirus)
srv - [2012.02.29 08:50:48 | 000,158,856 | r--- | m] (skype technologies) [auto | stopped] -- c:\program files (x86)\skype\updater\updater.exe -- (skypeupdate)
srv - [2012.02.13 21:19:20 | 000,240,408 | ---- | m] (microsoft corporation.) [on_demand | running] -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\seaport.exe -- (bbupdate)
srv - [2012.02.13 21:19:20 | 000,193,816 | ---- | m] (microsoft corporation.) [auto | stopped] -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\bbsvc.exe -- (bbsvc)
srv - [2012.01.23 06:43:08 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice)
srv - [2011.02.11 18:43:56 | 000,240,112 | ---- | m] (cyberlink) [auto | stopped] -- c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe -- (clkmsvc10_9ec60124)
srv - [2010.05.28 16:29:26 | 002,650,112 | ---- | m] (data becker gmbh & co kg) [auto | running] -- c:\program files (x86)\common files\data becker shared\dbservice.exe -- (dbservice)
srv - [2010.04.23 10:46:22 | 000,867,360 | ---- | m] (acer incorporated) [auto | running] -- c:\programme\acer\acer epower management\epowersvc.exe -- (epowersvc)
srv - [2010.04.08 22:18:40 | 000,312,400 | ---- | m] (dritek system inc.) [auto | running] -- c:\program files (x86)\launch manager\dsiwmis.exe -- (dsiwmiservice)
srv - [2010.03.18 14:16:28 | 000,130,384 | ---- | m] (microsoft corporation) [auto | stopped] -- c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
srv - [2010.03.09 01:58:24 | 000,250,368 | ---- | m] (newtech infosystems, inc.) [auto | running] -- c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe -- (nti ischedulesvc)
srv - [2010.03.03 14:42:02 | 002,320,920 | ---- | m] (intel corporation) [auto | running] -- c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe -- (uns) intel(r)
srv - [2010.03.03 14:41:58 | 000,268,824 | ---- | m] (intel corporation) [auto | running] -- c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe -- (lms) intel(r)
srv - [2010.02.01 20:04:40 | 000,305,520 | ---- | m] (egis technology inc.) [auto | running] -- c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe -- (mwlservice)
srv - [2010.01.29 01:27:36 | 000,243,232 | ---- | m] (acer group) [auto | running] -- c:\programme\acer\acer updater\updaterservice.exe -- (updater service)
srv - [2010.01.09 22:34:24 | 004,925,184 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\programme\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe -- (osppsvc)
srv - [2010.01.08 15:21:22 | 000,023,584 | ---- | m] (acer incorporated) [auto | running] -- c:\program files (x86)\acer\registration\gregsvc.exe -- (gregservice)
srv - [2009.10.07 01:47:10 | 000,191,000 | ---- | m] (logitech inc.) [auto | running] -- c:\programme\common files\logishrd\lvmvfm\lvprcsrv.exe -- (lvprcs64)
srv - [2009.07.14 03:15:41 | 000,075,264 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\syswow64\mprdim.dll -- (remoteaccess)
srv - [2009.06.10 23:23:09 | 000,066,384 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
srv - [2009.06.10 22:39:58 | 000,089,920 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== driver services (safelist) ==========
 
drv:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | m] (malwarebytes corporation) [file_system | on_demand | running] -- c:\windows\sysnative\drivers\mbam.sys -- (mbamprotector)
drv:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | m] (avast software) [file_system | system | stopped] -- c:\windows\sysnative\drivers\aswsnx.sys -- (aswsnx)
drv:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\sysnative\drivers\aswsp.sys -- (aswsp)
drv:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | m] (avast software) [kernel | system | unknown] -- c:\windows\sysnative\drivers\aswrdr2.sys -- (aswrdr)
drv:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\sysnative\drivers\aswtdi.sys -- (aswtdi)
drv:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\sysnative\drivers\aswmonflt.sys -- (aswmonflt)
drv:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\sysnative\drivers\aswfsblk.sys -- (aswfsblk)
drv:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | m] (microsoft corporation) [recognizer | boot | unknown] -- c:\windows\sysnative\drivers\fs_rec.sys -- (fs_rec)
drv:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | m] (mcafee, inc.) [kernel | boot | running] -- c:\windows\sysnative\drivers\mfehidk.sys -- (mfehidk)
drv:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfefirek.sys -- (mfefirek)
drv:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | m] (mcafee, inc.) [kernel | boot | running] -- c:\windows\sysnative\drivers\mfewfpk.sys -- (mfewfpk)
drv:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfeavfk.sys -- (mfeavfk)
drv:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfeapfk.sys -- (mfeapfk)
drv:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\mferkdet.sys -- (mferkdet)
drv:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | m] (mcafee, inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mfenlfk.sys -- (mfenlfk)
drv:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\cfwids.sys -- (cfwids)
drv:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\point64.sys -- (point64)
drv:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | m] (advanced micro devices) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amdsata.sys -- (amdsata)
drv:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | m] (advanced micro devices) [kernel | boot | running] -- c:\windows\sysnative\drivers\amdxata.sys -- (amdxata)
drv:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | m] (hewlett-packard company) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\hpsamd.sys -- (hpsamd)
drv:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\tsusbflt.sys -- (tsusbflt)
drv:64bit: - [2010.04.02 02:18:30 | 003,060,800 | ---- | m] (broadcom corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\bcmwl664.sys -- (bcm43xx)
drv:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | m] (intel corporation) [kernel | boot | running] -- c:\windows\sysnative\drivers\iastor.sys -- (iastor)
drv:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | m] (protect software gmbh) [kernel | auto | running] -- c:\windows\sysnative\drivers\acedrv11.sys -- (acedrv11)
drv:64bit: - [2010.01.22 19:13:24 | 006,233,088 | ---- | m] (ati technologies inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atipmdag.sys -- (amdkmdag)
drv:64bit: - [2010.01.22 18:07:56 | 000,161,280 | ---- | m] (advanced micro devices, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atikmpag.sys -- (amdkmdap)
drv:64bit: - [2009.12.02 04:21:32 | 000,040,448 | ---- | m] (alcor micro, corp.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amustor.sys -- (amustor)
drv:64bit: - [2009.10.22 06:55:06 | 000,272,432 | ---- | m] (alps electric co., ltd.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\apfiltr.sys -- (apfiltrservice)
drv:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | m] (broadcom corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\k57nd60a.sys -- (k57nd60a) broadcom netlink (tm)
drv:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | m] (huawei technologies co., ltd.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\ewusbdev.sys -- (hwusbdev)
drv:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | m] (logitech inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvuvc64.sys -- (lvuvc64) logitech quickcam e3500(uvc)
drv:64bit: - [2009.10.07 08:47:46 | 000,327,704 | ---- | m] (logitech inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvrs64.sys -- (lvrs64)
drv:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | m] () [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvpr2m64.sys -- (lvpr2mon)
drv:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | m] () [kernel | on_demand | running] -- c:\windows\sysnative\drivers\lvpr2m64.sys -- (lvpr2m64)
drv:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | m] (ati technologies, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atihdmi.sys -- (atihdmiservice)
drv:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | m] (intel corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\hecix64.sys -- (hecix64) intel(r)
drv:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | m] (huawei technologies co., ltd.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\ewusbmdm.sys -- (hwdatacard)
drv:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | m] (amd technologies inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amdsbs.sys -- (amdsbs)
drv:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | m] (lsi corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lsi_sas2.sys -- (lsi_sas2)
drv:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | m] (microsoft corporation) [kernel | disabled | stopped] -- c:\windows\sysnative\drivers\crcdisk.sys -- (crcdisk)
drv:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | m] (promise technology) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\stexstor.sys -- (stexstor)
drv:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | m] (microsoft corporation) [kernel | disabled | stopped] -- c:\windows\sysnative\drivers\ws2ifsl.sys -- (ws2ifsl)
drv:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | m] (microsoft corporation) [file_system | disabled | stopped] -- c:\windows\sysnative\drivers\cdfs.sys -- (cdfs)
drv:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | m] (atheros communications, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\l1e62x64.sys -- (l1e) ndis miniport driver for atheros ar8121/ar8113/ar8114 pci-e ethernet controller(ndis6.20)
drv:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | m] (intel corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\igdkmd64.sys -- (igfx)
drv:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\evbda.sys -- (ebdrv)
drv:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\bxvbda.sys -- (b06bdrv)
drv:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a)
drv:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | m] (hauppauge computer works, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir)
drv:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | m] (egis technology inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mwlpsdvdisk.sys -- (mwlpsdvdisk)
drv:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | m] (egis technology inc.) [file_system | system | running] -- c:\windows\sysnative\drivers\mwlpsdfilter.sys -- (mwlpsdfilter)
drv:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | m] (egis technology inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mwlpsdnserv.sys -- (mwlpsdnserv)
drv:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | m] (newtech infosystems, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\ntidrvr.sys -- (ntidrvr)
drv:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | m] (newtech infosystems corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\ubhelper.sys -- (ubhelper)
drv:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64modem.sys -- (usbmodem)
drv:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64diag.sys -- (usbdiag)
drv:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64bus.sys -- (usbbus)
drv - [2010.01.22 18:31:36 | 000,146,928 | ---- | m] (cyberlink corp.) [2010/09/10 02:02:59] [kernel | auto | running] -- c:\program files (x86)\cyberlink\powerdvd9\000.fcl -- ({b154377d-700f-42cc-9474-23858fbdf4bd})
drv - [2009.07.14 03:19:10 | 000,019,008 | ---- | m] (microsoft corporation) [file_system | on_demand | stopped] -- c:\windows\syswow64\drivers\wimmount.sys -- (wimmount)
 
