Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Log-Analyse und Auswertung: Verschlüsselungstrojaner? 100€ Bezahlt Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 23.05.2012, 09:07   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Zitat:
Jedoch ist mein WICHTIGSTES Anliegen, die Daten zu entschlüsseln, da ich die Abrechnungsdaten von ELSTER etc wieder brauche.
Um die Entschlüsselung macht man sich Gedanken wenn das System von den Schädlingen befreit wurde

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2012, 12:02   #17
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


so zu deiner ersten Anweisung:

Code:
ATTFilter
OTL logfile created on: 23.05.2012 12:33:20 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\pmkurierdienst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 58,41% Memory free
6,08 Gb Paging File | 4,77 Gb Available in Paging File | 78,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 121,79 Gb Free Space | 54,58% Space Free | Partition Type: NTFS
Drive F: | 37,24 Gb Total Space | 19,69 Gb Free Space | 52,87% Space Free | Partition Type: FAT32
 
Computer Name: PMUNTERNEHMEN | User Name: pmkurierdienst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 12:32:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
PRC - [2012.05.22 23:13:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.22 23:12:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.22 23:12:51 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.22 23:12:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.22 18:05:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\PMKURI~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.04.26 08:50:06 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.26 08:50:06 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.22 23:13:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.22 23:12:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.26 08:50:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.22 23:13:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.22 23:13:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.17 10:41:52 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.23 09:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.02.23 04:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.09.22 15:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{3533B82A-2791-48C7-8EDE-2B60B29D6E42}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=40942976-CC80-45BB-80CD-321C20CC6733&apn_sauid=88619F72-1300-4237-8DA3-D1ED4B00BA8B
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.19 22:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.26 08:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.23 18:32:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.19 22:08:15 | 000,000,000 | ---D | M]
 
[2009.09.06 12:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pmkurierdienst\AppData\Roaming\mozilla\Extensions
[2012.05.20 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pmkurierdienst\AppData\Roaming\mozilla\Firefox\Profiles\agv5b8fz.default\extensions
[2012.01.08 16:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 08:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 11:10:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 11:10:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 11:10:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 11:10:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 11:10:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 11:10:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.22 19:30:39 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98787560-FC09-48DB-9C59-0271ED674386}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.03.31 21:01:14 | 000,000,000 | ---D | M] - F:\Autos 2010 - Kopie -- [ FAT32 ]
O32 - AutoRun File - [2006.12.31 14:41:26 | 000,000,000 | ---D | M] - F:\Autos -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,338,401 | ---- | M] () - F:\Autos 001.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,816,096 | ---- | M] () - F:\Autos 002.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,529,091 | ---- | M] () - F:\Autos 003.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,265,245 | ---- | M] () - F:\Autos 004.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,153,861 | ---- | M] () - F:\Autos 005.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,872,301 | ---- | M] () - F:\Autos 006.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,426,093 | ---- | M] () - F:\Autos 007.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,528,343 | ---- | M] () - F:\Autos 008.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,765,474 | ---- | M] () - F:\Autos 009.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,393,754 | ---- | M] () - F:\Autos 010.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,102,407 | ---- | M] () - F:\Autos 015.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,236,070 | ---- | M] () - F:\Autos 019.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,110,779 | ---- | M] () - F:\Autos 027.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,812,011 | ---- | M] () - F:\Autos 028.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,041,549 | ---- | M] () - F:\Autos 029.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,293,491 | ---- | M] () - F:\Autos 030.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,784,916 | ---- | M] () - F:\Autos 031.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,580,293 | ---- | M] () - F:\Autos 032.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,257,244 | ---- | M] () - F:\Autos 033.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,554,716 | ---- | M] () - F:\Autos 034.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,536,782 | ---- | M] () - F:\Autos 035.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,912,909 | ---- | M] () - F:\Autos 036.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,991,196 | ---- | M] () - F:\Autos 037.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,974,732 | ---- | M] () - F:\Autos 038.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,459,807 | ---- | M] () - F:\Autos 039.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,467,279 | ---- | M] () - F:\Autos 040.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,595,802 | ---- | M] () - F:\Autos 041.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,959,535 | ---- | M] () - F:\Autos 042.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,197,122 | ---- | M] () - F:\Autos 043.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,312,908 | ---- | M] () - F:\Autos 044.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,655,612 | ---- | M] () - F:\Autos 045.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,943,304 | ---- | M] () - F:\Autos 046.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,978,881 | ---- | M] () - F:\Autos 047.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,158,723 | ---- | M] () - F:\Autos 048.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,306,676 | ---- | M] () - F:\Autos 049.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,633,373 | ---- | M] () - F:\Autos 050.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,598,885 | ---- | M] () - F:\Autos 051.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,065,205 | ---- | M] () - F:\Autos 052.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,032,962 | ---- | M] () - F:\Autos 053.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,376,078 | ---- | M] () - F:\Autos 054.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 003,601,549 | ---- | M] () - F:\Autos 055.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,844,928 | ---- | M] () - F:\Autos 056.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,158,680 | ---- | M] () - F:\Autos 057.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,074,457 | ---- | M] () - F:\Autos 058.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,321,030 | ---- | M] () - F:\Autos 059.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,502,032 | ---- | M] () - F:\Autos 060.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,104,518 | ---- | M] () - F:\Autos 061.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,526,218 | ---- | M] () - F:\Autos 062.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,201,013 | ---- | M] () - F:\Autos 063.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,386,035 | ---- | M] () - F:\Autos 064.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,518,926 | ---- | M] () - F:\Autos 065.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,060,839 | ---- | M] () - F:\Autos 066.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,210,577 | ---- | M] () - F:\Autos 067.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,842,028 | ---- | M] () - F:\Autos 068.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,683,485 | ---- | M] () - F:\Autos 069.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,312,641 | ---- | M] () - F:\Autos 070.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,806,967 | ---- | M] () - F:\Autos 071.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,292,781 | ---- | M] () - F:\Autos 072.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,022,935 | ---- | M] () - F:\Autos 073.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,479,740 | ---- | M] () - F:\Autos 074.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,049,654 | ---- | M] () - F:\Autos 082.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,061,500 | ---- | M] () - F:\Autos 084.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,619,585 | ---- | M] () - F:\Autos 085.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,221,920 | ---- | M] () - F:\Autos 086.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,404,357 | ---- | M] () - F:\Autos 087.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,034,512 | ---- | M] () - F:\Autos 088.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,250,627 | ---- | M] () - F:\Autos 089.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,380,564 | ---- | M] () - F:\Autos 090.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 001,663,311 | ---- | M] () - F:\Autos 091.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,456,267 | ---- | M] () - F:\Autos 093.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,332,705 | ---- | M] () - F:\Autos 094.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,440,099 | ---- | M] () - F:\Autos 095.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,391,526 | ---- | M] () - F:\Autos 096.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,646,437 | ---- | M] () - F:\Autos 097.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,601,406 | ---- | M] () - F:\Autos 098.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,585,547 | ---- | M] () - F:\Autos 100.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,337,785 | ---- | M] () - F:\Autos 102.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,876,233 | ---- | M] () - F:\Autos 103.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,589,212 | ---- | M] () - F:\Autos 104.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,262,856 | ---- | M] () - F:\Autos 121.jpg -- [ FAT32 ]
O33 - MountPoints2\{51bd73ce-207a-11e0-883a-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{761aa595-6e0d-11df-bbd6-001f16b23fc3}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{c16b11c1-ee2b-11df-be1e-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 12:32:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
[2012.05.23 12:24:01 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\Malwarebytes
[2012.05.23 00:53:42 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\Programm Files Sicherung
[2012.05.23 00:48:22 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\OutlookSicherung
[2012.05.23 00:39:18 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\Desktop Sicherung
[2012.05.23 00:30:21 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
[2012.05.23 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.23 00:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.21 19:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.21 19:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.21 17:48:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.21 17:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.05.21 17:14:01 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Local\Temp
[2012.05.21 15:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.21 15:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.21 15:08:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.21 15:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.20 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\Franncflmy
[2012.05.09 21:41:03 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 21:41:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 21:41:02 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 21:41:02 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 21:41:02 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.09 21:39:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 21:39:20 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 21:39:20 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.26 08:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 08:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 12:32:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
[2012.05.23 12:31:10 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.23 12:31:10 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.23 12:31:10 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.23 12:31:10 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.23 12:11:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 12:11:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 12:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 12:11:08 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 01:27:02 | 000,000,117 | ---- | M] () -- C:\Windows\System32\decoder_del.bat
[2012.05.23 00:30:09 | 000,001,686 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\ShadowExplorer.lnk
[2012.05.22 23:47:33 | 000,006,656 | ---- | M] () -- C:\Users\pmkurierdienst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.22 23:13:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.22 23:13:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.22 19:30:39 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.21 14:49:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.21 14:49:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.21 07:13:25 | 000,340,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh320
[2012.05.02 15:47:28 | 000,019,458 | ---- | M] () -- C:\DecryptHelper-0.5.3.jar
[2012.04.28 13:25:15 | 000,014,970 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\JOtpjoGeqOQflEygUplrG
[2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh325
[2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh324
[2012.04.26 08:05:17 | 000,067,072 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\nuNsqvVGsyOXDoNsf
 
========== Files Created - No Company Name ==========
 
[2012.05.23 01:26:56 | 000,000,117 | ---- | C] () -- C:\Windows\System32\decoder_del.bat
[2012.05.23 00:30:09 | 000,001,686 | ---- | C] () -- C:\Users\pmkurierdienst\Desktop\ShadowExplorer.lnk
[2012.05.22 23:55:26 | 3146,604,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.21 14:49:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.21 14:49:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh325
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh324
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh323
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh322
[2012.05.20 19:44:33 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh321
[2012.05.20 19:44:33 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh320
[2012.05.02 15:47:28 | 000,019,458 | ---- | C] () -- C:\DecryptHelper-0.5.3.jar
[2012.02.27 15:49:17 | 000,000,215 | ---- | C] () -- C:\Windows\HBCIKRNL.ini
[2012.02.27 15:49:05 | 000,000,281 | ---- | C] () -- C:\Windows\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini
[2012.02.27 15:47:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.08 08:18:25 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
 
========== LOP Check ==========
 
[2009.09.06 09:20:01 | 000,000,000 | -HSD | M] -- C:\Users\pmkurierdienst\AppData\Roaming\.#
[2012.05.20 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Acer GameZone Console
[2012.02.26 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Canon
[2011.06.14 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\elsterformular
[2009.09.06 09:14:22 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\eSobi
[2012.05.22 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Franncflmy
[2012.05.20 20:11:14 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Image Zone Express
[2010.05.07 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Printer Info Cache
[2009.09.06 09:17:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Template
[2012.05.23 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
[2012.05.23 01:36:53 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2012 12:33:20 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\pmkurierdienst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 58,41% Memory free
6,08 Gb Paging File | 4,77 Gb Available in Paging File | 78,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 121,79 Gb Free Space | 54,58% Space Free | Partition Type: NTFS
Drive F: | 37,24 Gb Total Space | 19,69 Gb Free Space | 52,87% Space Free | Partition Type: FAT32
 
