Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.07.2012, 15:33   #1
dsiegrist
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



Hallo zusammen

Ich habe mir einen Trojaner auf meinem Windows 7 Notebook unter meinem Domain-Benutzernamen mit Admin-Rechten eingefangen.

Den Scan habe ich lokal mit dem Localadmin für alle Benutzer durchgeführt.

Das Anti-Malware von Malwarebytes hat nichts gefunden.

OTL hat folgende Log-Datei OTL.txt generiert:

Code:
ATTFilter
OTL logfile created on: 7/13/2012 4:09:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\localadmin.PC-826\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.99% Memory free
7.95 Gb Paging File | 5.02 Gb Available in Paging File | 63.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.61 Gb Total Space | 229.80 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive E: | 15.86 Gb Total Space | 2.38 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
 
Computer Name: PC-826 | User Name: localadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\localadmin.PC-826\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\lqrffjyj.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\danielsiegrist\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll ()
MOD - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe File not found
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZarafaUpdaterService.exe) -- C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe ()
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (hpCMSrv) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (WMCoreService) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMIRfsClientNP) -- C:\windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Teefer3) -- C:\Windows\SysNative\drivers\Teefer3.sys (Symantec Corporation)
DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (h36wgps) -- C:\Windows\SysNative\drivers\h36wgps64.sys (Ericsson AB)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) HP  Mobile Broadband Module Device Management Driver (WDM) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120708.024\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120708.024\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\SearchScopes,DefaultScope = {14349EFE-1BC9-4879-80A5-B6E4D6AEE987}
IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\SearchScopes\{14349EFE-1BC9-4879-80A5-B6E4D6AEE987}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=1E533EBD-34E5-43AD-8E33-216E06CC405B&apn_sauid=6AF77691-F544-477C-B23F-BA131808F7E3
IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bielertagblatt.ch
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bielertagblatt.ch
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\SearchScopes\{EA5802FC-F121-45C3-9383-86F1AAB12BCD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1E533EBD-34E5-43AD-8E33-216E06CC405B&apn_sauid=6AF77691-F544-477C-B23F-BA131808F7E3
IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 11:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/16 14:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/16 14:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/13 10:31:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/13 10:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/13 10:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/13 10:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/13 10:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/13 10:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/13 10:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/07/13 15:37:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Zarafa auto-updater launcher] C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaLaunchUpdater.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [lqrffjyjqizgofb] C:\ProgramData\lqrffjyj.exe ()
O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\danielsiegrist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RecycleBinSize = 10
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: abo-iis ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Domains: abo-iis ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.1.84 172.20.1.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgag.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A84D4C2-2593-4FCE-BFC1-8327D6259BE4}: NameServer = 138.188.101.186 138.188.101.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982CBCAD-DF38-4D83-B5E3-C56B46C7DBDE}: DhcpNameServer = 172.20.1.84 172.20.1.86
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/13 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Malwarebytes
[2012/07/13 15:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 15:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 15:14:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/13 15:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/13 15:03:46 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Macromedia
[2012/07/13 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Adobe
[2012/07/13 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Hewlett-Packard_Developme
[2012/07/13 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\WMCore
[2012/07/13 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\ATI
[2012/07/13 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\ATI
[2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Synaptics
[2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Roxio
[2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Real
[2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Intel Corporation
[2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\LogMeIn
[2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\hpqLog
[2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Apple Computer
[2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Virtual Machines
[2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Searches
[2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/13 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Identities
[2012/07/13 14:39:14 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Contacts
[2012/07/13 14:39:12 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\VirtualStore
[2012/07/13 14:39:09 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Symantec
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Vorlagen
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Verlauf
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Temporary Internet Files
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Startmenü
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\SendTo
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Recent
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Netzwerkumgebung
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Lokale Einstellungen
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Videos
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Musik
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Eigene Dateien
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Bilder
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Druckumgebung
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Cookies