 
========== standard registry (safelist) ==========
 
 
========== internet explorer ==========
 
ie:64bit: - hklm\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o
ie:64bit: - hklm\software\microsoft\internet explorer\main,start page = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o
ie:64bit: - hklm\..\searchscopes,defaultscope = {6a1806cd-94d4-4689-ba73-e35ea1ea9990}
ie:64bit: - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie:64bit: - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hklm\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o
ie - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
ie - hklm\software\microsoft\internet explorer\main,start page = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o
ie - hklm\..\urlsearchhook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.)
ie - hklm\..\urlsearchhook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.)
ie - hklm\..\urlsearchhook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.)
ie - hklm\..\searchscopes,defaultscope = {6a1806cd-94d4-4689-ba73-e35ea1ea9990}
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hklm\..\searchscopes\{67a2568c-7a0a-4eed-aecc-b5405de63b64}: "url" = hxxp://www.google.com/search?sourceid=ie7&q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&rlz=1i7acaw
ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hklm\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2438727
 
ie - hkcu\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o
ie - hkcu\software\microsoft\internet explorer\main,start page = hxxp://www.google.de/
ie - hkcu\..\urlsearchhook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.)
ie - hkcu\..\urlsearchhook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.)
ie - hkcu\..\urlsearchhook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.)
ie - hkcu\..\searchscopes,defaultscope = {0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
ie - hkcu\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src
ie - hkcu\..\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}: "url" = hxxp://search.babylon.com/?q={searchterms}&affid=110819&tt=220311_dflta&babsrc=sp_ss&mntrid=d4e493430000000000005cac4cb09ae7
ie - hkcu\..\searchscopes\{2073646e-939e-44ed-a60a-e33b7b91bb30}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct3196716
ie - hkcu\..\searchscopes\{67a2568c-7a0a-4eed-aecc-b5405de63b64}: "url" = hxxp://www.google.com/search?sourceid=ie7&q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&rlz=1i7acaw_dede410
ie - hkcu\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
========== firefox ==========
 
ff - prefs.js..extensions.enableditems: Mapshare-status@tomtom.com:1.7.1
ff - prefs.js..extensions.enableditems: Basetheme@tomtom.com:1.0.2
ff - user.js - file not found
 
ff:64bit: - hklm\software\mozillaplugins\@mcafee.com/msc,version=10: C:\progra~1\mcafee\msc\npmcsn~1.dll ()
ff:64bit: - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~1\micros~2\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@canon.com/mycameraplugin: C:\program files (x86)\canon\mycamera download plugin\npcig.dll (canon inc.)
ff - hklm\software\mozillaplugins\@google.com/googleearthplugin: C:\program files (x86)\google\google earth\plugin\npgeplugin.dll (google)
ff - hklm\software\mozillaplugins\@mcafee.com/msc,version=10: C:\progra~2\mcafee\msc\npmcsn~1.dll ()
ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: C:\program files (x86)\microsoft silverlight\4.1.10329.0\npctrl.dll ( microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~2\micros~4\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0: C:\progra~2\micros~4\office14\npspwrap.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=14.0.8081.0709: C:\program files (x86)\windows live\photo gallery\npwlpg.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\adobe reader: C:\program files (x86)\adobe\reader 9.0\reader\air\nppdf32.dll (adobe systems inc.)
ff - hkcu\software\mozillaplugins\@protectdisc.com/nppdlicensehelper: C:\users\***\appdata\roaming\protectdisc\license helper v2\nppdlicensehelper.dll ( )
 
ff - hkey_local_machine\software\mozilla\firefox\extensions\\{d19ca586-dd6c-4a0a-96f8-14644f340d60}: C:\program files (x86)\common files\mcafee\systemcore [2012.06.04 16:49:47 | 000,000,000 | ---d | m]
 
[2011.01.28 15:09:19 | 000,000,000 | ---d | m] (no name found) -- c:\users\***\appdata\roaming\mozilla\extensions
[2011.01.28 15:09:19 | 000,000,000 | ---d | m] (no name found) -- c:\users\***e\appdata\roaming\mozilla\extensions\home2@tomtom.com
[2012.03.24 07:39:39 | 000,000,000 | ---d | m] (map status indicator) -- c:\program files (x86)\tomtom home 2\xul\extensions\mapshare-status@tomtom.com
 