Computer Name: PMUNTERNEHMEN | User Name: pmkurierdienst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3486583838-2670660624-3414567642-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F638FA2-8680-4F22-8C5A-28A155F04CA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1022633B-A7EC-4E05-B1F1-39655B0591CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{124789A3-1134-409D-93A8-8AB979B52067}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20EAC8B9-786A-4255-87D6-CB12AC731622}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{223F99ED-81E5-4CFB-9133-BA837A2626FA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{34D75B43-0928-40CD-B65C-43F87E76E1FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{48F96FB1-E6F6-4784-8CB9-5C0BBD77C0A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C6D076C-D735-4493-878E-20CC771C76D2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5D06E7F5-C454-4209-9A49-0AA60B2636B3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{614CB27F-DEA7-4EE2-8469-C7A768D745E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9DD69EEC-7589-470F-A7E3-8AC836DE904D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AB7BD5A8-6592-45CC-8218-317C91029FC4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE4C8F30-3CAA-46C1-A99A-6A339B654AF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B375604E-06A2-454D-BA6D-165167C1A0BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3F27BEB-C2DC-4775-968F-798503960BE7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C6681832-4FF3-4236-B212-277C1C2DF333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6BF5B16-3006-4F6D-9CA3-8943AB93EDC8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DC6526BD-E4E3-4DAF-9743-C434CE9DFF58}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FCC15690-5023-445F-A5F8-09BF8810E888}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{FF0D2E58-2B15-4BB2-8AFF-7F004BFFABEC}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D7BFB-E42B-4E8A-9C02-944C625941BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1B8EEF89-A395-4F2C-AF44-C097CC7B770E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3FDECAC4-A40E-40A9-A2A8-5432BB4B6EEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{45C6AFFA-B6A5-4D2B-AF36-581C4CD8602C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{50E7BFF4-4B87-419D-A63F-3942E13C63C5}" = protocol=17 | dir=in | app=c:\program files\cherry\smartdevice\ctcymconfig.exe | 
"{5D32539D-8DC8-479F-B76F-3CCE3274B50A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{62CEE012-5A58-48E9-8223-808F85CEAB73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7138B98C-7B51-4E6E-B19A-D9E29AF4F311}" = dir=in | app=d:\setup\hpznui01.exe | 
"{79A95A19-950B-4832-81BB-5D816500EDF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95B4F0D1-E281-42AD-A3E0-AF5B9E04A0A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9745BC55-A783-4112-9951-472B150DE27A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{9DDDB5E2-E62E-4D60-9C30-397F637D184F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9F185C2D-8224-494A-A302-3F85E56619A4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{AD77C3A4-7BBB-4103-9495-A0B5DDE21AEA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B11454CB-A462-44BC-9D0E-1CBFE158940B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C98AAC51-771A-4645-9E7B-2EA7B69CE821}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DFB9AFB5-9B6E-4F34-A13B-E7483DD94759}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F69536D6-328E-465E-9AFD-A59716D69B15}" = protocol=6 | dir=in | app=c:\program files\cherry\smartdevice\ctcymconfig.exe | 
"{FA0E207D-FF6E-46EE-A07B-0F569E4872B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{155CCA6C-F0D9-4406-B005-BD535C1B1378}" = Lis i Niedźwiedź
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464BE34B-44A8-4C44-AA14-C3482B2CFB2A}" = GloboFleet CC Plus
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{BABE1E59-F3A3-4B2B-80B1-41928543A042}" = Cherry SmartCard Package V3.0 Build 8
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ElsterFormular 12.2.1.6570k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2012 21:38:59 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16660470
 
Error - 09.05.2012 21:38:59 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16660470
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16676070
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16676070
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16691670
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16691670
 
Error - 09.05.2012 21:42:55 | Computer Name = pmunternehmen | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2012 22:18:56 | Computer Name = pmunternehmen | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 07.09.2009 08:30:21 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 26.02.2012 05:05:03 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.04.2012 09:11:54 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 25.12.2010 17:36:12 | Computer Name = pmunternehmen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 103 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.05.2012 17:53:50 | Computer Name = pmunternehmen | Source = DCOM | ID = 10005
Description = 
 
Error - 22.05.2012 17:53:55 | Computer Name = pmunternehmen | Source = DCOM | ID = 10005
Description = 
 
Error - 22.05.2012 17:54:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 22.05.2012 17:54:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.05.2012 17:55:40 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 22.05.2012 17:55:40 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 22.05.2012 17:57:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.05.2012 06:11:28 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 23.05.2012 06:11:28 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 23.05.2012 06:12:13 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
__________________
Alt 23.05.2012, 12:30   #18
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


EDIT:

Hier deine 2. Anforderung:

Code:
ATTFilter
OTL logfile created on: 23.05.2012 13:06:30 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\pmkurierdienst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,63% Memory free
6,08 Gb Paging File | 4,90 Gb Available in Paging File | 80,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 121,73 Gb Free Space | 54,56% Space Free | Partition Type: NTFS
Drive F: | 37,24 Gb Total Space | 19,69 Gb Free Space | 52,87% Space Free | Partition Type: FAT32
 
Computer Name: PMUNTERNEHMEN | User Name: pmkurierdienst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 12:32:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
PRC - [2012.05.22 23:13:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.22 23:12:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.22 23:12:51 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.22 23:12:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.22 18:05:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\PMKURI~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.22 23:13:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.22 23:12:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.26 08:50:06 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.22 23:13:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.22 23:13:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.17 10:41:52 | 000,115,712 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.23 09:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.02.23 04:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.09.22 15:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{3533B82A-2791-48C7-8EDE-2B60B29D6E42}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=40942976-CC80-45BB-80CD-321C20CC6733&apn_sauid=88619F72-1300-4237-8DA3-D1ED4B00BA8B
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.19 22:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.26 08:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.23 18:32:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.04.19 22:08:15 | 000,000,000 | ---D | M]
 
[2009.09.06 12:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pmkurierdienst\AppData\Roaming\mozilla\Extensions
[2012.05.20 20:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pmkurierdienst\AppData\Roaming\mozilla\Firefox\Profiles\agv5b8fz.default\extensions
[2012.01.08 16:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 08:50:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 11:10:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 11:10:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 11:10:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 11:10:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 11:10:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 11:10:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.22 19:30:39 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98787560-FC09-48DB-9C59-0271ED674386}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.03.31 21:01:14 | 000,000,000 | ---D | M] - F:\Autos 2010 - Kopie -- [ FAT32 ]
O32 - AutoRun File - [2006.12.31 14:41:26 | 000,000,000 | ---D | M] - F:\Autos -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,338,401 | ---- | M] () - F:\Autos 001.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,816,096 | ---- | M] () - F:\Autos 002.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,529,091 | ---- | M] () - F:\Autos 003.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,265,245 | ---- | M] () - F:\Autos 004.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,153,861 | ---- | M] () - F:\Autos 005.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,872,301 | ---- | M] () - F:\Autos 006.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,426,093 | ---- | M] () - F:\Autos 007.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,528,343 | ---- | M] () - F:\Autos 008.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,765,474 | ---- | M] () - F:\Autos 009.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,393,754 | ---- | M] () - F:\Autos 010.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,102,407 | ---- | M] () - F:\Autos 015.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,236,070 | ---- | M] () - F:\Autos 019.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,110,779 | ---- | M] () - F:\Autos 027.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,812,011 | ---- | M] () - F:\Autos 028.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,041,549 | ---- | M] () - F:\Autos 029.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,293,491 | ---- | M] () - F:\Autos 030.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,784,916 | ---- | M] () - F:\Autos 031.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,580,293 | ---- | M] () - F:\Autos 032.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,257,244 | ---- | M] () - F:\Autos 033.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,554,716 | ---- | M] () - F:\Autos 034.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,536,782 | ---- | M] () - F:\Autos 035.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,912,909 | ---- | M] () - F:\Autos 036.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,991,196 | ---- | M] () - F:\Autos 037.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,974,732 | ---- | M] () - F:\Autos 038.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,459,807 | ---- | M] () - F:\Autos 039.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,467,279 | ---- | M] () - F:\Autos 040.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,595,802 | ---- | M] () - F:\Autos 041.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,959,535 | ---- | M] () - F:\Autos 042.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,197,122 | ---- | M] () - F:\Autos 043.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,312,908 | ---- | M] () - F:\Autos 044.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,655,612 | ---- | M] () - F:\Autos 045.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,943,304 | ---- | M] () - F:\Autos 046.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,978,881 | ---- | M] () - F:\Autos 047.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,158,723 | ---- | M] () - F:\Autos 048.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,306,676 | ---- | M] () - F:\Autos 049.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,633,373 | ---- | M] () - F:\Autos 050.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,598,885 | ---- | M] () - F:\Autos 051.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,065,205 | ---- | M] () - F:\Autos 052.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,032,962 | ---- | M] () - F:\Autos 053.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,376,078 | ---- | M] () - F:\Autos 054.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 003,601,549 | ---- | M] () - F:\Autos 055.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,844,928 | ---- | M] () - F:\Autos 056.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,158,680 | ---- | M] () - F:\Autos 057.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,074,457 | ---- | M] () - F:\Autos 058.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,321,030 | ---- | M] () - F:\Autos 059.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,502,032 | ---- | M] () - F:\Autos 060.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,104,518 | ---- | M] () - F:\Autos 061.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,526,218 | ---- | M] () - F:\Autos 062.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,201,013 | ---- | M] () - F:\Autos 063.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,386,035 | ---- | M] () - F:\Autos 064.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,518,926 | ---- | M] () - F:\Autos 065.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,060,839 | ---- | M] () - F:\Autos 066.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,210,577 | ---- | M] () - F:\Autos 067.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,842,028 | ---- | M] () - F:\Autos 068.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,683,485 | ---- | M] () - F:\Autos 069.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,312,641 | ---- | M] () - F:\Autos 070.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,806,967 | ---- | M] () - F:\Autos 071.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,292,781 | ---- | M] () - F:\Autos 072.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,022,935 | ---- | M] () - F:\Autos 073.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,479,740 | ---- | M] () - F:\Autos 074.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,049,654 | ---- | M] () - F:\Autos 082.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,061,500 | ---- | M] () - F:\Autos 084.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,619,585 | ---- | M] () - F:\Autos 085.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,221,920 | ---- | M] () - F:\Autos 086.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,404,357 | ---- | M] () - F:\Autos 087.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,034,512 | ---- | M] () - F:\Autos 088.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,250,627 | ---- | M] () - F:\Autos 089.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,380,564 | ---- | M] () - F:\Autos 090.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 001,663,311 | ---- | M] () - F:\Autos 091.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,456,267 | ---- | M] () - F:\Autos 093.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,332,705 | ---- | M] () - F:\Autos 094.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,440,099 | ---- | M] () - F:\Autos 095.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,391,526 | ---- | M] () - F:\Autos 096.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,646,437 | ---- | M] () - F:\Autos 097.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,601,406 | ---- | M] () - F:\Autos 098.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,585,547 | ---- | M] () - F:\Autos 100.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,337,785 | ---- | M] () - F:\Autos 102.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,876,233 | ---- | M] () - F:\Autos 103.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,589,212 | ---- | M] () - F:\Autos 104.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,262,856 | ---- | M] () - F:\Autos 121.jpg -- [ FAT32 ]
O33 - MountPoints2\{51bd73ce-207a-11e0-883a-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{761aa595-6e0d-11df-bbd6-001f16b23fc3}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{c16b11c1-ee2b-11df-be1e-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^pmkurierdienst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.6454398216686165.exe.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: D658DB78 - hkey= - key= -  File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: GloboFleet - hkey= - key= - C:\Program Files\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe (Buyond GmbH)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 12:32:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
[2012.05.23 12:24:01 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\Malwarebytes
[2012.05.23 00:53:42 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\Programm Files Sicherung
[2012.05.23 00:48:22 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\OutlookSicherung
[2012.05.23 00:39:18 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\Desktop\Desktop Sicherung
[2012.05.23 00:30:21 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
[2012.05.23 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.23 00:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.21 19:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.21 19:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.21 17:48:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.21 17:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.05.21 17:14:01 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Local\Temp
[2012.05.21 15:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.21 15:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.21 15:08:59 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.21 15:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.20 19:43:39 | 000,000,000 | ---D | C] -- C:\Users\pmkurierdienst\AppData\Roaming\Franncflmy
[2012.04.26 08:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 08:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 12:32:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\pmkurierdienst\Desktop\OTL.exe
[2012.05.23 12:31:10 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.23 12:31:10 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.23 12:31:10 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.23 12:31:10 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.23 12:11:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 12:11:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 12:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 12:11:08 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.23 01:27:02 | 000,000,117 | ---- | M] () -- C:\Windows\System32\decoder_del.bat
[2012.05.23 00:30:09 | 000,001,686 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\ShadowExplorer.lnk
[2012.05.22 23:47:33 | 000,006,656 | ---- | M] () -- C:\Users\pmkurierdienst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.22 23:13:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.22 23:13:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.22 19:30:39 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.21 14:49:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.21 14:49:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.21 07:13:25 | 000,340,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh320
[2012.05.02 15:47:28 | 000,019,458 | ---- | M] () -- C:\DecryptHelper-0.5.3.jar
[2012.04.28 13:25:15 | 000,014,970 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\JOtpjoGeqOQflEygUplrG
[2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh325
[2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh324
[2012.04.26 08:05:17 | 000,067,072 | ---- | M] () -- C:\Users\pmkurierdienst\Desktop\nuNsqvVGsyOXDoNsf
 