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Anwendungsdaten
[2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Anwendungsdaten
[2012/07/13 14:38:54 | 000,000,000 | --SD | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Videos
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Saved Games
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Pictures
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Music
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Links
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Favorites
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Downloads
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Documents
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Desktop
[2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/13 14:38:54 | 000,000,000 | -H-D | C] -- C:\Users\localadmin.PC-826\AppData
[2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Temp
[2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Microsoft Help
[2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Microsoft
[2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\ifolor
[2012/07/13 13:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\kdlnnwgrqdsfzbw
[2012/07/09 13:13:06 | 000,138,144 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\SymVPN.dll
[2012/07/09 13:13:06 | 000,138,144 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll
[2012/07/09 13:13:06 | 000,087,456 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\FwsVpn.dll
[2012/07/09 13:13:06 | 000,054,904 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\WPSDRVnt.sys
[2012/07/09 13:13:06 | 000,020,400 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\SnacNp.dll
[2012/07/09 13:13:06 | 000,018,352 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\SnacNp.dll
[2012/07/09 13:13:05 | 000,482,424 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspl64.sys
[2012/07/09 13:13:05 | 000,482,424 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspl64.sys
[2012/07/09 13:13:05 | 000,453,240 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtsp64.sys
[2012/07/09 13:13:05 | 000,453,240 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtsp64.sys
[2012/07/09 13:13:05 | 000,032,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspx64.sys
[2012/07/09 13:13:05 | 000,032,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspx64.sys
[2012/07/06 16:44:47 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/07/06 16:44:47 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/07/06 16:44:47 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/07/06 16:44:36 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/07/06 16:44:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/07/06 16:44:36 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/07/06 16:44:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/07/06 16:44:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/07/06 11:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/06 11:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/06 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/06 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/13 16:05:05 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 16:05:05 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 15:57:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/13 15:57:07 | 4268,081,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 15:37:00 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2012/07/13 15:35:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 15:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/13 13:37:00 | 000,000,051 | ---- | M] () -- C:\ProgramData\nvhecbewiqbkuce
[2012/07/13 13:36:54 | 000,049,152 | ---- | M] () -- C:\ProgramData\lqrffjyj.exe
[2012/07/12 14:35:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 14:35:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 10:17:14 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll
[2012/07/12 10:17:14 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll
[2012/07/12 10:17:14 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll
[2012/07/11 11:30:20 | 000,000,338 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForPC-826$.job
[2012/07/09 13:14:49 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/07/09 13:14:49 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/07/09 13:14:49 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/07/09 13:13:06 | 000,138,144 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\SymVPN.dll
[2012/07/09 13:13:06 | 000,138,144 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll
[2012/07/09 13:13:06 | 000,087,456 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\FwsVpn.dll
[2012/07/09 13:13:06 | 000,054,904 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\WPSDRVnt.sys
[2012/07/09 13:13:06 | 000,020,400 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SnacNp.dll
[2012/07/09 13:13:06 | 000,018,352 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\SnacNp.dll
[2012/07/09 13:13:05 | 000,482,424 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspl64.sys
[2012/07/09 13:13:05 | 000,482,424 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspl64.sys
[2012/07/09 13:13:05 | 000,453,240 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtsp64.sys
[2012/07/09 13:13:05 | 000,453,240 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtsp64.sys
[2012/07/09 13:13:05 | 000,032,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspx64.sys
[2012/07/09 13:13:05 | 000,032,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspx64.sys
[2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspx64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysNative\drivers\srtspx64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspl64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysNative\drivers\srtspl64.cat
[2012/07/09 13:13:05 | 000,007,500 | ---- | M] () -- C:\windows\SysWow64\drivers\srtsp64.cat
[2012/07/09 13:13:05 | 000,007,500 | ---- | M] () -- C:\windows\SysNative\drivers\srtsp64.cat
[2012/07/09 13:13:05 | 000,001,460 | ---- | M] () -- C:\windows\SysWow64\drivers\srtsp64.inf
[2012/07/09 13:13:05 | 000,001,460 | ---- | M] () -- C:\windows\SysNative\drivers\srtsp64.inf
[2012/07/09 13:13:05 | 000,001,451 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspl64.inf
[2012/07/09 13:13:05 | 000,001,451 | ---- | M] () -- C:\windows\SysNative\drivers\srtspl64.inf
[2012/07/09 13:13:05 | 000,001,442 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspx64.inf
[2012/07/09 13:13:05 | 000,001,442 | ---- | M] () -- C:\windows\SysNative\drivers\srtspx64.inf
[2012/07/05 10:19:14 | 000,000,000 | ---- | M] () -- C:\t1eg.2
[2012/07/04 10:00:15 | 000,000,000 | ---- | M] () -- C:\t1fo.2
[2012/07/04 10:00:15 | 000,000,000 | ---- | M] () -- C:\t1fo.1
[2012/07/03 19:17:55 | 000,000,368 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFordanielsiegrist.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/29 08:49:10 | 000,000,000 | ---- | M] () -- C:\t1gg.2
[2012/06/29 08:49:10 | 000,000,000 | ---- | M] () -- C:\t1gg.1
[2012/06/27 11:47:27 | 000,010,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol
 