========== chrome  ==========
 
chr - plugin: Remoting viewer (enabled) = internal-remoting-viewer
chr - plugin: Native client (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\ppgooglenaclpluginchrome.dll
chr - plugin: Chrome pdf viewer (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\pdf.dll
chr - plugin: Shockwave flash (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\gcswf32.dll
chr - plugin: Skype click to call (enabled) = c:\users\florence\appdata\local\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npskypechromeplugin.dll
chr - plugin: Adobe acrobat (enabled) = c:\program files (x86)\adobe\reader 9.0\reader\browser\nppdf32.dll
chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~4\office14\npauthz.dll
chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~4\office14\npspwrap.dll
chr - plugin: Npcig.dll (enabled) = c:\program files (x86)\canon\mycamera download plugin\npcig.dll
chr - plugin: Google earth plugin (enabled) = c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
chr - plugin: Google update (enabled) = c:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll
chr - plugin: Windows live\u00ae photo gallery (enabled) = c:\program files (x86)\windows live\photo gallery\npwlpg.dll
chr - plugin: Protect disc license acquisition plugin (enabled) = c:\users\***\appdata\roaming\protectdisc\license helper v2\nppdlicensehelper.dll
chr - plugin: Silverlight plug-in (enabled) = c:\program files (x86)\microsoft silverlight\4.1.10329.0\npctrl.dll
chr - plugin: Mcafee securitycenter (enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
chr - extension: Youtube = c:\users\***\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
chr - extension: Google-suche = c:\users\***\appdata\local\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
chr - extension: Dealply = c:\users\***\appdata\local\google\chrome\user data\default\extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
chr - extension: Avast! Webrep = c:\users\***\appdata\local\google\chrome\user data\default\extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
chr - extension: Skype click to call = c:\users\***\appdata\local\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
chr - extension: Google mail = c:\users\***\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
o1 hosts file: ([2009.06.10 23:00:26 | 000,000,824 | ---- | m]) - c:\windows\sysnative\drivers\etc\hosts
o2:64bit: - bho: (mcafee phishing filter) - {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapb~1.dll file not found
o2:64bit: - bho: (avast! Webrep) - {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\programme\avast software\avast\aswwebrepie64.dll (avast software)
o2:64bit: - bho: (scriptproxy) - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\programme\common files\mcafee\systemcore\scriptsn.20120604153406.dll (mcafee, inc.)
o2:64bit: - bho: (google toolbar helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.)
o2:64bit: - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\programme\microsoft office\office14\urlredir.dll (microsoft corporation)
o2 - bho: (mcafee phishing filter) - {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll file not found
o2 - bho: (babylon toolbar helper) - {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\bh\babylontoolbar.dll (babylon bho)
o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - no clsid value found.
O2 - bho: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.)
o2 - bho: (scriptproxy) - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common files\mcafee\systemcore\scriptsn.20120604153406.dll (mcafee, inc.)
o2 - bho: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.)
o2 - bho: (avast! Webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programme\avast software\avast\aswwebrepie.dll (avast software)
o2 - bho: (dealply) - {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files (x86)\dealply\dealplyie.dll (dealply technologies ltd)
o2 - bho: (skype browser helper) - {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.)
o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~4\office14\urlredir.dll (microsoft corporation)
o2 - bho: (bing bar helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\microsoft\bingbar\7.1.362.0\bingext.dll (microsoft corporation.)
o2 - bho: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.)
o3:64bit: - hklm\..\toolbar: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.)
o3:64bit: - hklm\..\toolbar: (avast! Webrep) - {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\programme\avast software\avast\aswwebrepie64.dll (avast software)
o3:64bit: - hklm\..\toolbar: (no name) - locked - no clsid value found.
O3 - hklm\..\toolbar: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.)
o3 - hklm\..\toolbar: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.)
o3 - hklm\..\toolbar: (bing bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\microsoft\bingbar\7.1.362.0\bingext.dll (microsoft corporation.)
o3 - hklm\..\toolbar: (avast! Webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programme\avast software\avast\aswwebrepie.dll (avast software)
o3 - hklm\..\toolbar: (babylon toolbar) - {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\babylontoolbartlbr.dll (babylon ltd.)
o3 - hklm\..\toolbar: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.)
o3 - hklm\..\toolbar: (no name) - locked - no clsid value found.
O3:64bit: - hkcu\..\toolbar\webbrowser: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.)
o3 - hkcu\..\toolbar\webbrowser: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.)
o3 - hkcu\..\toolbar\webbrowser: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.)
o3 - hkcu\..\toolbar\webbrowser: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.)
o4:64bit: - hklm..\run: [acer epower management] c:\programme\acer\acer epower management\epowertray.exe (acer incorporated)
o4:64bit: - hklm..\run: [amicosinglun64] c:\program files (x86)\amicosinglun\amicosinglun64.exe (alcor micro corp.)
o4:64bit: - hklm..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe (microsoft corporation)
o4:64bit: - hklm..\run: [mwldaemon] c:\program files (x86)\egistec mywinlocker\x86\mwldaemon.exe (egis technology inc.)
o4:64bit: - hklm..\run: [rthdvcpl] c:\program files\realtek\audio\hda\ravcpl64.exe (realtek semiconductor)
o4 - hklm..\run: [avast] c:\program files\avast software\avast\avastui.exe (avast software)
o4 - hklm..\run: [backupmanagertray] c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe (newtech infosystems, inc.)
o4 - hklm..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe (huawei technologies co., ltd.)
o4 - hklm..\run: [egistecpmmupdate] c:\program files (x86)\egistec ips\pmmupdate.exe (egis technology inc.)
o4 - hklm..\run: [egisupdate] c:\program files (x86)\egistec ips\egisupdate.exe (egis technology inc.)
o4 - hklm..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe (dritek system inc.)
o4 - hklm..\run: [logitechquickcamribbon] c:\program files\logitech\logitech webcam software\lws.exe ()
o4 - hklm..\run: [malwarebytes' anti-malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation)
o4 - hklm..\run: [mcui_exe] c:\program files\mcafee.com\agent\mcagent.exe (mcafee, inc.)
o4 - hklm..\run: [nortononlinebackupreminder] c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe (symantec corporation)
o4 - hklm..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (advanced micro devices, inc.)
o4 - hklm..\run: [suitetray] c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe (egis technology inc.)
o4 - hkcu..\run: [ea core] "c:\program files (x86)\electronic arts\eadm\core.exe" -silent file not found
o4 - hkcu..\run: [eadm] c:\program files (x86)\origin\origin.exe (electronic arts)
o4 - hkcu..\run: [gamexn] c:\programdata\gamexn\gamexngo.exe (easybits software as)
o4 - hkcu..\run: [gamexn (news)] c:\programdata\gamexn\gamexngo.exe (easybits software as)
o4 - hkcu..\run: [gamexn (update)] c:\programdata\gamexn\gamexngo.exe (easybits software as)
o4 - hkcu..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe (huawei technologies co., ltd.)
o4 - hkcu..\run: [mytomtomsa.exe] c:\program files (x86)\mytomtom 3\mytomtomsa.exe (tomtom)
o4 - hkcu..\run: [tomtomhome.exe] c:\program files (x86)\tomtom home 2\tomtomhomerunner.exe (tomtom)
o4 - hklm..\runonce: [ malwarebytes anti-malware ] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation)
o4 - hklm..\runonce: [ malwarebytes anti-malware  (cleanup)] c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll (malwarebytes corporation)
o6 - hklm\software\policies\microsoft\internet explorer\low rights present
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktop = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktopchanges = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Nocontrolpanel = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o8:64bit: - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~4\office14\onbttnie.dll/105 file not found
o8:64bit: - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~4\office14\excel.exe/3000 file not found
o8 - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~4\office14\onbttnie.dll/105 file not found
o8 - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~4\office14\excel.exe/3000 file not found
o9:64bit: - extra button: An onenote senden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9:64bit: - extra 'tools' menuitem : An onenote s&enden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9:64bit: - extra button: Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o9:64bit: - extra 'tools' menuitem : Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o9 - extra button: Skype click to call - {898ea8c8-e7ff-479b-8935-aec46303b9e5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.)
o9 - extra 'tools' menuitem : Skype click to call - {898ea8c8-e7ff-479b-8935-aec46303b9e5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.)
o1364bit: - gopher prefix: Missing
o13 - gopher prefix: Missing
o16 - dpf: {1c11b948-582a-433f-a98d-a8c4d5cc64f2} hxxp://kitchenplanner.ikea.com/de/core/player/2020playerax_win32.cab (20-20 3d viewer)
o16 - dpf: Microsoft xml parser for java file:///c:/windows/java/classes/xmldso.cab (reg error: Key error.)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.2.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{d1129fa3-1cbd-479e-9f95-653a28b9c0e9}: Dhcpnameserver = 192.168.2.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{ddb23e67-7b03-402c-8be4-ddef15f64ce5}: Dhcpnameserver = 192.168.8.1 194.25.2.129
o18:64bit: - protocol\handler\livecall - no clsid value found
o18:64bit: - protocol\handler\ms-help - no clsid value found
o18:64bit: - protocol\handler\msnim - no clsid value found
o18:64bit: - protocol\handler\skype4com - no clsid value found
o18:64bit: - protocol\handler\skype-ie-addon-data - no clsid value found
o18:64bit: - protocol\handler\wlmailhtml - no clsid value found
o18 - protocol\handler\livecall {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~2\wic4a1~1\messen~1\msgrap~1.dll (microsoft corporation)
o18 - protocol\handler\msnim {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~2\wic4a1~1\messen~1\msgrap~1.dll (microsoft corporation)
o18 - protocol\handler\skype4com {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll (skype technologies)
o18 - protocol\handler\skype-ie-addon-data {91774881-d725-4e58-b298-07617b9b86a8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.)
o18:64bit: - protocol\filter\application/x-mfe-ipt {3ef5086b-5478-4598-a054-786c45d75692} - c:\programme\mcafee\msc\mcsniepl64.dll (mcafee, inc.)
o18:64bit: - protocol\filter\text/xml {807573e5-5146-11d5-a672-00b0d022e945} - c:\programme\common files\microsoft shared\office14\msoxmlmf.dll (microsoft corporation)
o18 - protocol\filter\application/x-mfe-ipt {3ef5086b-5478-4598-a054-786c45d75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (mcafee, inc.)
o20:64bit: - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\sysnative\userinit.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\sysnative\systempropertiesperformance.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Vmapplet - (/pagefile) -  file not found
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\syswow64\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Userinit - (userinit.exe) - c:\windows\syswow64\userinit.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (/pagefile) -  file not found
o21:64bit: - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O32 - hklm cdrom: Autorun - 1
o33 - mountpoints2\{1ae4f8b5-6807-11e0-bd6e-206a8a16016d}\shell - "" = autorun
o33 - mountpoints2\{1ae4f8b5-6807-11e0-bd6e-206a8a16016d}\shell\autorun\command - "" = e:\lgautorun.exe
o33 - mountpoints2\{a222260b-be54-11e0-a6a6-206a8a16016d}\shell - "" = autorun
o33 - mountpoints2\{a222260b-be54-11e0-a6a6-206a8a16016d}\shell\autorun\command - "" = e:\autorun.exe
o33 - mountpoints2\{d1bd3718-2c82-11e0-ba37-5cac4cb09ae7}\shell - "" = autorun
o33 - mountpoints2\{d1bd3718-2c82-11e0-ba37-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe
o33 - mountpoints2\{d1bd3731-2c82-11e0-ba37-5cac4cb09ae7}\shell - "" = autorun
o33 - mountpoints2\{d1bd3731-2c82-11e0-ba37-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe
o33 - mountpoints2\{e332d8bd-bf61-11e0-bb2a-5cac4cb09ae7}\shell - "" = autorun
o33 - mountpoints2\{e332d8bd-bf61-11e0-bb2a-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe
o34 - hklm bootexecute: (autocheck autochk *)
o35:64bit: - hklm\..comfile [open] -- "%1" %*
o35:64bit: - hklm\..exefile [open] -- "%1" %*
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37:64bit: - hklm\...com [@ = comfile] -- "%1" %*
o37:64bit: - hklm\...exe [@ = exefile] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3)
o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2)
o38 - subsystems\\windows: (serverdll=sxssrv,4)
 