========== Files Created - No Company Name ==========
 
[2012.05.23 01:26:56 | 000,000,117 | ---- | C] () -- C:\Windows\System32\decoder_del.bat
[2012.05.23 00:30:09 | 000,001,686 | ---- | C] () -- C:\Users\pmkurierdienst\Desktop\ShadowExplorer.lnk
[2012.05.22 23:55:26 | 3146,604,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.21 14:49:15 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.21 14:49:15 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh325
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh324
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh323
[2012.05.20 19:44:34 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh322
[2012.05.20 19:44:33 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh321
[2012.05.20 19:44:33 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh320
[2012.05.02 15:47:28 | 000,019,458 | ---- | C] () -- C:\DecryptHelper-0.5.3.jar
[2012.02.27 15:49:17 | 000,000,215 | ---- | C] () -- C:\Windows\HBCIKRNL.ini
[2012.02.27 15:49:05 | 000,000,281 | ---- | C] () -- C:\Windows\{BABE1E59-F3A3-4B2B-80B1-41928543A042}_WiseFW.ini
[2012.02.27 15:47:19 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.08 08:18:25 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
 
========== LOP Check ==========
 
[2009.09.06 09:20:01 | 000,000,000 | -HSD | M] -- C:\Users\pmkurierdienst\AppData\Roaming\.#
[2012.05.20 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Acer GameZone Console
[2012.02.26 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Canon
[2011.06.14 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\elsterformular
[2009.09.06 09:14:22 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\eSobi
[2012.05.22 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Franncflmy
[2012.05.20 20:11:14 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Image Zone Express
[2010.05.07 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Printer Info Cache
[2009.09.06 09:17:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Template
[2012.05.23 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
[2012.05.23 01:36:53 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.09.06 09:20:01 | 000,000,000 | -HSD | M] -- C:\Users\pmkurierdienst\AppData\Roaming\.#
[2012.05.20 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Acer GameZone Console
[2009.09.06 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Adobe
[2012.04.01 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Apple Computer
[2012.03.27 15:03:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Avira
[2012.02.26 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Canon
[2011.06.14 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\elsterformular
[2009.09.06 09:14:22 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\eSobi
[2012.05.22 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Franncflmy
[2009.09.06 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Google
[2010.04.19 22:09:40 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\HP
[2009.09.06 09:02:09 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Identities
[2012.05.20 20:11:14 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Image Zone Express
[2009.09.06 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Macromedia
[2012.05.23 12:24:01 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Media Center Programs
[2012.05.23 00:22:47 | 000,000,000 | --SD | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Microsoft
[2009.09.06 12:12:58 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Mozilla
[2010.05.07 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Printer Info Cache
[2009.09.06 09:17:05 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\Template
[2012.05.23 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
[2012.02.26 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\pmkurierdienst\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.12 18:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\X64\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\X86\IaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 23.05.2012 13:06:30 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\pmkurierdienst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,63% Memory free
6,08 Gb Paging File | 4,90 Gb Available in Paging File | 80,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 121,73 Gb Free Space | 54,56% Space Free | Partition Type: NTFS
Drive F: | 37,24 Gb Total Space | 19,69 Gb Free Space | 52,87% Space Free | Partition Type: FAT32
 
Computer Name: PMUNTERNEHMEN | User Name: pmkurierdienst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3486583838-2670660624-3414567642-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F638FA2-8680-4F22-8C5A-28A155F04CA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1022633B-A7EC-4E05-B1F1-39655B0591CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{124789A3-1134-409D-93A8-8AB979B52067}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20EAC8B9-786A-4255-87D6-CB12AC731622}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{223F99ED-81E5-4CFB-9133-BA837A2626FA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{34D75B43-0928-40CD-B65C-43F87E76E1FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{48F96FB1-E6F6-4784-8CB9-5C0BBD77C0A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C6D076C-D735-4493-878E-20CC771C76D2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5D06E7F5-C454-4209-9A49-0AA60B2636B3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{614CB27F-DEA7-4EE2-8469-C7A768D745E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9DD69EEC-7589-470F-A7E3-8AC836DE904D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AB7BD5A8-6592-45CC-8218-317C91029FC4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE4C8F30-3CAA-46C1-A99A-6A339B654AF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B375604E-06A2-454D-BA6D-165167C1A0BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3F27BEB-C2DC-4775-968F-798503960BE7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C6681832-4FF3-4236-B212-277C1C2DF333}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6BF5B16-3006-4F6D-9CA3-8943AB93EDC8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DC6526BD-E4E3-4DAF-9743-C434CE9DFF58}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FCC15690-5023-445F-A5F8-09BF8810E888}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{FF0D2E58-2B15-4BB2-8AFF-7F004BFFABEC}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D7BFB-E42B-4E8A-9C02-944C625941BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1B8EEF89-A395-4F2C-AF44-C097CC7B770E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3FDECAC4-A40E-40A9-A2A8-5432BB4B6EEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{45C6AFFA-B6A5-4D2B-AF36-581C4CD8602C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{50E7BFF4-4B87-419D-A63F-3942E13C63C5}" = protocol=17 | dir=in | app=c:\program files\cherry\smartdevice\ctcymconfig.exe | 
"{5D32539D-8DC8-479F-B76F-3CCE3274B50A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{62CEE012-5A58-48E9-8223-808F85CEAB73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7138B98C-7B51-4E6E-B19A-D9E29AF4F311}" = dir=in | app=d:\setup\hpznui01.exe | 
"{79A95A19-950B-4832-81BB-5D816500EDF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95B4F0D1-E281-42AD-A3E0-AF5B9E04A0A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9745BC55-A783-4112-9951-472B150DE27A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{9DDDB5E2-E62E-4D60-9C30-397F637D184F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9F185C2D-8224-494A-A302-3F85E56619A4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{AD77C3A4-7BBB-4103-9495-A0B5DDE21AEA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B11454CB-A462-44BC-9D0E-1CBFE158940B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C98AAC51-771A-4645-9E7B-2EA7B69CE821}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DFB9AFB5-9B6E-4F34-A13B-E7483DD94759}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F69536D6-328E-465E-9AFD-A59716D69B15}" = protocol=6 | dir=in | app=c:\program files\cherry\smartdevice\ctcymconfig.exe | 
"{FA0E207D-FF6E-46EE-A07B-0F569E4872B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{155CCA6C-F0D9-4406-B005-BD535C1B1378}" = Lis i Niedźwiedź
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464BE34B-44A8-4C44-AA14-C3482B2CFB2A}" = GloboFleet CC Plus
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{BABE1E59-F3A3-4B2B-80B1-41928543A042}" = Cherry SmartCard Package V3.0 Build 8
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"DPP" = Canon Utilities Digital Photo Professional 3.10
"ElsterFormular 12.2.1.6570k" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ShadowExplorer_is1" = ShadowExplorer 0.8
"Shop for HP Supplies" = Shop for HP Supplies
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2012 21:38:59 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16660470
 
Error - 09.05.2012 21:38:59 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16660470
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16676070
 
Error - 09.05.2012 21:39:15 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16676070
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16691670
 
Error - 09.05.2012 21:39:30 | Computer Name = pmunternehmen | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16691670
 
Error - 09.05.2012 21:42:55 | Computer Name = pmunternehmen | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2012 22:18:56 | Computer Name = pmunternehmen | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 07.09.2009 08:30:21 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 26.02.2012 05:05:03 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.04.2012 09:11:54 | Computer Name = pmunternehmen | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 25.12.2010 17:36:12 | Computer Name = pmunternehmen | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 103 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22.05.2012 17:53:50 | Computer Name = pmunternehmen | Source = DCOM | ID = 10005
Description = 
 
Error - 22.05.2012 17:53:55 | Computer Name = pmunternehmen | Source = DCOM | ID = 10005
Description = 
 
Error - 22.05.2012 17:54:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 22.05.2012 17:54:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 22.05.2012 17:55:40 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 22.05.2012 17:55:40 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 22.05.2012 17:57:09 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.05.2012 06:11:28 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 23.05.2012 06:11:28 | Computer Name = pmunternehmen | Source = SCardSvr | ID = 602
Description = 
 
Error - 23.05.2012 06:12:13 | Computer Name = pmunternehmen | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
__________________
Alt 23.05.2012, 13:13   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Zitat:
Computer Name: PMUNTERNEHMEN | User Name: pmkurierdienst
Hm, das seh ich ja jetzt erst

Firmenrechner? Werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2012, 13:52   #20
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Das ist ein Privatrechner und kein Firmenrechner.

Der Rechner gehört einen Kleinunternehmer (Paketdienstausfahrer) womit er seine Abrechnung macht. Also das hier ist kein kommerzieller Einsatz

Würde mich freuen, wenn ihr mir helfen könnt. Da ich nun gesehen habe, dass die Externe Platte (die als Sicherung dient) auch z.T. verschlüsselt ist.