========== Files Created - No Company Name ==========
 
[2012/07/13 15:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/13 14:39:32 | 000,001,409 | ---- | C] () -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/13 14:39:28 | 000,001,443 | ---- | C] () -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/13 14:38:54 | 000,001,970 | ---- | C] () -- C:\Users\localadmin.PC-826\Desktop\RDS-AMASYS.RDP
[2012/07/13 13:37:00 | 000,049,152 | ---- | C] () -- C:\ProgramData\lqrffjyj.exe
[2012/07/13 13:36:55 | 000,000,051 | ---- | C] () -- C:\ProgramData\nvhecbewiqbkuce
[2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspx64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysNative\drivers\srtspx64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspl64.cat
[2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysNative\drivers\srtspl64.cat
[2012/07/09 13:13:05 | 000,007,500 | ---- | C] () -- C:\windows\SysWow64\drivers\srtsp64.cat
[2012/07/09 13:13:05 | 000,007,500 | ---- | C] () -- C:\windows\SysNative\drivers\srtsp64.cat
[2012/07/09 13:13:05 | 000,001,460 | ---- | C] () -- C:\windows\SysWow64\drivers\srtsp64.inf
[2012/07/09 13:13:05 | 000,001,460 | ---- | C] () -- C:\windows\SysNative\drivers\srtsp64.inf
[2012/07/09 13:13:05 | 000,001,451 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspl64.inf
[2012/07/09 13:13:05 | 000,001,451 | ---- | C] () -- C:\windows\SysNative\drivers\srtspl64.inf
[2012/07/09 13:13:05 | 000,001,442 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspx64.inf
[2012/07/09 13:13:05 | 000,001,442 | ---- | C] () -- C:\windows\SysNative\drivers\srtspx64.inf
[2012/07/05 10:19:14 | 000,000,000 | ---- | C] () -- C:\t1eg.2
[2012/07/04 10:00:15 | 000,000,000 | ---- | C] () -- C:\t1fo.2
[2012/07/04 10:00:15 | 000,000,000 | ---- | C] () -- C:\t1fo.1
[2012/06/29 08:49:10 | 000,000,000 | ---- | C] () -- C:\t1gg.2
[2012/06/29 08:49:10 | 000,000,000 | ---- | C] () -- C:\t1gg.1
[2012/02/29 10:04:56 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2012/01/13 11:46:36 | 000,000,077 | ---- | C] () -- C:\windows\{70272964-C468-4C5F-8246-AA2CABA75941}.ini
[2012/01/13 11:46:36 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\{70272964-C468-4C5F-8246-AA2CABA75941}.ini
[2011/11/11 02:45:44 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll
[2011/11/07 15:43:17 | 000,010,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/24 08:31:52 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys
[2011/09/24 08:11:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/24 08:08:42 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/09/24 08:08:42 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2011/09/24 08:07:48 | 000,030,028 | R--- | C] () -- C:\windows\ConnectionProfiles.dat
[2011/09/23 16:35:09 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011/03/08 19:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys
[2011/03/08 19:01:28 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini
[2011/03/08 18:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys
[2011/03/08 18:27:28 | 001,594,122 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/02/26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/01/22 21:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2010/12/20 17:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/12/07 07:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2010/12/07 07:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
 