========== files/folders - created within 30 days ==========
 
[2012.06.05 12:39:26 | 000,000,000 | ---d | c] -- c:\users\florence\appdata\roaming\malwarebytes
[2012.06.05 12:39:20 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware
[2012.06.05 12:39:10 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes
[2012.06.05 12:39:06 | 000,024,904 | ---- | c] (malwarebytes corporation) -- c:\windows\sysnative\drivers\mbam.sys
[2012.06.05 12:39:06 | 000,000,000 | ---d | c] -- c:\program files (x86)\malwarebytes' anti-malware
[2012.06.05 08:53:40 | 000,337,240 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswsp.sys
[2012.06.05 08:53:40 | 000,024,408 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswfsblk.sys
[2012.06.05 08:53:40 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\avast! Free antivirus
[2012.06.05 08:53:39 | 000,059,224 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswtdi.sys
[2012.06.05 08:53:39 | 000,053,080 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswrdr2.sys
[2012.06.05 08:53:38 | 000,819,032 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswsnx.sys
[2012.06.05 08:53:35 | 000,258,520 | ---- | c] (avast software) -- c:\windows\sysnative\aswboot.exe
[2012.06.05 08:53:35 | 000,069,976 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswmonflt.sys
[2012.06.05 08:52:36 | 000,041,184 | ---- | c] (avast software) -- c:\windows\avastss.scr
[2012.06.05 08:52:33 | 000,201,352 | ---- | c] (avast software) -- c:\windows\syswow64\aswboot.exe
[2012.06.05 08:52:20 | 000,000,000 | ---d | c] -- c:\programdata\avast software
[2012.06.05 08:52:20 | 000,000,000 | ---d | c] -- c:\program files\avast software
[2012.06.05 08:32:58 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\mcafee
[2012.06.04 17:27:25 | 000,000,000 | -h-d | c] -- c:\mywinlockerdata
[2012.06.04 15:07:53 | 000,000,000 | ---d | c] -- c:\windows\sysnative\spreview
[2012.06.04 15:06:09 | 000,000,000 | ---d | c] -- c:\windows\sysnative\eventproviders
[2012.06.03 20:03:09 | 000,000,000 | ---d | c] -- c:\users\***\desktop\neuer ordner
[2012.06.01 18:54:59 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\dealply
[2012.06.01 18:54:54 | 000,000,000 | ---d | c] -- c:\program files (x86)\dealply
[2012.06.01 18:52:40 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\babylontoolbar
[2012.06.01 18:52:36 | 000,000,000 | ---d | c] -- c:\program files (x86)\babylontoolbar
[2012.06.01 18:52:08 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\i want this
[2012.06.01 18:52:02 | 000,000,000 | ---d | c] -- c:\program files (x86)\i want this
[2012.06.01 18:45:36 | 000,000,000 | ---d | c] -- c:\program files (x86)\wiseconvert
[2012.06.01 11:41:28 | 000,000,000 | -hsd | c] -- c:\found.000
[2012.05.28 18:16:06 | 000,000,000 | ---d | c] -- c:\programdata\data becker downloads
[2012.05.28 18:15:55 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\protectdisc
[2012.05.28 18:15:54 | 000,000,000 | ---d | c] -- c:\program files (x86)\protectdisc driver installer
[2012.05.28 18:15:46 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\data becker
[2012.05.28 18:15:41 | 000,000,000 | ---d | c] -- c:\program files (x86)\common files\data becker shared
[2012.05.28 18:15:19 | 000,000,000 | ---d | c] -- c:\program files (x86)\common files\data becker druckereien
[2012.05.28 18:14:02 | 000,000,000 | ---d | c] -- c:\users\***\documents\data becker druckereien
[2012.05.28 18:14:02 | 000,000,000 | ---d | c] -- c:\program files (x86)\data becker
[2012.05.28 16:22:13 | 560,591,248 | ---- | c] (data becker                                                 ) -- c:\users\***\desktop\urkundendruckerei_r1.exe
[2012.05.26 06:37:33 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\sf software
[2012.05.26 06:37:33 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\sf
[2012.05.26 06:33:33 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\sf
[2012.05.26 06:33:24 | 000,000,000 | ---d | c] -- c:\programdata\sf
[2012.05.26 06:33:23 | 000,000,000 | ---d | c] -- c:\program files (x86)\sf
[2012.05.26 06:31:08 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\cre
[2012.05.26 06:29:51 | 000,000,000 | ---d | c] -- c:\program files (x86)\freeware.de
[2012.05.15 09:54:10 | 000,000,000 | ---d | c] -- c:\users\***\desktop\fußball
[2012.05.09 06:52:35 | 000,000,000 | ---d | c] -- c:\users\***\desktop\elternbeirat helmstedt
 
========== files - modified within 30 days ==========
 
[2012.06.05 14:17:02 | 000,001,110 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2012.06.05 12:39:20 | 000,001,113 | ---- | m] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2012.06.05 12:21:41 | 000,000,000 | ---- | m] () -- c:\users\***\defogger_reenable
[2012.06.05 12:15:44 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2012.06.05 08:53:40 | 000,001,845 | ---- | m] () -- c:\users\public\desktop\avast! Free antivirus.lnk
[2012.06.05 08:53:35 | 000,000,000 | ---- | m] () -- c:\windows\syswow64\config.nt
[2012.06.05 08:36:31 | 000,017,376 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2012.06.05 08:36:31 | 000,017,376 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2012.06.05 08:35:01 | 001,613,412 | ---- | m] () -- c:\windows\sysnative\perfstringbackup.ini
[2012.06.05 08:35:01 | 000,697,098 | ---- | m] () -- c:\windows\sysnative\perfh007.dat
[2012.06.05 08:35:01 | 000,652,376 | ---- | m] () -- c:\windows\sysnative\perfh009.dat
[2012.06.05 08:35:01 | 000,148,362 | ---- | m] () -- c:\windows\sysnative\perfc007.dat
[2012.06.05 08:35:01 | 000,121,308 | ---- | m] () -- c:\windows\sysnative\perfc009.dat
[2012.06.05 08:28:28 | 000,001,106 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2012.06.05 08:27:44 | 000,581,928 | ---- | m] () -- c:\windows\sysnative\fntcache.dat
[2012.06.05 08:27:21 | 3111,514,112 | -hs- | m] () -- c:\hiberfil.sys
[2012.06.04 20:31:45 | 000,000,777 | ---- | m] () -- c:\users\***\documents\qxgeqtgefpseuggvu - verknüpfung.lnk
[2012.06.04 20:00:41 | 000,060,321 | ---- | m] () -- c:\users\***\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml
[2012.06.04 09:18:34 | 262,767,926 | ---- | m] () -- c:\windows\memory.dmp
[2012.06.01 18:52:40 | 000,001,539 | ---- | m] () -- c:\user.js
[2012.05.28 18:22:37 | 000,004,096 | ---- | m] () -- c:\users\public\documents\pyenjudyysvatll
[2012.05.28 18:17:48 | 000,002,183 | ---- | m] () -- c:\users\public\desktop\urkunden-druckerei.lnk
[2012.05.28 18:12:59 | 560,591,248 | ---- | m] (data becker                                                 ) -- c:\users\***\desktop\urkundendruckerei_r1.exe
[2012.05.26 06:33:35 | 000,001,953 | ---- | m] () -- c:\users\public\desktop\sf-karte.lnk
[2012.05.14 08:05:02 | 000,327,254 | ---- | m] () -- c:\users\***\pdtdatoequudatge
[2012.05.07 19:07:56 | 000,112,236 | ---- | m] () -- c:\users\***\yglyflxadxtosq
 
========== files created - no company name ==========
 
[2012.06.05 12:39:20 | 000,001,113 | ---- | c] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk
[2012.06.05 12:21:41 | 000,000,000 | ---- | c] () -- c:\users\***\defogger_reenable
[2012.06.05 08:53:40 | 000,001,845 | ---- | c] () -- c:\users\public\desktop\avast! Free antivirus.lnk
[2012.06.05 08:53:35 | 000,000,000 | ---- | c] () -- c:\windows\syswow64\config.nt
[2012.06.04 20:39:29 | 000,000,777 | ---- | c] () -- c:\users\***\documents\qxgeqtgefpseuggvu - verknüpfung.lnk
[2012.06.04 20:00:41 | 000,060,321 | ---- | c] () -- c:\users\***\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml
[2012.06.04 17:30:28 | 000,088,616 | ---- | c] () -- c:\users\***\documents\adugptvtlegnajqvs
[2012.06.01 18:52:31 | 000,001,539 | ---- | c] () -- c:\user.js
[2012.05.28 18:15:46 | 000,002,183 | ---- | c] () -- c:\users\public\desktop\urkunden-druckerei.lnk
[2012.05.28 18:15:19 | 002,089,984 | ---- | c] () -- c:\windows\syswow64\custompic.dll
[2012.05.26 06:33:35 | 000,001,953 | ---- | c] () -- c:\users\public\desktop\sf-karte.lnk
[2011.12.08 12:19:03 | 001,591,306 | ---- | c] () -- c:\windows\syswow64\perfstringbackup.ini
[2011.09.22 06:38:47 | 000,006,656 | ---- | c] () -- c:\users\***\appdata\local\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini
[2011.08.15 10:38:05 | 000,006,550 | ---- | c] () -- c:\windows\jautoexp.dat
[2010.12.18 16:15:49 | 000,000,425 | ---- | c] () -- c:\windows\brwmark.ini
[2010.12.18 16:15:49 | 000,000,027 | ---- | c] () -- c:\windows\brpp2ka.ini
[2010.12.18 13:47:45 | 000,000,056 | -h-- | c] () -- c:\programdata\ezsidmv.dat
[2010.09.10 11:34:55 | 000,001,035 | ---- | c] () -- c:\windows\syswow64\atipblag.dat
[2010.09.10 11:33:57 | 000,001,604 | ---- | c] () -- c:\windows\wpatchprogress.ini
[2010.09.10 02:13:54 | 000,000,033 | ---- | c] () -- c:\windows\launapp.ini
[2010.09.10 01:55:13 | 000,000,000 | ---- | c] () -- c:\windows\ativpsrm.bin
 