Gruß


Alt 23.05.2012, 14:07   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Ok, der Name war aber Anlass genug um nachzuhaken

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\SearchScopes\{3533B82A-2791-48C7-8EDE-2B60B29D6E42}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=40942976-CC80-45BB-80CD-321C20CC6733&apn_sauid=88619F72-1300-4237-8DA3-D1ED4B00BA8B
O3 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.03.31 21:01:14 | 000,000,000 | ---D | M] - F:\Autos 2010 - Kopie -- [ FAT32 ]
O32 - AutoRun File - [2006.12.31 14:41:26 | 000,000,000 | ---D | M] - F:\Autos -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,338,401 | ---- | M] () - F:\Autos 001.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,816,096 | ---- | M] () - F:\Autos 002.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,529,091 | ---- | M] () - F:\Autos 003.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,265,245 | ---- | M] () - F:\Autos 004.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,153,861 | ---- | M] () - F:\Autos 005.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,872,301 | ---- | M] () - F:\Autos 006.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,426,093 | ---- | M] () - F:\Autos 007.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,528,343 | ---- | M] () - F:\Autos 008.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,765,474 | ---- | M] () - F:\Autos 009.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,393,754 | ---- | M] () - F:\Autos 010.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,102,407 | ---- | M] () - F:\Autos 015.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,236,070 | ---- | M] () - F:\Autos 019.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,110,779 | ---- | M] () - F:\Autos 027.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,812,011 | ---- | M] () - F:\Autos 028.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,041,549 | ---- | M] () - F:\Autos 029.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,293,491 | ---- | M] () - F:\Autos 030.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 004,784,916 | ---- | M] () - F:\Autos 031.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,580,293 | ---- | M] () - F:\Autos 032.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,257,244 | ---- | M] () - F:\Autos 033.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,554,716 | ---- | M] () - F:\Autos 034.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 005,536,782 | ---- | M] () - F:\Autos 035.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,912,909 | ---- | M] () - F:\Autos 036.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:48 | 003,991,196 | ---- | M] () - F:\Autos 037.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,974,732 | ---- | M] () - F:\Autos 038.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,459,807 | ---- | M] () - F:\Autos 039.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,467,279 | ---- | M] () - F:\Autos 040.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,595,802 | ---- | M] () - F:\Autos 041.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,959,535 | ---- | M] () - F:\Autos 042.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,197,122 | ---- | M] () - F:\Autos 043.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,312,908 | ---- | M] () - F:\Autos 044.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,655,612 | ---- | M] () - F:\Autos 045.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,943,304 | ---- | M] () - F:\Autos 046.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,978,881 | ---- | M] () - F:\Autos 047.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,158,723 | ---- | M] () - F:\Autos 048.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,306,676 | ---- | M] () - F:\Autos 049.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,633,373 | ---- | M] () - F:\Autos 050.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,598,885 | ---- | M] () - F:\Autos 051.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,065,205 | ---- | M] () - F:\Autos 052.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,032,962 | ---- | M] () - F:\Autos 053.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,376,078 | ---- | M] () - F:\Autos 054.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 003,601,549 | ---- | M] () - F:\Autos 055.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 005,844,928 | ---- | M] () - F:\Autos 056.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 006,158,680 | ---- | M] () - F:\Autos 057.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:50 | 004,074,457 | ---- | M] () - F:\Autos 058.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,321,030 | ---- | M] () - F:\Autos 059.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,502,032 | ---- | M] () - F:\Autos 060.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,104,518 | ---- | M] () - F:\Autos 061.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,526,218 | ---- | M] () - F:\Autos 062.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,201,013 | ---- | M] () - F:\Autos 063.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,386,035 | ---- | M] () - F:\Autos 064.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,518,926 | ---- | M] () - F:\Autos 065.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,060,839 | ---- | M] () - F:\Autos 066.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,210,577 | ---- | M] () - F:\Autos 067.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,842,028 | ---- | M] () - F:\Autos 068.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,683,485 | ---- | M] () - F:\Autos 069.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,312,641 | ---- | M] () - F:\Autos 070.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,806,967 | ---- | M] () - F:\Autos 071.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,292,781 | ---- | M] () - F:\Autos 072.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,022,935 | ---- | M] () - F:\Autos 073.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,479,740 | ---- | M] () - F:\Autos 074.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,049,654 | ---- | M] () - F:\Autos 082.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,061,500 | ---- | M] () - F:\Autos 084.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,619,585 | ---- | M] () - F:\Autos 085.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,221,920 | ---- | M] () - F:\Autos 086.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 005,404,357 | ---- | M] () - F:\Autos 087.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,034,512 | ---- | M] () - F:\Autos 088.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,250,627 | ---- | M] () - F:\Autos 089.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 004,380,564 | ---- | M] () - F:\Autos 090.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 001,663,311 | ---- | M] () - F:\Autos 091.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:52 | 006,456,267 | ---- | M] () - F:\Autos 093.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,332,705 | ---- | M] () - F:\Autos 094.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,440,099 | ---- | M] () - F:\Autos 095.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,391,526 | ---- | M] () - F:\Autos 096.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,646,437 | ---- | M] () - F:\Autos 097.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 005,601,406 | ---- | M] () - F:\Autos 098.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,585,547 | ---- | M] () - F:\Autos 100.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,337,785 | ---- | M] () - F:\Autos 102.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,876,233 | ---- | M] () - F:\Autos 103.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,589,212 | ---- | M] () - F:\Autos 104.jpg -- [ FAT32 ]
O32 - AutoRun File - [2012.05.20 20:01:54 | 004,262,856 | ---- | M] () - F:\Autos 121.jpg -- [ FAT32 ]
O33 - MountPoints2\{51bd73ce-207a-11e0-883a-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{761aa595-6e0d-11df-bbd6-001f16b23fc3}\Shell\AutoRun\command - "" = E:\Launcher.exe
O33 - MountPoints2\{c16b11c1-ee2b-11df-be1e-001f16b23fc3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
:Files
C:\Windows\System32\winsh32?
C:\Windows\System32\decoder_del.bat
C:\Users\pmkurierdienst\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Verschlüsselungstrojaner? 100€ Bezahlt Trojaner

Alt 23.05.2012, 14:26   #22
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Danke erstmal, dass es nun weiter geht.

Also hier der Log: (öffnete sich nach dem Neustart):

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3533B82A-2791-48C7-8EDE-2B60B29D6E42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3533B82A-2791-48C7-8EDE-2B60B29D6E42}\ not found.
Registry value HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3486583838-2670660624-3414567642-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File  not found.
F:\Autos 001.jpg moved successfully.
F:\Autos 002.jpg moved successfully.
F:\Autos 003.jpg moved successfully.
F:\Autos 004.jpg moved successfully.
F:\Autos 005.jpg moved successfully.
F:\Autos 006.jpg moved successfully.
F:\Autos 007.jpg moved successfully.
F:\Autos 008.jpg moved successfully.
F:\Autos 009.jpg moved successfully.
F:\Autos 010.jpg moved successfully.
F:\Autos 015.jpg moved successfully.
F:\Autos 019.jpg moved successfully.
F:\Autos 027.jpg moved successfully.
F:\Autos 028.jpg moved successfully.
F:\Autos 029.jpg moved successfully.
F:\Autos 030.jpg moved successfully.
F:\Autos 031.jpg moved successfully.
F:\Autos 032.jpg moved successfully.
F:\Autos 033.jpg moved successfully.
F:\Autos 034.jpg moved successfully.
F:\Autos 035.jpg moved successfully.
F:\Autos 036.jpg moved successfully.
F:\Autos 037.jpg moved successfully.
F:\Autos 038.jpg moved successfully.
F:\Autos 039.jpg moved successfully.
F:\Autos 040.jpg moved successfully.
F:\Autos 041.jpg moved successfully.
F:\Autos 042.jpg moved successfully.
F:\Autos 043.jpg moved successfully.
F:\Autos 044.jpg moved successfully.
F:\Autos 045.jpg moved successfully.
F:\Autos 046.jpg moved successfully.
F:\Autos 047.jpg moved successfully.
F:\Autos 048.jpg moved successfully.
F:\Autos 049.jpg moved successfully.
F:\Autos 050.jpg moved successfully.
F:\Autos 051.jpg moved successfully.
F:\Autos 052.jpg moved successfully.
F:\Autos 053.jpg moved successfully.
F:\Autos 054.jpg moved successfully.
F:\Autos 055.jpg moved successfully.
F:\Autos 056.jpg moved successfully.
F:\Autos 057.jpg moved successfully.
F:\Autos 058.jpg moved successfully.
F:\Autos 059.jpg moved successfully.
F:\Autos 060.jpg moved successfully.
F:\Autos 061.jpg moved successfully.
F:\Autos 062.jpg moved successfully.
F:\Autos 063.jpg moved successfully.
F:\Autos 064.jpg moved successfully.
F:\Autos 065.jpg moved successfully.
F:\Autos 066.jpg moved successfully.
F:\Autos 067.jpg moved successfully.
F:\Autos 068.jpg moved successfully.
F:\Autos 069.jpg moved successfully.
F:\Autos 070.jpg moved successfully.
F:\Autos 071.jpg moved successfully.
F:\Autos 072.jpg moved successfully.
F:\Autos 073.jpg moved successfully.
F:\Autos 074.jpg moved successfully.
F:\Autos 082.jpg moved successfully.
F:\Autos 084.jpg moved successfully.
F:\Autos 085.jpg moved successfully.
F:\Autos 086.jpg moved successfully.
F:\Autos 087.jpg moved successfully.
F:\Autos 088.jpg moved successfully.
F:\Autos 089.jpg moved successfully.
F:\Autos 090.jpg moved successfully.
F:\Autos 091.jpg moved successfully.
F:\Autos 093.jpg moved successfully.
F:\Autos 094.jpg moved successfully.
F:\Autos 095.jpg moved successfully.
F:\Autos 096.jpg moved successfully.
F:\Autos 097.jpg moved successfully.
F:\Autos 098.jpg moved successfully.
F:\Autos 100.jpg moved successfully.
F:\Autos 102.jpg moved successfully.
F:\Autos 103.jpg moved successfully.
F:\Autos 104.jpg moved successfully.
F:\Autos 121.jpg moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51bd73ce-207a-11e0-883a-001f16b23fc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51bd73ce-207a-11e0-883a-001f16b23fc3}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{761aa595-6e0d-11df-bbd6-001f16b23fc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761aa595-6e0d-11df-bbd6-001f16b23fc3}\ not found.
File E:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16b11c1-ee2b-11df-be1e-001f16b23fc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c16b11c1-ee2b-11df-be1e-001f16b23fc3}\ not found.
File F:\InstallTomTomHOME.exe not found.
========== FILES ==========
C:\Windows\System32\winsh320 moved successfully.
C:\Windows\System32\winsh321 moved successfully.
C:\Windows\System32\winsh322 moved successfully.
C:\Windows\System32\winsh323 moved successfully.
C:\Windows\System32\winsh324 moved successfully.
C:\Windows\System32\winsh325 moved successfully.
C:\Windows\System32\decoder_del.bat moved successfully.
C:\Users\pmkurierdienst\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Neuer Benutzer
->Temp folder emptied: 409313 bytes
->Temporary Internet Files folder emptied: 70364 bytes
->Flash cache emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 238912 bytes
->Temporary Internet Files folder emptied: 131024 bytes
->FireFox cache emptied: 18222742 bytes
->Flash cache emptied: 509 bytes
 
User: pmkurierdienst
->Temp folder emptied: 3338942 bytes
->Temporary Internet Files folder emptied: 106982974 bytes
->Java cache emptied: 1609937 bytes
->FireFox cache emptied: 116252632 bytes
->Flash cache emptied: 55100 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1256149 bytes
RecycleBin emptied: 5701607 bytes
 
Total Files Cleaned = 243,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Neuer Benutzer
->Flash cache emptied: 0 bytes
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: pmkurierdienst
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05232012_151521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Was ist denn nun noch zu tun? Wie bekomm ich nun die Daten entschlüsselt...? Die Jahresendabrechnung steht an :-(