========== LOP Check ==========
 
[2012/07/13 15:59:54 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Dropbox
[2011/12/06 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Infineon
[2012/05/07 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\streamWriter
[2011/12/06 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Synaptics
[2011/12/06 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\WMCore
[2012/01/16 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Xerox
[2012/07/13 14:39:40 | 000,000,000 | ---D | M] -- C:\Users\localadmin.PC-826\AppData\Roaming\Synaptics
[2012/07/13 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\localadmin.PC-826\AppData\Roaming\WMCore
[2012/07/13 15:38:25 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\localadmin.PC-826\Desktop\RDS-AMASYS.RDP:AFP_AfpInfo

< End of report >
         
und folgende Log-Datei Extras.txt generiert:

Code:
ATTFilter
OTL Extras logfile created on: 7/13/2012 4:09:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\localadmin.PC-826\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.99% Memory free
7.95 Gb Paging File | 5.02 Gb Available in Paging File | 63.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.61 Gb Total Space | 229.80 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive E: | 15.86 Gb Total Space | 2.38 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
 
Computer Name: PC-826 | User Name: localadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AC495BD-C012-41CF-A61D-439C03EE8870}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{344CD85D-3A54-42D7-A452-5AF296A1E19A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3EA4B3CD-A703-4240-982D-DE254957F48F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FE6EB633-E6D8-4610-8E39-FB8D86DD3966}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B61CE0-8F81-4EB5-A847-C1F8CF8507CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0EC15D83-41AF-42D0-A200-ACBDB0B9A610}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{2DD2B53B-95F8-43BF-8274-7A15558FD243}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3C6BC375-B0A8-493D-AB1C-F4309EE1094C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{44D2BE3A-4331-4A68-9B57-48B4C59AC780}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{45FEC4C0-F104-487F-ADBA-55B15F69FE55}" = protocol=17 | dir=in | app=c:\users\danielsiegrist\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4AABEB7A-4DDE-41D7-A3D2-0D87CF1F698F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{817F2F98-1C53-4149-B841-62964089DE14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{82EE3F28-0329-4C1E-820F-E8CDC6CB54FE}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{874DD43B-D048-4876-AC7A-D0E1FACCBBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{9ABAB997-E880-4B9F-87E6-F33DBC26B989}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{A0FE47A5-358F-4DE3-A8BB-4A0ADBB494A4}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{A28C60E3-66C4-4B3F-A1DB-716A9D837E52}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{CEEAB884-FE54-4FCD-8EE6-5A82E8FB0DBE}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{F26C6E79-F115-4BA4-8495-78C6CA84985D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F2A10B9A-7088-4C14-ACA7-96012574B7D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F8CF4607-6B23-443B-9FB1-BC52011F5F42}" = protocol=6 | dir=in | app=c:\users\danielsiegrist\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F939CF93-2840-4614-B74E-06053FF62D23}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{103729AF-35B8-7567-2739-905128A38CFE}" = ccc-utility64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{4117BB0F-FF94-4373-B5A1-D9799EA9DBEA}" = Symantec Endpoint Protection
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5526B83-25C4-88A8-A984-98F871DA1415}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"GPL Ghostscript 9.04" = GPL Ghostscript
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E8F1F2-6E5B-C5A4-A5FD-B76CCF833F21}" = CCC Help Finnish
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E8DE6AB-5193-A885-A550-7B26858FFF74}" = Catalyst Control Center Localization All
"{11C8CD1B-B0F8-D6F5-3E5D-6103FA7A2740}" = CCC Help English
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1267DA48-A6EA-3202-6C02-0AD5D3AAF360}" = Catalyst Control Center InstallProxy
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{14FDECFD-FBA1-5D0A-16FE-51621197077E}" = CCC Help Norwegian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E8D5440-0CC6-6E2D-7A1A-1B02699C76DE}" = CCC Help Danish
"{2041A685-F8DC-A7C7-2AF4-CE646D1E2161}" = CCC Help Thai
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{225C4860-9D03-49F5-B983-943EB938E0B0}" = HP GPS and Location