========== lop check ==========
 
[2011.05.08 15:05:15 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\amazon
[2012.06.04 06:11:12 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\babylon
[2012.06.01 18:52:41 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\babylontoolbar
[2011.02.06 13:09:03 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\cerasus.media
[2012.06.05 08:24:14 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\go
[2011.05.15 21:20:09 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\leadertech
[2010.12.16 07:35:05 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\lite
[2012.06.04 06:11:13 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\liteon
[2012.06.04 15:55:39 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\origin
[2012.06.04 19:16:18 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\protectdisc
[2012.05.26 06:37:33 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\sf software
[2011.01.30 17:13:12 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\t-mobile
[2012.06.04 19:16:18 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\t-mobile internet manager
[2011.01.28 15:09:13 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\tomtom
[2011.03.24 09:42:29 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\tuneup software
[2011.04.01 18:26:22 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2
[2011.04.03 09:01:20 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - abenteuer auf der ranch
[2011.04.01 18:54:17 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - crazy zoo
[2011.04.04 14:49:51 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - marine world
[2011.07.15 06:50:29 | 000,032,584 | ---- | m] () -- c:\windows\tasks\schedlgu.txt
 
========== purity check ==========
 
 
 
========== alternate data streams ==========
 
@alternate data stream - 949 bytes -> c:\users\florence\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml:oecustomproperty
@alternate data stream - 136 bytes -> c:\programdata\temp:93de1838
@alternate data stream - 135 bytes -> c:\programdata\temp:93eb7685
@alternate data stream - 132 bytes -> c:\programdata\temp:5d7e5a8f
 
< end of report >
         
--- --- ---

Hier teil 2OTL EXTRAS Logfile:
Code:
ATTFilter
otl extras logfile created on: 05.06.2012 13:37:10 - run 1
otl by oldtimer - version 3.2.46.1     folder = c:\users\***\downloads
64bit- home premium edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
3,86 gb total physical memory | 1,57 gb available physical memory | 40,61% memory free
7,73 gb paging file | 4,57 gb available in paging file | 59,15% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files (x86)
drive c: | 452,48 gb total space | 372,29 gb free space | 82,28% space free | partition type: Ntfs
drive d: | 270,88 mb total space | 0,00 mb free space | 0,00% space free | partition type: Udf
 
computer name: ***-pc | user name: *** | logged in as administrator.
Boot mode: Normal | scan mode: Current user | quick scan | include 64bit scans
company name whitelist: On | skip microsoft files: On | no company name whitelist: On | file age = 30 days
 
========== extra registry (safelist) ==========
 
 
========== file associations ==========
 
64bit: [hkey_local_machine\software\classes\<extension>]
.html[@ = chromehtml] -- c:\program files (x86)\google\chrome\application\chrome.exe (google inc.)
.url[@ = internetshortcut] -- c:\windows\sysnative\rundll32.exe (microsoft corporation)
 
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\syswow64\control.exe (microsoft corporation)
.html [@ = chromehtml] -- c:\program files (x86)\google\chrome\application\chrome.exe (google inc.)
 
[hkey_current_user\software\classes\<extension>]
.html [@ = chromehtml] -- reg error: Key error. File not found
 
========== shell spawning ==========
 
64bit: [hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Http [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
https [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
internetshortcut [open] -- "c:\windows\system32\rundll32.exe" "c:\windows\system32\ieframe.dll",openurl %l (microsoft corporation)
internetshortcut [print] -- "c:\windows\system32\rundll32.exe" "c:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Http [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
https [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
========== security center settings ==========
 
64bit: [hkey_local_machine\software\microsoft\security center]
"cval" = 1
 
64bit: [hkey_local_machine\software\microsoft\security center\monitoring]
 
64bit: [hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = 28 4d b2 76 41 04 ca 01  [binary data]
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
 
64bit: [hkey_local_machine\software\microsoft\security center\svc\vol]
 
[hkey_local_machine\software\microsoft\security center]
 
[hkey_local_machine\software\microsoft\security center\svc]
 
========== firewall settings ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1
 
========== authorized applications list ==========
 
 
========== vista active open ports exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{128b2afb-231f-4884-a70e-165f9a8d03ce}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1b1f978a-9bb1-4fcd-8800-88e236f92768}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{23a419b7-0dfa-4007-ac07-c8e6ff5d60c8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{292f2b58-fafb-471a-9773-8d19341d3671}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{32593e52-6a1d-473b-a262-b8980d26d629}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{33de41e2-04f5-431c-9d4e-09358885b9c7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{36d73743-efe6-490b-a328-07b944d54a89}" = rport=137 | protocol=17 | dir=out | app=system | 
"{422e1edd-c5da-4453-9eb3-daa945f7e819}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5088d1ba-95f6-4c21-b10f-b27e3fc85237}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6d3af3f4-f4ff-4595-8b26-84f12256dc73}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7998e1d1-42fd-49a5-98c5-e2eac7a42b24}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7ad2855d-cb16-4a84-8fd6-112e354f0e11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8a7a556d-868d-4525-b08d-d01ad91193c6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{a7cf377d-8d9a-42b2-8c65-f5db718e2e75}" = lport=138 | protocol=17 | dir=in | app=system | 
"{aa7a1047-d2c6-44de-8c88-04d4aff7190e}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{ae635111-2161-464a-8b69-74ec220aa494}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{b395ea34-f304-49a7-858a-a03bc0a9da25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{c3049784-8421-4e53-be33-9a0b17748fba}" = lport=139 | protocol=6 | dir=in | app=system | 
"{c3a13845-87cd-45ed-bd83-11cad45d903d}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ce4edf01-629e-4b14-9f60-c46048c99439}" = rport=138 | protocol=17 | dir=out | app=system | 
"{cffa21f3-9f03-4557-b14d-4425a502a232}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{e23e30ed-7447-4026-b3d6-05dba48f0d20}" = lport=137 | protocol=17 | dir=in | app=system | 
"{f26e4b54-b2ae-4eb8-a84e-eb1c7c504fdd}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== vista active application exception list ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{141e552c-afb8-4730-b3e2-a1622df958c7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1bbf7245-1d13-4f33-98aa-1cca8d4201dd}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{265def6b-7102-4c3f-b85a-884cff19bb3e}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{29f83c1a-d31e-46a8-b85f-ff00b647c64f}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{3a79436e-4999-43fa-98ef-3e0d2d68cc7a}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{3eb1f1ed-8654-4668-90ec-bb7c68a63ad3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4cdbd54e-422f-47b9-b235-e889bb81ecab}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{57de9c7d-e017-46dd-b364-af3820a65628}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{5a053d68-91ab-40d2-8da5-8bf2840fbe52}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{5aab97bf-25f9-4d24-9df7-de40c8b0a39a}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5bf5a179-7fb8-464d-aeee-4c97aebebba3}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{7018c944-7c07-4f2a-9bfe-d5ee2db6935b}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{721fdcf7-ef17-4399-ab92-5d84ee09f3c3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{7c8fddc5-93ee-4fcc-9c8e-ad7b5faabded}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{93b419c5-1fa2-4512-9a00-db3f25faa2c1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{93ca7ef4-efed-4ff3-84d5-fe6b2c24a902}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{a8557992-b574-42e5-a183-af9bfd415599}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{c74e7e11-31a6-4ce0-8828-55978ccaaa09}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{cfa50fc5-7307-48da-9895-dff6972ce0ea}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{dac1d444-d779-495a-a37c-3ad6e9225ad9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{f5e7c22d-ff05-4863-9a56-8ecf3dabc4c7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== hkey_local_machine uninstall list ==========
 