Alt 23.05.2012, 14:54   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2012, 15:21   #24
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Code:
ATTFilter
16:16:02.0342 2772	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
16:16:02.0441 2772	============================================================
16:16:02.0441 2772	Current date / time: 2012/05/23 16:16:02.0441
16:16:02.0441 2772	SystemInfo:
16:16:02.0441 2772	
16:16:02.0441 2772	OS Version: 6.0.6002 ServicePack: 2.0
16:16:02.0441 2772	Product type: Workstation
16:16:02.0441 2772	ComputerName: PMUNTERNEHMEN
16:16:02.0441 2772	UserName: pmkurierdienst
16:16:02.0442 2772	Windows directory: C:\Windows
16:16:02.0442 2772	System windows directory: C:\Windows
16:16:02.0442 2772	Processor architecture: Intel x86
16:16:02.0442 2772	Number of processors: 2
16:16:02.0442 2772	Page size: 0x1000
16:16:02.0442 2772	Boot type: Normal boot
16:16:02.0442 2772	============================================================
16:16:03.0607 2772	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:16:03.0672 2772	Drive \Device\Harddisk1\DR1 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:16:04.0083 2772	============================================================
16:16:04.0083 2772	\Device\Harddisk0\DR0:
16:16:04.0107 2772	MBR partitions:
16:16:04.0107 2772	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1BE3C800
16:16:04.0108 2772	\Device\Harddisk1\DR1:
16:16:04.0108 2772	MBR partitions:
16:16:04.0108 2772	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A81400
16:16:04.0108 2772	============================================================
16:16:04.0201 2772	C: <-> \Device\Harddisk0\DR0\Partition0
16:16:04.0202 2772	F: <-> \Device\Harddisk1\DR1\Partition0
16:16:04.0202 2772	============================================================
16:16:04.0202 2772	Initialize success
16:16:04.0202 2772	============================================================
16:17:09.0955 2760	============================================================
16:17:09.0955 2760	Scan started
16:17:09.0955 2760	Mode: Manual; SigCheck; TDLFS; 
16:17:09.0955 2760	============================================================
16:17:11.0290 2760	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:17:11.0450 2760	ACPI - ok
16:17:11.0762 2760	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:17:11.0802 2760	adp94xx - ok
16:17:11.0930 2760	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:17:11.0961 2760	adpahci - ok
16:17:12.0083 2760	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:17:12.0126 2760	adpu160m - ok
16:17:12.0144 2760	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:17:12.0190 2760	adpu320 - ok
16:17:12.0221 2760	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:17:12.0347 2760	AeLookupSvc - ok
16:17:12.0407 2760	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:17:12.0575 2760	AFD - ok
16:17:12.0637 2760	AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
16:17:12.0696 2760	AgereModemAudio - ok
16:17:13.0051 2760	AgereSoftModem  (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
16:17:13.0207 2760	AgereSoftModem - ok
16:17:13.0329 2760	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:17:13.0377 2760	agp440 - ok
16:17:13.0456 2760	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:17:13.0487 2760	aic78xx - ok
16:17:13.0531 2760	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:17:13.0722 2760	ALG - ok
16:17:13.0769 2760	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:17:13.0798 2760	aliide - ok
16:17:13.0844 2760	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:17:13.0868 2760	amdagp - ok
16:17:13.0901 2760	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:17:13.0931 2760	amdide - ok
16:17:14.0002 2760	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:17:14.0091 2760	AmdK7 - ok
16:17:14.0246 2760	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:17:14.0366 2760	AmdK8 - ok
16:17:14.0799 2760	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:17:14.0821 2760	AntiVirSchedulerService - ok
16:17:14.0898 2760	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:17:14.0916 2760	AntiVirService - ok
16:17:15.0062 2760	ApfiltrService  (91b05bbb609c79d73e2332b6e5f99aea) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:17:15.0137 2760	ApfiltrService - ok
16:17:15.0188 2760	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:17:15.0241 2760	Appinfo - ok
16:17:15.0578 2760	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:17:15.0598 2760	Apple Mobile Device - ok
16:17:15.0670 2760	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:17:15.0705 2760	arc - ok
16:17:15.0786 2760	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:17:15.0820 2760	arcsas - ok
16:17:15.0883 2760	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:17:16.0049 2760	AsyncMac - ok
16:17:16.0143 2760	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:17:16.0162 2760	atapi - ok
16:17:16.0271 2760	athr            (d6ed40129c5f70a7485185bab27b8330) C:\Windows\system32\DRIVERS\athr.sys
16:17:16.0445 2760	athr - ok
16:17:16.0610 2760	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:17:16.0640 2760	AudioEndpointBuilder - ok
16:17:16.0649 2760	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:17:16.0679 2760	Audiosrv - ok
16:17:16.0930 2760	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
16:17:16.0960 2760	avgntflt - ok
16:17:17.0052 2760	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
16:17:17.0102 2760	avipbb - ok
16:17:17.0123 2760	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:17:17.0146 2760	avkmgr - ok
16:17:17.0210 2760	b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:17:17.0294 2760	b57nd60x - ok
16:17:17.0339 2760	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:17:17.0386 2760	Beep - ok
16:17:17.0551 2760	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:17:17.0626 2760	BFE - ok
16:17:17.0757 2760	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:17:17.0844 2760	BITS - ok
16:17:17.0913 2760	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:17:17.0981 2760	blbdrive - ok
16:17:18.0291 2760	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:17:18.0350 2760	Bonjour Service - ok
16:17:18.0443 2760	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:17:18.0530 2760	bowser - ok
16:17:18.0582 2760	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:17:18.0640 2760	BrFiltLo - ok
16:17:18.0668 2760	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:17:18.0744 2760	BrFiltUp - ok
16:17:18.0779 2760	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:17:18.0833 2760	Browser - ok
16:17:18.0957 2760	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:17:19.0227 2760	Brserid - ok
16:17:19.0288 2760	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:17:19.0352 2760	BrSerWdm - ok
16:17:19.0365 2760	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:17:19.0440 2760	BrUsbMdm - ok
16:17:19.0462 2760	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:17:19.0521 2760	BrUsbSer - ok
16:17:19.0603 2760	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:17:19.0666 2760	BTHMODEM - ok
16:17:19.0688 2760	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:17:19.0741 2760	cdfs - ok
16:17:19.0788 2760	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:17:19.0864 2760	cdrom - ok
16:17:19.0939 2760	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:17:20.0045 2760	CertPropSvc - ok
16:17:20.0317 2760	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:17:20.0385 2760	circlass - ok
16:17:20.0478 2760	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:17:20.0533 2760	CLFS - ok
16:17:20.0769 2760	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:17:20.0833 2760	clr_optimization_v2.0.50727_32 - ok
16:17:21.0112 2760	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:17:21.0124 2760	clr_optimization_v4.0.30319_32 - ok
16:17:21.0163 2760	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:17:21.0208 2760	CmBatt - ok
16:17:21.0239 2760	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:17:21.0259 2760	cmdide - ok
16:17:21.0271 2760	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:17:21.0290 2760	Compbatt - ok
16:17:21.0294 2760	COMSysApp - ok
16:17:21.0344 2760	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:17:21.0386 2760	crcdisk - ok
16:17:21.0394 2760	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:17:21.0447 2760	Crusoe - ok
16:17:21.0608 2760	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:17:21.0630 2760	CryptSvc - ok
16:17:21.0730 2760	cxbu0wdm        (0a33faf49af96d5b220d86ac784d0869) C:\Windows\system32\DRIVERS\cxbu0wdm.sys
16:17:21.0774 2760	cxbu0wdm - ok
16:17:22.0057 2760	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:17:22.0106 2760	DcomLaunch - ok
16:17:22.0161 2760	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:17:22.0224 2760	DfsC - ok
16:17:22.0363 2760	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:17:22.0547 2760	DFSR - ok
16:17:22.0896 2760	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:17:22.0952 2760	Dhcp - ok
16:17:23.0212 2760	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:17:23.0247 2760	disk - ok
16:17:23.0355 2760	DKbFltr         (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
16:17:23.0376 2760	DKbFltr - ok
16:17:23.0491 2760	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:17:23.0559 2760	Dnscache - ok
16:17:23.0644 2760	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:17:23.0706 2760	dot3svc - ok
16:17:23.0744 2760	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:17:23.0804 2760	DPS - ok
16:17:23.0832 2760	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:17:23.0907 2760	drmkaud - ok
16:17:24.0036 2760	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:17:24.0068 2760	DXGKrnl - ok
16:17:24.0161 2760	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:17:24.0225 2760	E1G60 - ok
16:17:24.0277 2760	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:17:24.0327 2760	EapHost - ok
16:17:24.0406 2760	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:17:24.0462 2760	Ecache - ok
16:17:24.0600 2760	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:17:24.0667 2760	ehRecvr - ok
16:17:24.0687 2760	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:17:24.0748 2760	ehSched - ok
16:17:24.0781 2760	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:17:24.0817 2760	ehstart - ok
16:17:24.0929 2760	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:17:24.0982 2760	elxstor - ok
16:17:25.0192 2760	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:17:25.0332 2760	EMDMgmt - ok
16:17:25.0374 2760	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:17:25.0439 2760	ErrDev - ok
16:17:25.0567 2760	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:17:25.0612 2760	EventSystem - ok
16:17:25.0682 2760	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:17:25.0777 2760	exfat - ok
16:17:25.0865 2760	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:17:25.0923 2760	fastfat - ok
16:17:26.0101 2760	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:17:26.0150 2760	fdc - ok
16:17:26.0187 2760	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:17:26.0213 2760	fdPHost - ok
16:17:26.0252 2760	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:17:26.0333 2760	FDResPub - ok
16:17:26.0390 2760	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:17:26.0410 2760	FileInfo - ok
16:17:26.0426 2760	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:17:26.0468 2760	Filetrace - ok
16:17:26.0497 2760	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:17:26.0573 2760	flpydisk - ok
16:17:26.0999 2760	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:17:27.0107 2760	FltMgr - ok
16:17:27.0423 2760	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:17:27.0482 2760	FontCache - ok
16:17:27.0585 2760	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:17:27.0600 2760	FontCache3.0.0.0 - ok
16:17:27.0678 2760	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:17:27.0775 2760	Fs_Rec - ok
16:17:27.0826 2760	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:17:27.0893 2760	gagp30kx - ok
16:17:27.0983 2760	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:17:28.0005 2760	GEARAspiWDM - ok
16:17:28.0263 2760	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:17:28.0371 2760	gpsvc - ok
16:17:28.0503 2760	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:17:28.0618 2760	HdAudAddService - ok
16:17:28.0754 2760	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:17:28.0843 2760	HDAudBus - ok
16:17:28.0903 2760	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:17:28.0982 2760	HidBth - ok
16:17:29.0110 2760	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:17:29.0187 2760	HidIr - ok
16:17:29.0245 2760	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:17:29.0297 2760	hidserv - ok
16:17:29.0375 2760	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:17:29.0426 2760	HidUsb - ok
16:17:29.0550 2760	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:17:29.0643 2760	hkmsvc - ok
16:17:29.0746 2760	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:17:29.0777 2760	HpCISSs - ok
16:17:30.0343 2760	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:17:30.0369 2760	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:17:30.0369 2760	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:17:30.0427 2760	hpqddsvc        (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:17:30.0451 2760	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:17:30.0451 2760	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:17:30.0622 2760	HPSLPSVC        (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:17:30.0674 2760	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
16:17:30.0674 2760	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
16:17:30.0817 2760	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:17:30.0956 2760	HTTP - ok
16:17:31.0058 2760	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:17:31.0073 2760	i2omp - ok
16:17:31.0167 2760	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:17:31.0270 2760	i8042prt - ok
16:17:31.0346 2760	iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
16:17:31.0401 2760	iaStor - ok
16:17:31.0527 2760	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:17:31.0549 2760	iaStorV - ok
16:17:32.0349 2760	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:17:32.0486 2760	idsvc - ok
16:17:34.0047 2760	igfx            (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:17:35.0441 2760	igfx - ok
16:17:36.0174 2760	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:17:36.0194 2760	iirsp - ok
16:17:36.0278 2760	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:17:36.0378 2760	IKEEXT - ok
16:17:36.0546 2760	IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys
16:17:36.0635 2760	IntcAzAudAddService - ok
16:17:37.0246 2760	IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
16:17:37.0279 2760	IntcHdmiAddService - ok
16:17:37.0320 2760	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:17:37.0344 2760	intelide - ok
16:17:37.0420 2760	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:17:37.0485 2760	intelppm - ok
16:17:37.0553 2760	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:17:37.0612 2760	IPBusEnum - ok
16:17:37.0648 2760	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:17:37.0699 2760	IpFilterDriver - ok
16:17:37.0835 2760	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:17:37.0918 2760	iphlpsvc - ok
16:17:37.0924 2760	IpInIp - ok
16:17:37.0985 2760	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:17:38.0027 2760	IPMIDRV - ok
16:17:38.0042 2760	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:17:38.0085 2760	IPNAT - ok
16:17:38.0331 2760	iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:17:38.0369 2760	iPod Service - ok
16:17:38.0406 2760	irda            (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
16:17:38.0467 2760	irda - ok
16:17:38.0526 2760	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:17:38.0568 2760	IRENUM - ok
16:17:38.0600 2760	Irmon           (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
16:17:38.0680 2760	Irmon - ok
16:17:38.0706 2760	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:17:38.0722 2760	isapnp - ok
16:17:38.0821 2760	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:17:38.0842 2760	iScsiPrt - ok
16:17:38.0882 2760	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:17:38.0898 2760	iteatapi - ok
16:17:38.0956 2760	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:17:38.0972 2760	iteraid - ok
16:17:39.0063 2760	k57nd60x        (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
16:17:39.0135 2760	k57nd60x - ok
16:17:39.0229 2760	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:17:39.0245 2760	kbdclass - ok
16:17:39.0302 2760	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
16:17:39.0333 2760	kbdhid - ok
16:17:39.0397 2760	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:17:39.0453 2760	KeyIso - ok
16:17:39.0481 2760	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:17:39.0517 2760	KSecDD - ok
16:17:39.0747 2760	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:17:39.0807 2760	KtmRm - ok
16:17:39.0868 2760	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:17:39.0981 2760	LanmanServer - ok
16:17:40.0028 2760	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:17:40.0098 2760	LanmanWorkstation - ok
16:17:40.0174 2760	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:17:40.0216 2760	lltdio - ok
16:17:40.0508 2760	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:17:40.0586 2760	lltdsvc - ok
16:17:40.0626 2760	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:17:40.0702 2760	lmhosts - ok
16:17:40.0805 2760	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:17:40.0824 2760	LSI_FC - ok
16:17:40.0880 2760	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:17:40.0898 2760	LSI_SAS - ok
16:17:40.0954 2760	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:17:40.0974 2760	LSI_SCSI - ok
16:17:41.0049 2760	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:17:41.0107 2760	luafv - ok
16:17:41.0269 2760	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:17:41.0285 2760	MBAMProtector - ok
16:17:41.0541 2760	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:17:41.0608 2760	MBAMService - ok
16:17:41.0687 2760	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:17:41.0732 2760	Mcx2Svc - ok
16:17:41.0838 2760	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:17:41.0879 2760	megasas - ok
16:17:42.0239 2760	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:17:42.0309 2760	MegaSR - ok
16:17:42.0476 2760	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:17:42.0517 2760	MMCSS - ok
16:17:42.0563 2760	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:17:42.0602 2760	Modem - ok
16:17:42.0860 2760	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:17:42.0923 2760	monitor - ok
16:17:42.0981 2760	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:17:42.0994 2760	mouclass - ok
16:17:43.0062 2760	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:17:43.0110 2760	mouhid - ok
16:17:43.0347 2760	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:17:43.0362 2760	MountMgr - ok
16:17:43.0588 2760	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:17:43.0610 2760	MozillaMaintenance - ok
16:17:43.0877 2760	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:17:43.0891 2760	mpio - ok
16:17:44.0002 2760	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:17:44.0030 2760	mpsdrv - ok
16:17:44.0190 2760	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:17:44.0246 2760	MpsSvc - ok
16:17:44.0318 2760	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:17:44.0330 2760	Mraid35x - ok
16:17:44.0474 2760	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:17:44.0499 2760	MRxDAV - ok
16:17:44.0597 2760	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:17:44.0631 2760	mrxsmb - ok
16:17:44.0917 2760	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:17:44.0969 2760	mrxsmb10 - ok
16:17:45.0001 2760	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:17:45.0032 2760	mrxsmb20 - ok
16:17:45.0125 2760	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:17:45.0141 2760	msahci - ok
16:17:45.0202 2760	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:17:45.0217 2760	msdsm - ok
16:17:45.0380 2760	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:17:45.0419 2760	MSDTC - ok
16:17:45.0597 2760	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:17:45.0658 2760	Msfs - ok
16:17:45.0941 2760	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:17:46.0053 2760	msisadrv - ok
16:17:46.0251 2760	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:17:46.0307 2760	MSiSCSI - ok
16:17:46.0342 2760	msiserver - ok
16:17:46.0363 2760	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:17:46.0420 2760	MSKSSRV - ok
16:17:46.0501 2760	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:17:46.0526 2760	MSPCLOCK - ok
16:17:46.0568 2760	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:17:46.0622 2760	MSPQM - ok
16:17:46.0704 2760	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:17:46.0721 2760	MsRPC - ok
16:17:46.0822 2760	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:17:46.0835 2760	mssmbios - ok
16:17:46.0868 2760	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:17:46.0911 2760	MSTEE - ok
16:17:47.0017 2760	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:17:47.0031 2760	Mup - ok
16:17:47.0241 2760	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:17:47.0307 2760	napagent - ok
16:17:47.0602 2760	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:17:47.0624 2760	NativeWifiP - ok
16:17:47.0710 2760	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:17:47.0760 2760	NDIS - ok
16:17:47.0815 2760	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:17:47.0877 2760	NdisTapi - ok
16:17:47.0938 2760	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:17:47.0991 2760	Ndisuio - ok
16:17:48.0076 2760	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:17:48.0114 2760	NdisWan - ok
16:17:48.0183 2760	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:17:48.0217 2760	NDProxy - ok
16:17:48.0305 2760	Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
16:17:48.0342 2760	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:17:48.0342 2760	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:17:48.0405 2760	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:17:48.0474 2760	NetBIOS - ok
16:17:48.0554 2760	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:17:48.0619 2760	netbt - ok
16:17:48.0863 2760	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:17:48.0885 2760	Netlogon - ok
16:17:49.0118 2760	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:17:49.0239 2760	Netman - ok
16:17:49.0372 2760	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:17:49.0431 2760	netprofm - ok
16:17:51.0372 2760	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:17:51.0646 2760	NetTcpPortSharing - ok
16:17:51.0767 2760	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:17:51.0850 2760	nfrd960 - ok
16:17:52.0014 2760	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:17:52.0058 2760	NlaSvc - ok
16:17:52.0110 2760	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:17:52.0136 2760	Npfs - ok
16:17:52.0421 2760	NSCIRDA         (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
16:17:52.0573 2760	NSCIRDA - ok
16:17:53.0162 2760	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:17:53.0247 2760	nsi - ok
16:17:53.0340 2760	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:17:53.0382 2760	nsiproxy - ok
16:17:54.0834 2760	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:17:55.0731 2760	Ntfs - ok
16:17:55.0806 2760	NTIDrvr         (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
16:17:55.0821 2760	NTIDrvr - ok
16:17:55.0901 2760	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:17:55.0995 2760	ntrigdigi - ok
16:17:56.0071 2760	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:17:56.0125 2760	Null - ok
16:17:56.0247 2760	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:17:56.0296 2760	nvraid - ok
16:17:56.0409 2760	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:17:56.0430 2760	nvstor - ok
16:17:56.0586 2760	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:17:56.0652 2760	nv_agp - ok
16:17:56.0661 2760	NwlnkFlt - ok
16:17:56.0669 2760	NwlnkFwd - ok
16:17:57.0482 2760	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:17:57.0515 2760	odserv - ok
16:17:57.0962 2760	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
16:17:58.0004 2760	ohci1394 - ok
16:17:58.0066 2760	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:17:58.0081 2760	ose - ok
16:17:58.0336 2760	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:17:58.0453 2760	p2pimsvc - ok
16:17:58.0465 2760	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:17:58.0506 2760	p2psvc - ok
16:17:58.0587 2760	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:17:58.0643 2760	Parport - ok
16:17:58.0707 2760	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
16:17:58.0726 2760	partmgr - ok
16:17:58.0773 2760	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:17:58.0882 2760	Parvdm - ok
16:17:59.0002 2760	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:17:59.0071 2760	PcaSvc - ok
16:17:59.0205 2760	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:17:59.0232 2760	pci - ok
16:17:59.0271 2760	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:17:59.0313 2760	pciide - ok
16:17:59.0505 2760	pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
16:17:59.0531 2760	pcmcia - ok
16:17:59.0645 2760	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:17:59.0755 2760	PEAUTH - ok
16:18:00.0164 2760	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:18:00.0482 2760	pla - ok
16:18:01.0103 2760	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:18:01.0143 2760	PlugPlay - ok
16:18:01.0249 2760	Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
16:18:01.0308 2760	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:18:01.0308 2760	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:18:01.0665 2760	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:18:01.0705 2760	PNRPAutoReg - ok
16:18:01.0723 2760	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:18:01.0819 2760	PNRPsvc - ok
16:18:02.0057 2760	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:18:02.0175 2760	PolicyAgent - ok
16:18:02.0567 2760	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:18:02.0688 2760	PptpMiniport - ok
16:18:02.0800 2760	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:18:02.0842 2760	Processor - ok
16:18:02.0907 2760	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:18:02.0948 2760	ProfSvc - ok
16:18:03.0030 2760	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:18:03.0053 2760	ProtectedStorage - ok
16:18:03.0104 2760	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:18:03.0179 2760	PSched - ok
16:18:03.0399 2760	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:18:03.0453 2760	ql2300 - ok
16:18:03.0494 2760	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:18:03.0511 2760	ql40xx - ok
16:18:03.0657 2760	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:18:03.0724 2760	QWAVE - ok
16:18:03.0861 2760	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:18:03.0942 2760	QWAVEdrv - ok
16:18:03.0962 2760	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:18:04.0047 2760	RasAcd - ok
16:18:04.0077 2760	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:18:04.0136 2760	RasAuto - ok
16:18:04.0247 2760	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:18:04.0359 2760	Rasl2tp - ok
16:18:04.0799 2760	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:18:04.0838 2760	RasMan - ok
16:18:04.0888 2760	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:18:04.0945 2760	RasPppoe - ok
16:18:05.0344 2760	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:18:05.0377 2760	RasSstp - ok
16:18:05.0796 2760	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:18:05.0880 2760	rdbss - ok
16:18:05.0929 2760	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:18:06.0021 2760	RDPCDD - ok
16:18:06.0300 2760	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:18:06.0357 2760	rdpdr - ok
16:18:06.0394 2760	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:18:06.0453 2760	RDPENCDD - ok
16:18:07.0748 2760	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:18:07.0877 2760	RDPWD - ok
16:18:07.0932 2760	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:18:07.0965 2760	RemoteAccess - ok
16:18:08.0193 2760	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:18:08.0266 2760	RemoteRegistry - ok
16:18:08.0284 2760	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:18:08.0314 2760	RpcLocator - ok
16:18:08.0703 2760	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:18:08.0744 2760	RpcSs - ok
16:18:08.0784 2760	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:18:08.0841 2760	rspndr - ok
16:18:09.0009 2760	RTSTOR          (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
16:18:09.0118 2760	RTSTOR - ok
16:18:09.0236 2760	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:18:09.0259 2760	SamSs - ok
16:18:09.0346 2760	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:18:09.0368 2760	sbp2port - ok
16:18:09.0539 2760	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:18:09.0575 2760	SCardSvr - ok
16:18:10.0781 2760	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:18:10.0995 2760	Schedule - ok
16:18:11.0133 2760	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:18:11.0165 2760	SCPolicySvc - ok
16:18:11.0431 2760	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:18:11.0589 2760	sdbus - ok
16:18:11.0816 2760	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:18:11.0915 2760	SDRSVC - ok
16:18:12.0052 2760	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:18:12.0148 2760	secdrv - ok
16:18:12.0332 2760	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:18:12.0376 2760	seclogon - ok
16:18:12.0417 2760	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:18:12.0461 2760	SENS - ok
16:18:12.0522 2760	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:18:12.0628 2760	Serenum - ok
16:18:13.0473 2760	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:18:13.0648 2760	Serial - ok
16:18:13.0773 2760	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:18:13.0814 2760	sermouse - ok
16:18:14.0289 2760	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:18:14.0333 2760	SessionEnv - ok
16:18:14.0504 2760	sesvc           (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files\ShadowExplorer\sesvc.exe
16:18:14.0527 2760	sesvc ( UnsignedFile.Multi.Generic ) - warning
16:18:14.0528 2760	sesvc - detected UnsignedFile.Multi.Generic (1)
16:18:14.0554 2760	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:18:14.0587 2760	sffdisk - ok
16:18:14.0623 2760	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:18:14.0674 2760	sffp_mmc - ok
16:18:14.0686 2760	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:18:14.0761 2760	sffp_sd - ok
16:18:14.0858 2760	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:18:14.0950 2760	sfloppy - ok
16:18:15.0464 2760	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:18:15.0641 2760	SharedAccess - ok
16:18:15.0906 2760	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:18:16.0038 2760	ShellHWDetection - ok
16:18:16.0056 2760	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:18:16.0077 2760	sisagp - ok
16:18:16.0122 2760	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:18:16.0143 2760	SiSRaid2 - ok
16:18:16.0155 2760	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:18:16.0177 2760	SiSRaid4 - ok
16:18:19.0971 2760	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:18:20.0342 2760	slsvc - ok
16:18:21.0197 2760	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:18:21.0226 2760	SLUINotify - ok
16:18:21.0498 2760	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:18:21.0533 2760	Smb - ok
16:18:21.0604 2760	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:18:21.0629 2760	SNMPTRAP - ok
16:18:21.0668 2760	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:18:21.0688 2760	spldr - ok
16:18:21.0849 2760	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:18:21.0931 2760	Spooler - ok
16:18:22.0201 2760	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:18:22.0330 2760	srv - ok
16:18:22.0385 2760	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:18:22.0409 2760	srv2 - ok
16:18:22.0508 2760	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:18:22.0576 2760	srvnet - ok
16:18:22.0685 2760	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:18:22.0721 2760	SSDPSRV - ok
16:18:22.0904 2760	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:18:22.0917 2760	ssmdrv - ok
16:18:22.0986 2760	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:18:23.0007 2760	SstpSvc - ok
16:18:23.0076 2760	StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
16:18:23.0176 2760	StillCam - ok
16:18:23.0357 2760	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:18:23.0463 2760	stisvc - ok
16:18:23.0494 2760	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:18:23.0514 2760	swenum - ok
16:18:23.0600 2760	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:18:23.0661 2760	swprv - ok
16:18:23.0690 2760	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:18:23.0704 2760	Symc8xx - ok
16:18:23.0895 2760	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:18:23.0932 2760	Sym_hi - ok
16:18:24.0003 2760	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:18:24.0038 2760	Sym_u3 - ok
16:18:24.0211 2760	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:18:24.0292 2760	SysMain - ok
16:18:24.0355 2760	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:18:24.0407 2760	TabletInputService - ok
16:18:24.0551 2760	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:18:24.0607 2760	TapiSrv - ok
16:18:24.0873 2760	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:18:24.0938 2760	TBS - ok
16:18:25.0114 2760	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
16:18:25.0168 2760	Tcpip - ok
16:18:25.0185 2760	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
16:18:25.0265 2760	Tcpip6 - ok
16:18:25.0350 2760	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:18:25.0396 2760	tcpipreg - ok
16:18:25.0482 2760	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:18:25.0524 2760	TDPIPE - ok
16:18:25.0577 2760	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:18:25.0640 2760	TDTCP - ok
16:18:25.0740 2760	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:18:25.0818 2760	tdx - ok
16:18:25.0980 2760	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:18:26.0002 2760	TermDD - ok
16:18:26.0138 2760	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:18:26.0260 2760	TermService - ok
16:18:26.0401 2760	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:18:26.0429 2760	Themes - ok
16:18:26.0497 2760	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:18:26.0539 2760	THREADORDER - ok
16:18:26.0593 2760	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:18:26.0638 2760	TrkWks - ok
16:18:26.0850 2760	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:18:26.0939 2760	TrustedInstaller - ok
16:18:27.0145 2760	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:18:27.0200 2760	tssecsrv - ok
16:18:27.0238 2760	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:18:27.0266 2760	tunmp - ok
16:18:27.0416 2760	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:18:27.0439 2760	tunnel - ok
16:18:27.0527 2760	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:18:27.0549 2760	uagp35 - ok
16:18:27.0735 2760	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:18:27.0774 2760	udfs - ok
16:18:27.0857 2760	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:18:27.0913 2760	UI0Detect - ok
16:18:27.0958 2760	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:18:27.0981 2760	uliagpkx - ok
16:18:28.0037 2760	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:18:28.0119 2760	uliahci - ok
16:18:28.0182 2760	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:18:28.0204 2760	UlSata - ok
16:18:28.0223 2760	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:18:28.0247 2760	ulsata2 - ok
16:18:28.0362 2760	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:18:28.0426 2760	umbus - ok
16:18:28.0495 2760	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:18:28.0570 2760	upnphost - ok
16:18:28.0640 2760	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:18:28.0699 2760	USBAAPL - ok
16:18:28.0739 2760	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:18:28.0775 2760	usbccgp - ok
16:18:28.0810 2760	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:18:28.0884 2760	usbcir - ok
16:18:28.0974 2760	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:18:29.0031 2760	usbehci - ok
16:18:29.0144 2760	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:18:29.0180 2760	usbhub - ok
16:18:29.0216 2760	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:18:29.0304 2760	usbohci - ok
16:18:29.0342 2760	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:18:29.0398 2760	usbprint - ok
16:18:29.0447 2760	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:18:29.0507 2760	USBSTOR - ok
16:18:29.0577 2760	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:18:29.0633 2760	usbuhci - ok
16:18:29.0758 2760	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:18:29.0879 2760	usbvideo - ok
16:18:29.0978 2760	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:18:30.0015 2760	UxSms - ok
16:18:30.0155 2760	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:18:30.0357 2760	vds - ok
16:18:30.0446 2760	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:18:30.0557 2760	vga - ok
16:18:30.0576 2760	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:18:30.0630 2760	VgaSave - ok
16:18:30.0676 2760	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:18:30.0693 2760	viaagp - ok
16:18:30.0750 2760	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:18:30.0806 2760	ViaC7 - ok
16:18:30.0891 2760	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:18:30.0907 2760	viaide - ok
16:18:30.0964 2760	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:18:30.0986 2760	volmgr - ok
16:18:31.0112 2760	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:18:31.0141 2760	volmgrx - ok
16:18:31.0219 2760	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:18:31.0245 2760	volsnap - ok
16:18:31.0658 2760	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:18:31.0682 2760	vsmraid - ok
16:18:32.0058 2760	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:18:32.0144 2760	VSS - ok
16:18:32.0236 2760	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:18:32.0268 2760	W32Time - ok
16:18:32.0386 2760	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:18:32.0444 2760	WacomPen - ok
16:18:32.0481 2760	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:32.0514 2760	Wanarp - ok
16:18:32.0521 2760	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:18:32.0542 2760	Wanarpv6 - ok
16:18:32.0691 2760	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:18:32.0751 2760	wcncsvc - ok
16:18:32.0942 2760	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:18:32.0998 2760	WcsPlugInService - ok
16:18:33.0053 2760	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:18:33.0071 2760	Wd - ok
16:18:33.0181 2760	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:18:33.0242 2760	Wdf01000 - ok
16:18:33.0343 2760	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:18:33.0440 2760	WdiServiceHost - ok
16:18:33.0446 2760	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:18:33.0498 2760	WdiSystemHost - ok
16:18:33.0654 2760	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:18:33.0718 2760	WebClient - ok
16:18:33.0795 2760	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:18:33.0846 2760	Wecsvc - ok
16:18:33.0886 2760	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:18:33.0980 2760	wercplsupport - ok
16:18:34.0132 2760	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:18:34.0171 2760	WerSvc - ok
16:18:34.0514 2760	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:18:34.0542 2760	WinDefend - ok
16:18:34.0550 2760	WinHttpAutoProxySvc - ok
16:18:34.0813 2760	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:18:34.0840 2760	Winmgmt - ok
16:18:35.0200 2760	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:18:35.0426 2760	WinRM - ok
16:18:35.0648 2760	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:18:35.0835 2760	Wlansvc - ok
16:18:36.0058 2760	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:18:36.0122 2760	WmiAcpi - ok
16:18:36.0319 2760	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:18:36.0354 2760	wmiApSrv - ok
16:18:36.0734 2760	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:18:36.0878 2760	WMPNetworkSvc - ok
16:18:37.0000 2760	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:18:37.0092 2760	WPCSvc - ok
16:18:37.0188 2760	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:18:37.0265 2760	WPDBusEnum - ok
16:18:37.0462 2760	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:18:37.0485 2760	WpdUsb - ok
16:18:37.0957 2760	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:18:37.0996 2760	WPFFontCache_v0400 - ok
16:18:38.0059 2760	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:18:38.0157 2760	ws2ifsl - ok
16:18:38.0255 2760	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
16:18:38.0301 2760	wscsvc - ok
16:18:38.0309 2760	WSearch - ok
16:18:38.0722 2760	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:18:38.0847 2760	wuauserv - ok
16:18:39.0450 2760	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:18:39.0484 2760	WUDFRd - ok
16:18:39.0514 2760	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:18:39.0549 2760	wudfsvc - ok
16:18:39.0581 2760	MBR (0x1B8)     (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
16:18:40.0281 2760	\Device\Harddisk0\DR0 - ok
16:18:40.0692 2760	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:18:40.0858 2760	\Device\Harddisk1\DR1 - ok
16:18:40.0892 2760	Boot (0x1200)   (e3797586ce7e7a61605c992d252714d9) \Device\Harddisk0\DR0\Partition0
16:18:40.0901 2760	\Device\Harddisk0\DR0\Partition0 - ok
16:18:40.0907 2760	Boot (0x1200)   (d61d45fbef80d00e08014d0346b8daa1) \Device\Harddisk1\DR1\Partition0
16:18:40.0909 2760	\Device\Harddisk1\DR1\Partition0 - ok
16:18:40.0911 2760	============================================================
16:18:40.0911 2760	Scan finished
16:18:40.0911 2760	============================================================
16:18:40.0938 1356	Detected object count: 6
16:18:40.0938 1356	Actual detected object count: 6
16:21:05.0598 1356	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0598 1356	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:05.0599 1356	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0599 1356	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:05.0602 1356	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0603 1356	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:05.0605 1356	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0605 1356	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:05.0610 1356	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0611 1356	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:05.0611 1356	sesvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:05.0612 1356	sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Wie bekomme ich denn nun die Daten entschlüsselt? oder fehlt mir noch ein Schritt?