64bit: [hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{1d8e6291-b0d5-35ec-8441-6616f567a0f7}" = microsoft visual c++ 2010  x64 redistributable - 10.0.40219
"{1f557316-cfc0-41bd-aff7-8bc49ce444d7}" = shredder
"{3ed4ad02-f631-4a4c-aac8-2325996e5a56}" = microsoft intellipoint 8.1
"{4b6c7001-c7d6-3710-913e-5bc23fce91e6}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.4148
"{5fce6d76-f5dc-37ab-b2b8-22ab8cedb1d4}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.6161
"{8338783a-0968-3b85-afc7-baae0a63dc50}" = microsoft visual c++ 2008 redistributable - kb2467174 - x64 9.0.30729.5570
"{8b79b3a9-6e49-5ffb-2017-a822bbdc4992}" = ati catalyst install manager
"{8e34682c-8118-31f1-bc4c-98cd9675e1c2}" = microsoft .net framework 4 extended
"{90140000-002a-0000-1000-0000000ff1ce}" = microsoft office office 64-bit components 2010
"{90140000-002a-0407-1000-0000000ff1ce}" = microsoft office shared 64-bit mui (german) 2010
"{95120000-00b9-0409-1000-0000000ff1ce}" = microsoft application error reporting
"{987fe247-4e69-4a2e-a961-d14f901fdbf6}" = logitech webcam software
"{9f72ef8b-aec9-4ca5-b483-143980afd6fd}" = alps touch pad driver
"{a84db02b-9c2b-4272-9d2d-a80e00a56513}" = broadcom gigabit netlink controller
"{b0b97cf2-5032-a645-7ffc-bd1e39fc4e3f}" = ccc-utility64
"{f5b09cfd-f0b2-36af-8df4-1df6b63fc7b4}" = microsoft .net framework 4 client profile
"adobe flash player activex" = adobe flash player 11 activex 64-bit
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 extended" = microsoft .net framework 4 extended
"microsoft intellipoint 8.1" = microsoft intellipoint 8.1
 
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = microsoft visual c++ 2008 atl update kb973924 - x86 9.0.30729.4148
"{02a414ea-0e5f-cd08-61ef-e155f31dff76}" = catalyst control center graphics previews vista
"{08938019-97fa-1c7a-19e0-0c8d56ed7cb2}" = ccc help hungarian
"{08c7a49d-2b12-46f6-8b41-26d3b0d1c01f}" = visual studio c++ 9.0 runtime
"{0a4d717b-e6e8-11fa-e7d2-385ebb1a4a85}" = ccc help japanese
"{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}" = mywinlocker
"{12efa1a4-ac3b-443c-8143-237ede760403}" = nti backup now standard
"{13ba5548-1065-4dbe-b115-681afb77263b}" = ccc help swedish
"{15d967b5-a4be-42ae-9e84-64cd062b25aa}" = esobi v2
"{16793295-2366-40f7-a045-a3e42a81365e}" = bing bar
"{16890d7f-1c77-733b-d8e4-f5d4315a5f93}" = catalyst control center localization all
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1cbdb473-e303-efae-88d1-6f741acd5b31}" = ccc help czech
"{1d8912b0-343c-eb1f-28ee-b672d444c192}" = catalyst control center installproxy
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{205c6bdd-7b73-42de-8505-9a093f35a238}" = windows live-uploadtool
"{22b775e7-6c42-4fc5-8e10-9a5e3257bd94}" = msvcrt
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{2413930c-8309-47a6-bc61-5ef27a4222bc}" = nti media maker 8
"{287ecfa4-719a-2143-a09b-d6a12de54e40}" = acrobat.com
"{2ba722d1-48d1-406e-9123-8ae5431d63ef}" = windows live fotogalerie
"{2c59bf0e-66a5-681e-60fe-8d18ce6319a1}" = ccc help german
"{2c9d4fca-3e7f-9368-6955-ea6d65f7dc78}" = ccc help english
"{2d2d8fe2-605c-4d3c-b706-36e981e7eef0}" = cyberlink bd_3d advisor 2.0
"{2d37f6ae-d201-4580-b91a-6bf9bb93ed2d}" = die sims™ 2 super deluxe
"{3788b9b7-c15f-4c64-d52b-3dd1ba494b7a}" = ccc help korean
"{39286675-3166-9420-2336-779493021964}" = dein eigenes fohlen
"{3b4e636e-9d65-4d67-ba61-189800823f52}" = windows live communications platform
"{3d200eb9-44fc-432f-1e35-c20ab5fdcd77}" = ccc help thai
"{3db0448d-ad82-4923-b305-d001e521a964}" = acer epower management
"{3e29ee6c-963a-4aae-86c1-dc237c4a49fc}" = intel(r) rapid storage technology
"{3efef049-23d4-4b46-8903-4592fea51018}" = windows live movie maker
"{3f0d0abe-cdaf-431a-00bc-cbbe018ea74e}" = simcity 4 deluxe
"{41e654a9-26d0-4eac-854b-0fa824fffabb}" = windows live messenger
"{4286e640-b5fb-11df-ac4b-005056c00008}" = google earth
"{4412f224-3849-4461-a3e9-deef8d252790}" = visual studio c++ 10.0 runtime
"{44d52071-5077-2839-1ae6-863563aea269}" = ccc help russian
"{4bcbc4d0-1d88-462d-809e-506f34ea11c0}" = catalyst control center - branding
"{51f026fa-5146-4232-a8ba-1364740bd053}" = acer crystal eye webcam
"{52b97218-98cb-4b8b-9283-d213c85e1aa4}" = windows live anmelde-assistent
"{5d4c60aa-84e6-4e1a-8a68-69970d387be1}" = tuneup utilities language pack (de-de)
"{5fc68772-6d56-41c6-9df1-24e868198ae6}" = windows live call
"{6030fcd7-8f1a-427d-af05-8dd1a2ea2aba}" = alcor micro usb card reader
"{65153ea5-8b6e-43b6-857b-c6e4fc25798a}" = intel(r) management engine components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = microsoft visual c++ 2005 redistributable
"{719cdc89-b1b8-49bc-9194-80cafc7dc9c0}_is1" = 22 pferdespiele
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{72b776e5-4530-4c4b-9453-751df87d9d93}" = backup manager basic
"{738bf5c3-af7b-4bb0-b7ef-e505efc756be}" = mywinlocker suite
"{740b51d7-c903-4536-9530-b6304c937f51}" = wildlife park 2 familien edition
"{76618402-179d-4699-a66b-d351c59436bc}" = windows live sync
"{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
"{778f22ef-506b-4b87-b551-99540f526f2c}_is1" = klavitomat, das notenlernprogramm
"{7d5dec56-4f64-49ea-a3d6-3c0537b7e768}" = quickverein plus xpressupdate
"{7f811a54-5a09-4579-90e1-c93498e230d9}" = acer erecovery management
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-110300453}" = spin & win
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-11273477}" = amazonia
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-113832110}" = dream day first home
"{83aa2913-c123-4146-85bd-ad8f93971d39}" = babylonobjectinstaller
"{83beefb4-8c28-4f4f-8a9d-e0d1adce335b}" = die*sims*mittelalter
"{86ce85e6-dbac-3ffd-b977-e4b79f83c909}" = microsoft visual c++ 2008 redistributable - kb2467174 - x86 9.0.30729.5570
"{87976d85-dbf6-f263-39b6-500acb658ce0}" = catalyst control center graphics full existing
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight
"{8b33496c-ce5c-43db-9890-a9fb5dfa01bf}" = quickverein plus 2011
"{8cf49342-170d-4ded-bb22-cfe5e1c68a57}" = sf-karte 4.00
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{90140000-0015-0407-0000-0000000ff1ce}" = microsoft office access mui (german) 2010
"{90140000-0015-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0016-0407-0000-0000000ff1ce}" = microsoft office excel mui (german) 2010
"{90140000-0016-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0018-0407-0000-0000000ff1ce}" = microsoft office powerpoint mui (german) 2010
"{90140000-0018-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0019-0407-0000-0000000ff1ce}" = microsoft office publisher mui (german) 2010
"{90140000-0019-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001a-0407-0000-0000000ff1ce}" = microsoft office outlook mui (german) 2010
"{90140000-001a-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001b-0407-0000-0000000ff1ce}" = microsoft office word mui (german) 2010
"{90140000-001b-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0407-0000-0000000ff1ce}" = microsoft office proof (german) 2010
"{90140000-001f-0407-0000-0000000ff1ce}_office14.singleimage_{65a2328e-fdfb-4ca3-8582-357ea6825fea}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0409-0000-0000000ff1ce}" = microsoft office proof (english) 2010
"{90140000-001f-0409-0000-0000000ff1ce}_office14.singleimage_{99acca38-6dd3-48a8-96ae-a283c9759279}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-040c-0000-0000000ff1ce}" = microsoft office proof (french) 2010
"{90140000-001f-040c-0000-0000000ff1ce}_office14.singleimage_{46298f6a-1e7e-4d4a-b5f5-106a4f0e48c6}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0410-0000-0000000ff1ce}" = microsoft office proof (italian) 2010
"{90140000-001f-0410-0000-0000000ff1ce}_office14.singleimage_{c0743197-ffee-4c19-baeb-8f7437dc4c8a}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002a-0000-1000-0000000ff1ce}_office14.singleimage_{967ef02c-5c7e-4718-8fcb-bdc050190ccf}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002a-0407-1000-0000000ff1ce}_office14.singleimage_{594128c9-2cdf-43ce-8103-dc100cf013b6}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002c-0407-0000-0000000ff1ce}" = microsoft office proofing (german) 2010
"{90140000-002c-0407-0000-0000000ff1ce}_office14.singleimage_{4275fb46-abdf-4456-876c-17cf64294d9a}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-003d-0000-0000-0000000ff1ce}" = microsoft office single image 2010
"{90140000-003d-0000-0000-0000000ff1ce}_office14.singleimage_{047b0968-e622-4faa-9b4b-121fa109edde}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-006e-0407-0000-0000000ff1ce}" = microsoft office shared mui (german) 2010
"{90140000-006e-0407-0000-0000000ff1ce}_office14.singleimage_{98edfd9f-ea76-40cc-bce9-92c69413f65b}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-00a1-0407-0000-0000000ff1ce}" = microsoft office onenote mui (german) 2010
"{90140000-00a1-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
"{9bbb29a1-c71d-dd1d-66b1-352aaab13fc6}" = ccc help danish
"{9be518e6-ecc6-35a9-88e4-87755c07200f}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161
"{9f4d1d9e-5542-b572-81a7-9dcb0aeed1be}" = ccc help french
"{a2bca9f1-566c-4805-97d1-7fdc93386723}" = adobe air
"{a3ef3fad-6aba-1551-ad3b-d09361c5eec9}" = ccc help polish
"{a73fbc00-44f8-0ecf-76fb-14cf62120b55}" = ccc-core-static
"{a8516ac9-aaf1-47f9-9766-03e2d4cdbcf8}" = cyberlink powerdvd 9
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = google update helper
"{aa440541-c593-42bc-85ce-d95af1cf0473}_is1" = 22 hundespiele
"{aaceaae9-9cc3-5715-4539-eb13ca3c67ba}" = ccc help spanish
"{abee079e-648e-488b-8301-0c3db48c1bce}_is1" = acer gamezone console
"{ac76ba86-7ad7-ffff-7b44-a91000000001}" = adobe reader 9.4.5 mui
"{b0d792a7-bd06-4c91-ab2a-d082aca9dc0b}_is1" = mein aquarium
"{b2463ad3-1334-a30e-a523-d38e8e7b09a2}" = ccc help dutch
"{b6cf2967-c81e-40c0-9815-c05774fef120}" = skype click to call
"{ba2ad7f2-55ae-87b5-00dd-9b0c6f087fd0}" = catalyst control center graphics light
"{bc940cd7-fc71-83c5-2001-cf6fd07ba3d1}" = ccc help chinese traditional
"{bf847a60-119d-6888-b2da-ec62f1b66bbb}" = ccc help chinese standard
"{c05d8cdb-417d-4335-a38c-a0659edfd6b8}" = die sims™ 3
"{c2695e83-cf1d-43d1-84fe-b3bec561012a}" = shredder
"{c4d738f7-996a-4c81-b8fa-c4e26d767e41}" = windows live mail
"{c57bcde1-7cb9-467d-b3ba-7e119916cdc1}" = norton online backup
"{c97396a9-44bc-c856-0b92-93a6a417d6a8}" = catalyst control center graphics full new
"{ca10114e-3941-e8ed-70a3-17caa2226afc}" = ccc help turkish
"{cab89605-7c12-8082-32df-b419c696bd12}" = catalyst control center core implementation
"{d98c2191-0ae0-4087-9153-018a4810df45}" = ccc help norwegian
"{df7d3c5e-87fc-6ae6-d986-35e0f05fefd9}" = ccc help italian
"{e0a4805d-280a-4dd7-9e74-3a5f85e302a1}" = windows live writer
"{e0b19df7-b1c7-4937-82c4-0e4b1e346965}" = ebay worldwide
"{e1640da5-89b4-4f52-b15d-5da3d14f29d4}" = lg usb modem drivers
"{e2dfe069-083e-4631-9b6c-43c48e991de5}" = junk mail filter update
"{e3e71d07-cd27-46cb-8448-16d4fb29aa13}" = microsoft wse 3.0 runtime
"{eba8538c-f0b1-a089-d555-44dbf3a47c9f}" = ccc help finnish
"{ee171732-beb4-4576-887d-cb62727f01ca}" = acer updater
"{ee7257a2-39a2-4d2f-9dac-f9f25b8ae1d8}" = skype™ 5.8
"{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8}" = microsoft sql server 2005 compact edition [enu]
"{f0c3e5d1-1ade-321e-8167-68ef0de699a5}" = microsoft visual c++ 2010  x86 redistributable - 10.0.40219
"{f0e12bba-ad66-4022-a453-a1c8a0c4d570}" = microsoft choice guard
"{f132af7f-7bca-4ede-8a7c-958108fe7dbc}" = realtek high definition audio driver
"{f22e305e-bd02-5cc1-92d0-bd7170cdfe45}" = ccc help portuguese
"{f8ff18ee-264a-43fd-b2f6-5ead40798c2f}" = windows live essentials
"{fd4b3108-0915-31e1-5a7c-ac5b3c33846c}" = ccc help greek
"43f7c9185fef15ef8b19191c93c2b4e0" = treasure island
"acer registration" = acer registration
"acer screensaver" = acer screensaver
"acer welcome center" = welcome center
"adobe air" = adobe air
"adobe flash player activex" = adobe flash player 11 activex
"amazon mp3-downloader" = amazon mp3-downloader 1.0.9
"avast" = avast! Free antivirus
"babylontoolbar" = babylon toolbar on ie
"camerawindowdc8" = canon utilities camerawindow dc 8
"camerawindowlauncher" = canon utilities camerawindow launcher
"canon image gateway task" = canon image gateway task for zoombrowser ex
"canon mov decoder" = canon mov decoder
"canon mov encoder" = canon mov encoder
"dealply" = dealply
"freeware.de toolbar" = freeware.de toolbar
"google chrome" = google chrome
"identity card" = identity card
"installshield_{12efa1a4-ac3b-443c-8143-237ede760403}" = nti backup now 5
"installshield_{15d967b5-a4be-42ae-9e84-64cd062b25aa}" = esobi v2
"installshield_{2413930c-8309-47a6-bc61-5ef27a4222bc}" = nti media maker 8
"installshield_{6030fcd7-8f1a-427d-af05-8dd1a2ea2aba}" = alcor micro usb card reader
"installshield_{72b776e5-4530-4c4b-9453-751df87d9d93}" = acer backup manager
"installshield_{738bf5c3-af7b-4bb0-b7ef-e505efc756be}" = mywinlocker suite
"installshield_{a8516ac9-aaf1-47f9-9766-03e2d4cdbcf8}" = cyberlink powerdvd 9
"lg internet kit" = lg internet kit
"lmanager" = launch manager
"logitech vid" = logitech vid hd
"malwarebytes' anti-malware_is1" = malwarebytes Anti-Malware version 1.61.0.1400
"meine katzenwelt_is1" = meine katzenwelt
"movieedittask" = canon movieedit task for zoombrowser ex
"movieuploaderforyoutube" = canon utilities movie uploader for youtube
"msc" = mcafee internet security suite
"mycamera" = canon utilities mycamera
"mycamera download plugin" = canon image gateway mycamera download plugin
"mytomtom" = mytomtom 3.1.0.530
"office14.singleimage" = microsoft office home and student 2010
"origin" = origin
"photostitch" = canon utilities photostitch
"protectdisc driver 11" = protectdisc driver, version 11
"sweet home 3d_is1" = sweet home 3d version 3.1
"t-mobile internet manager" = t-mobile internet manager
"tomtom home" = tomtom home 2.8.3.2499
"urkunden-druckerei_is1" = data becker urkunden-druckerei
"winlivesuite_wave3" = windows live essentials
"wiseconvert toolbar" = wiseconvert toolbar
"zoombrowser ex" = canon utilities zoombrowser ex
"zoombrowser ex memory card utility" = canon zoombrowser ex memory card utility
"zynga toolbar" = zynga toolbar
 