Alt 23.05.2012, 19:56   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2012, 20:54   #26
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Code:
ATTFilter
ComboFix 12-05-23.05 - pmkurierdienst 23.05.2012  21:34:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3000.1916 [GMT 2:00]
ausgeführt von:: c:\users\pmkurierdienst\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-23 bis 2012-05-23  ))))))))))))))))))))))))))))))
.
.
2012-05-23 19:43 . 2012-05-23 19:44	--------	d-----w-	c:\users\pmkurierdienst\AppData\Local\temp
2012-05-23 19:43 . 2012-05-23 19:43	--------	d-----w-	c:\users\Peter\AppData\Local\temp
2012-05-23 19:43 . 2012-05-23 19:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-23 13:15 . 2012-05-23 13:15	--------	d-----w-	C:\_OTL
2012-05-23 10:24 . 2012-05-23 10:24	--------	d-----w-	c:\users\pmkurierdienst\AppData\Roaming\Malwarebytes
2012-05-22 22:30 . 2012-05-22 22:30	--------	d-----w-	c:\users\pmkurierdienst\AppData\Roaming\www.shadowexplorer.com
2012-05-22 22:30 . 2012-05-22 22:30	--------	d-----w-	c:\program files\ShadowExplorer
2012-05-22 21:21 . 2012-05-08 16:40	6737808	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{509996D0-394C-4470-9046-9FCA32A0872A}\mpengine.dll
2012-05-22 17:16 . 2012-05-22 17:16	--------	d-----w-	c:\users\Neuer Benutzer
2012-05-21 17:36 . 2012-05-21 17:36	--------	d-----w-	c:\program files\CCleaner
2012-05-21 15:48 . 2012-05-21 15:48	--------	d--h--w-	c:\programdata\Common Files
2012-05-21 15:47 . 2012-05-21 15:48	--------	d-----w-	c:\programdata\MFAData
2012-05-21 13:09 . 2012-05-21 13:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-21 13:08 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-21 13:08 . 2012-05-21 13:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-20 17:43 . 2012-05-22 14:10	--------	d-----w-	c:\users\pmkurierdienst\AppData\Roaming\Franncflmy
2012-05-09 19:39 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-09 19:39 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-09 19:39 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-04-30 16:41 . 2012-04-30 16:41	--------	d-----w-	c:\users\Peter\AppData\Local\Mozilla
2012-04-30 16:40 . 2012-04-30 16:40	--------	d-----w-	c:\users\Peter\AppData\Roaming\Apple Computer
2012-04-26 06:50 . 2012-04-26 06:50	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-26 06:50 . 2012-04-26 06:50	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 06:50 . 2012-04-26 06:50	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 21:13 . 2012-03-27 11:41	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-22 21:13 . 2009-09-06 13:53	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-29 15:11 . 2012-04-12 01:19	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 01:19	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 01:19	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 01:19	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 01:24	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 01:24	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 01:24	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 01:24	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-26 06:50 . 2011-10-04 08:12	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-22 348624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^pmkurierdienst^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.6454398216686165.exe.lnk]
path=c:\users\pmkurierdienst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.6454398216686165.exe.lnk
backup=c:\windows\pss\0.6454398216686165.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-04-09 15:43	1557160	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-02-24 05:12	204800	----a-w-	c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GloboFleet]
2011-12-08 16:18	236608	----a-w-	c:\program files\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 17:26	171032	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 17:26	137752	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-06-25 01:47	1069576	----a-w-	c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3486583838-2670660624-3414567642-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\pmkurierdienst\AppData\Roaming\Mozilla\Firefox\Profiles\agv5b8fz.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
MSConfigStartUp-D658DB78 - c:\users\pmkurierdienst\AppData\Roaming\Franncflmy\3365B716D658DB781CCA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-23 21:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-05-23  21:48:24
ComboFix-quarantined-files.txt  2012-05-23 19:48
.
Vor Suchlauf: 10 Verzeichnis(se), 130.015.567.872 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 129.944.457.216 Bytes frei
.
- - End Of File - - B71465BFABB5E807FB3C40A0A7FE5FF3
Kommen wir denn noch zu dem Punkt, wo die Daten entschlüsselt werden?

Alt 23.05.2012, 21:31   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2012, 23:41   #28
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


GMER ging leider nicht, stürzt immer ab:-(

Hier das OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:37:54 on 24.05.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\PMKURI~1\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"pglcykod" (pglcykod) - ? - C:\Users\PMKURI~1\AppData\Local\Temp\pglcykod.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\pmkurierdienst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpf3l082" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l082.dll
"PCL hpz3l054" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l054.dll
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ShadowExplorer Service" (sesvc) - "www.shadowexplorer.com" - C:\Program Files\ShadowExplorer\sesvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ScCertProp" - ? - wlnotify.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
und hier das aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-24 00:38:49
-----------------------------
00:38:49.173    OS Version: Windows 6.0.6002 Service Pack 2
00:38:49.173    Number of processors: 2 586 0x170A
00:38:49.173    ComputerName: PMUNTERNEHMEN  UserName: 
00:38:50.531    Initialize success
00:39:03.112    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:39:03.128    Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
00:39:03.143    Disk 0 MBR read successfully
00:39:03.143    Disk 0 MBR scan
00:39:03.159    Disk 0 unknown MBR code
00:39:03.159    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
00:39:03.190    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       228473 MB offset 20482048
00:39:03.206    Disk 0 scanning sectors +488394752
00:39:03.284    Disk 0 scanning C:\Windows\system32\drivers
00:39:13.720    Service scanning
00:39:37.465    Modules scanning
00:39:47.871    Disk 0 trace - called modules:
00:39:47.902    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
00:39:47.917    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d9230]
00:39:47.917    3 CLASSPNP.SYS[8a9a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858c8028]
00:39:47.933    Scan finished successfully
00:39:57.028    Disk 0 MBR has been saved successfully to "C:\Users\pmkurierdienst\Desktop\MBR.dat"
00:39:57.043    The log file has been saved successfully to "C:\Users\pmkurierdienst\Desktop\aswMBR.txt"
wie gehe ich denn nun weiter vor? Kommen noch weitere Prüfungen?

Ich brauche heute ihrgentwie ne lösung für die verschlüsselten Daten :-(

Alt 24.05.2012, 20:41   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.05.2012, 00:09   #30
termi3
 
Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Standard

Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


So sorry für die späte Rückmeldung!

Ich wollte den PC noch einmal sichern (mit Acronis True Image 2011) da der Lappi ja nun vorerst lief. Jedoch ist dabei die HDD abgeraucht (wohl ein Hitzeproblem).

Naja hatte gottseidank noch eine Sicherung mit dem Trojaner ganz zu beginn gemacht (bevor ich hier gepostet hab).

Naja habe nun neue HDD und alles wieder aufgespielt und nun nochmal alles durchgeführt, was du mit gesagt hast.

so hier nun das letzte log, was du benötigt hast:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 01:04:26
-----------------------------
01:04:26.368    OS Version: Windows 6.0.6002 Service Pack 2
01:04:26.368    Number of processors: 2 586 0x170A
01:04:26.368    ComputerName: PMUNTERNEHMEN  UserName: 
01:04:56.634    Initialize success
01:05:00.823    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:05:00.823    Disk 0 Vendor: ST250LM0 2AR1 Size: 238475MB BusType: 3
01:05:00.839    Disk 0 MBR read successfully
01:05:00.839    Disk 0 MBR scan
01:05:00.854    Disk 0 Windows VISTA default MBR code
01:05:00.854    Disk 0 Partition 1 00     27 Hidden NTFS WinRE MSDOS5.0    10000 MB offset 2048
01:05:00.870    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       228473 MB offset 20482048
01:05:00.885    Disk 0 scanning sectors +488394752
01:05:01.073    Disk 0 scanning C:\Windows\system32\drivers
01:05:15.393    Service scanning
01:05:30.806    Modules scanning
01:05:56.889    Disk 0 trace - called modules:
01:05:56.921    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll dxgkrnl.sys igdkmd32.sys 
01:05:56.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a86ac8]
01:05:56.921    3 CLASSPNP.SYS[8a99f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858ac028]
01:05:56.936    Scan finished successfully
01:06:19.322    Disk 0 MBR has been saved successfully to "C:\Users\pmkurierdienst\Desktop\MBR.dat"
01:06:19.338    The log file has been saved successfully to "C:\Users\pmkurierdienst\Desktop\aswMBR.txt"

Antwort
Seite 2 von 3 1 2 3

Themen zu Verschlüsselungstrojaner? 100€ Bezahlt Trojaner
abgesicherte, abgesicherten, abgesicherten modus, anhang, antivir, bezahl, immernoch, inter, interne, internet, kein internet, laptop, laufe, laufen, live, live cd, lösen, malewarebytes, modus, problem, schei, screen, temp, verschlüsselungs, verschlüsselungstrojaner, viren


« Lizenz-Trojaner auf dem PC | AVG Rescue CD findet Java/Exploit.AOQ »


Ähnliche Themen: Verschlüsselungstrojaner? 100€ Bezahlt Trojaner


  1. Computerdaten wurden übernommen und ein strafantrag wurde gestellt, wenn keine busse bezahlt wird.
    Plagegeister aller Art und deren Bekämpfung - 17.01.2014 (1)
  2. Fedpol trojaner bekommen und bezahlt..
    Plagegeister aller Art und deren Bekämpfung - 06.10.2013 (1)
  3. peterhahn.de Spam: Ihre Ware #18183 Jacob&Co Pix28 wurde erfolgreich bezahlt.
    Diskussionsforum - 17.09.2013 (0)
  4. Computer ist angeblich gesperrt und wird erst wieder entsperrt, wenn man Geld bezahlt.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (6)
  5. GVU Trojaner bezahlt
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  6. Verschlüsselungstrojaner eingefangen (Gema 50 Euro Trojaner, Whitescreen nach Anmeldung)
    Log-Analyse und Auswertung - 20.10.2012 (10)
  7. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 30.07.2012 (1)
  8. Verschlüsselungstrojaner 256 bit AES
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (14)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (3)
  10. Verschlüsselungstrojaner!
    Log-Analyse und Auswertung - 16.06.2012 (3)
  11. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  12. Verschlüsselungstrojaner - trojaner weg, daten lassen sich nicht mehr entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  13. Verschlüsselungstrojaner PC XP SP3 das erste mal von einem Trojaner befallen
    Mülltonne - 02.06.2012 (0)
  14. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 03.05.2012 (8)
  15. 50euro trojaner / win7 / bezahlt
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (13)
  16. "Security Protection" bezahlt ...
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  17. bericht nach malware defense löschung/mit kreditkarte bezahlt...
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungstrojaner? 100€ Bezahlt Trojaner - Zitat: Jedoch ist mein WICHTIGSTES Anliegen, die Daten zu entschlüsseln, da ich die Abrechnungsdaten von ELSTER etc wieder brauche. Um die Entschlüsselung macht man sich Gedanken wenn das System von - Verschlüsselungstrojaner? 100€ Bezahlt Trojaner...
Archiv
Du betrachtest: Verschlüsselungstrojaner? 100€ Bezahlt Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132