========== hkey_current_user uninstall list ==========
 
[hkey_current_user\software\microsoft\windows\currentversion\uninstall]
"game organizer" = gamexn go
"protect disc license helper" = protect disc license helper 1.0.125 (ie)
 
========== last 10 event log errors ==========
 
[ application events ]
error - 08.03.2012 05:42:03 | computer name = florence-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
 oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
 in zeile 2.  Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
 
Error - 08.03.2012 13:01:46 | computer name = ***-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Iexplore.exe, version: 9.0.8112.16421,
 zeitstempel: 0x4d76255d  name des fehlerhaften moduls: Winmm.dll, version: 6.1.7600.16385,
 zeitstempel: 0x4a5bdb42  ausnahmecode: 0xc0000005  fehleroffset: 0x000071ff  id des fehlerhaften
 prozesses: 0x1c08  startzeit der fehlerhaften anwendung: 0x01ccfd496153e5f0  pfad der
 fehlerhaften anwendung: C:\program files (x86)\internet explorer\iexplore.exe  pfad
 des fehlerhaften moduls: C:\windows\system32\winmm.dll  berichtskennung: 62f7a228-6940-11e1-8778-206a8a16016d
 
error - 09.03.2012 08:27:21 | computer name = florence-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
 oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
 in zeile 2.  Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
 
Error - 10.03.2012 07:09:04 | computer name = ***-pc | source = microsoft-windows-capi2 | id = 512
description = vom kryptografiedienst konnte das vss-sicherungsobjekt "system writer"
 nicht initialisiert werden.  Details: System writer object failed to subscribe to 
vss.  System error: Unbekannter fehler  .
 
Error - 11.03.2012 05:45:52 | computer name = ***-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Iexplore.exe, version: 9.0.8112.16421,
 zeitstempel: 0x4d76255d  name des fehlerhaften moduls: Msvcrt.dll, version: 7.0.7600.16930,
 zeitstempel: 0x4eeaf834  ausnahmecode: 0xc0000005  fehleroffset: 0x00009b60  id des fehlerhaften
 prozesses: 0x15a8  startzeit der fehlerhaften anwendung: 0x01ccff694a727a04  pfad der
 fehlerhaften anwendung: C:\program files (x86)\internet explorer\iexplore.exe  pfad
 des fehlerhaften moduls: C:\windows\syswow64\msvcrt.dll  berichtskennung: Fd1da199-6b5e-11e1-9be4-206a8a16016d
 
error - 11.03.2012 12:16:17 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
 oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
 in zeile 2.  Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
 
Error - 12.03.2012 04:41:52 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
 oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
 in zeile 2.  Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
 
Error - 12.03.2012 05:18:38 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
 oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
 in zeile 2.  Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
 
Error - 12.03.2012 05:19:53 | computer name = ***-pc | source = sidebyside | id = 16842815
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\common files\adobe air\versions\1.0\adobe air.dll". Fehler in manifest- oder
 richtliniendatei "c:\program files (x86)\common files\adobe air\versions\1.0\adobe
 air.dll" in zeile 3.  Der wert "major_version.minor_version.build_number_major.build_number_minor"
 des "version"-attributs im assemblyidentity-element ist ungültig.
 
Error - 12.03.2012 05:24:00 | computer name = ***-pc | source = sidebyside | id = 16842787
description = fehler beim generieren des aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\moviemaker.exe". Fehler in manifest- oder richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\wlmfds.dll" in zeile  8.  Die 
im manifest gefundene komponenten-id stimmt nicht mit der id der angeforderten komponente
 überein.  Verweis: Wlmfds,processorarchitecture="amd64",type="win32",version="1.0.0.1".
Definition:
 Wlmfds,processorarchitecture="x86",type="win32",version="1.0.0.1".  Verwenden sie
 das programm "sxstrace.exe" für eine detaillierte diagnose.
 
[ media center events ]
error - 17.11.2011 09:49:48 | computer name = ***-pc | source = mcupdate | id = 0
description = 14:49:48 - fehler beim herstellen der internetverbindung.  14:49:48 
-     serververbindung konnte nicht hergestellt werden..  
 
Error - 17.11.2011 09:50:08 | computer name = ***-pc | source = mcupdate | id = 0
description = 14:49:55 - fehler beim herstellen der internetverbindung.  14:49:55 
-     serververbindung konnte nicht hergestellt werden..  
 
Error - 17.11.2011 22:09:17 | computer name = ***-pc | source = mcupdate | id = 0
description = 03:09:17 - fehler beim herstellen der internetverbindung.  03:09:17 
-     serververbindung konnte nicht hergestellt werden..  
 
Error - 18.11.2011 01:52:10 | computer name = ***-pc | source = mcupdate | id = 0
description = 03:09:24 - fehler beim herstellen der internetverbindung.  03:09:24 
-     serververbindung konnte nicht hergestellt werden..  
 
[ system events ]
error - 04.06.2012 10:51:42 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:51:42 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:51:59 | computer name = ***-pc | source = dcom | id = 10005
description = 
 
error - 04.06.2012 10:51:59 | computer name = ***-pc | source = dcom | id = 10005
description = 
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
 awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde:   %%1068
 
 
< end of report >
         
--- --- ---

Alt 05.06.2012, 20:26   #2
markusg
/// Malware-holic
 
verschlüsselungs trojaner - Standard

verschlüsselungs trojaner



hi,
1. öffne mcafee poste die fundmeldungen.
2. öffne malwarebytes, logdateien, poste alle berichte.
3. entschlüsseln bzw wiederherstellen:
http://www.trojaner-board.de/115496-...erstellen.html
4. die infektionsquelle:
an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert.
wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ:
.eml einstellen.
dann bitte lesen:
markusg - trojaner-board.de
und mir die soeben erstellte datei zukommen lassen.
wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders.
bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen.
sie können dann dorthin solche verdächtigen mails senden.
diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________

__________________

Alt 07.06.2012, 08:10   #3
FloTho
 
verschlüsselungs trojaner - Standard

verschlüsselungs trojaner



Hier sind die Berichte
Zitat:
2012/06/05 12:42:57 +0200 ***-PC *** MESSAGE Starting protection
2012/06/05 12:43:01 +0200 ***-PC *** MESSAGE Protection started successfully
2012/06/05 12:43:04 +0200 **-PC *** MESSAGE Starting IP protection
2012/06/05 12:43:06 +0200 ***-PC *** MESSAGE IP Protection started successfully
2012/06/05 12:45:48 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs QUARANTINE
2012/06/05 12:45:49 +0200 ***-PC *** ERROR Quarantine failed: DeleteFile failed with error code 5
2012/06/05 12:46:12 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 12:52:06 +0200 ***-PC *** MESSAGE Executing scheduled update: Daily
2012/06/05 12:52:18 +0200 ***-PC *** MESSAGE Database already up-to-date
2012/06/05 13:33:47 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:34:30 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:34:38 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:34:40 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:43:41 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:43:43 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 13:55:11 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 14:06:12 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 15:17:24 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 15:18:26 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 15:34:24 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 17:13:19 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 17:20:42 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 18:24:55 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 18:25:31 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 19:28:42 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 19:29:12 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 19:38:58 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 19:43:02 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 19:53:03 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 20:21:44 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
2012/06/05 20:21:49 +0200 ***-PC *** DETECTION C:\Program Files (x86)\I Want This\I Want This.dll Adware.GamePlayLabs DENY
Zitat:
2012/06/06 06:07:32 +0200 ***-PC *** MESSAGE Starting protection
2012/06/06 06:07:43 +0200 ***-PC *** MESSAGE Protection started successfully
2012/06/06 06:07:46 +0200 ***-PC *** MESSAGE Starting IP protection
2012/06/06 06:07:53 +0200 ***-PC *** MESSAGE IP Protection started successfully
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

05.06.2012 14:21:30
mbam-log-2012-06-05 (14-21-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213115
Laufzeit: 9 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

(Ende)
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

05.06.2012 12:45:10
mbam-log-2012-06-05 (12-45-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213178
Laufzeit: 9 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 18
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Löschen bei Neustart.
C:\Users\Florence\AppData\Local\I Want This (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florence\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\is1590112554\IWantThis_SRC_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\I Want This\Chrome\LOuANNTvngXuorJq (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

05.06.2012 12:43:08
mbam-log-2012-06-05 (12-43-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 2142
Laufzeit: 42 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Löschen bei Neustart.

(Ende)
So Punkt 2 ist reingestellt
Zu Punkt 1 wie stelle ich das ein bzw. Wie kopiere ich den Bericht/ Meldung??
Zu Punkt 3 wie mache ich das? Habe ich mir runtergeladen.
Punkt 4 ist erledigt.



Vielen danke an alle die Helfen.
__________________

Alt 07.06.2012, 12:03   #4
markusg
/// Malware-holic
 
verschlüsselungs trojaner - Standard

verschlüsselungs trojaner



müsste man auch abkopieren können, nutze das programm nicht, aber ich denke das ist selbsterklärend.
hast du für 3. die anleitung gelesen und das vidio angesehen?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu verschlüsselungs trojaner
alternate, babylon toolbar, babylontoolbar, becker, benötigt, bingbar, code, conduit, datei, dealply, document, e-mail, foto, google earth, heute, hinweis, home, install.exe, kaufen, launch, locker, microsoft, microsoft office word, mywinlocker, namen, neu, neue, neuen, nicht mehr, nicht öffnen, origin, plug-in, problem, prüfen, richtlinie, schnell, schonmal, searchscopes, super, system, t-mobile, trojane, trojaner, update, verschlüsselung, version=1.0, visual studio, windows, windows 7



Ähnliche Themen: verschlüsselungs trojaner


  1. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  2. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  3. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  4. verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.07.2012 (1)
  5. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 14.06.2012 (6)
  7. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (4)
  8. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (7)
  9. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  10. Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  11. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  12. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. Verschlüsselungs-Trojaner auf XP
    Log-Analyse und Auswertung - 07.06.2012 (9)
  14. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 03.06.2012 (1)
  15. Verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (1)
  16. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 29.05.2012 (15)
  17. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)

Zum Thema verschlüsselungs trojaner - Hallo ich versuche es mit einem eigenen Thema. Ich bin neu hier und habe auch garnicht so soviel erfahrung damit. Mein Problem: Ich habe eine E-Mail geöffnet und habe mir - verschlüsselungs trojaner...
Archiv
Du betrachtest: verschlüsselungs trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.