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2F36E5A1-A627-3736-D4BC-7962DD22EE0B}" = CCC Help Polish
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{39705143-74BD-1E99-5952-22764AD6DED9}" = ccc-core-static
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C213840-A3A6-FD8C-91E5-AC7566FCB71B}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44C72B93-46FA-6D17-4020-E796E8D9C808}" = CCC Help German
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload 
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5681FF4A-5469-D41F-F990-D1AC1037AB02}" = CCC Help Korean
"{5A6CB42D-AFB6-989E-E7EB-B3FF928C707F}" = Catalyst Control Center Profiles Mobile
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{63240320-9946-4A11-5135-DB66D8113842}" = CCC Help Japanese
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68DDF0E0-42D9-B5C3-AD7A-3E1DCCE8D2E3}" = CCC Help Turkish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70272964-C468-4C5F-8246-AA2CABA75941}" = Roxio Easy Media Creator 9 Suite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F7E4DF2-1795-99AD-CDD7-29F440B61088}" = CCC Help Hungarian
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A79846AB-AE6A-C993-71DF-99FF8E559613}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF6CCCD-2C82-CF3F-58AD-1766D370622F}" = CCC Help French
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0116FFA-6568-B16B-09EF-01E97CEF89E9}" = CCC Help Chinese Standard
"{C501064B-0925-A417-D08B-A96C07D11E01}" = CCC Help Italian
"{CDF2096F-1FBD-C097-15BC-8BC64AF0B6F7}" = CCC Help Spanish
"{CE7AE690-57AF-286B-B022-A808D30F08F2}" = CCC Help Greek
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D9965E8E-496F-F5E4-D8FF-78FB7EBE6ABA}" = CCC Help Swedish
"{DA8B96DE-3FE5-2079-D33B-7152C13AFC73}" = CCC Help Portuguese
"{E132EEDE-AF01-4976-9BC9-E9DE2C94D8C5}" = Zarafa Outlook Client 7.0.2.29470
"{E1625943-425A-6675-6A52-6AE98AC3080F}" = CCC Help Dutch
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E755FF48-9936-FE6B-3910-490DFB39F56D}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F70487C4-B639-5576-6DE1-2D2D790AC51A}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FreePDF_XP" = FreePDF (Remove only)
"ifolor-Designer" = ifolor Designer
"ifolor-OrderClient" = ifolor Bestellsoftware 3.7
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"streamWriter_is1" = streamWriter
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50) 
"Wisdom-soft ScreenHunter 4.2 Pro" = Wisdom-soft ScreenHunter 4.2 Pro
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/1/2012 7:13:02 AM | Computer Name = PC-826.wgag.intra | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.0.7, Zeitstempel:
 0x4f4667f7  Name des fehlerhaften Moduls: hpasset.exe, Version: 3.0.0.7, Zeitstempel:
 0x4f4667f7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003df75  ID des fehlerhaften Prozesses:
 0x1dac  Startzeit der fehlerhaften Anwendung: 0x01cd278b5c287126  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Berichtskennung:
 9d88abb0-937e-11e1-bcc8-028037ec0200
 
Error - 5/1/2012 4:37:00 PM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/2/2012 3:15:03 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/2/2012 11:17:49 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/2/2012 11:18:05 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/2/2012 11:21:26 AM | Computer Name = PC-826.wgag.intra | Source = Application Hang | ID = 1002
Description = Programm EXCEL.EXE, Version 14.0.6112.5000 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 198c    Startzeit:
 01cd287316214e24    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

Berichts-ID:
 66be9daa-946a-11e1-bea7-028037ec0200  
 
Error - 5/2/2012 11:48:39 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/3/2012 4:20:33 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/3/2012 12:23:04 PM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
Error - 5/4/2012 2:41:55 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0    
 
[ Hewlett-Packard Events ]
Error - 7/13/2012 7:44:25 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 7:48:57 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 7:48:57 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:01:40 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:01:40 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization:   TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:11:09 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:11:10 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:36:54 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 8:36:54 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()  Source: mscorlib    Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
Error - 7/13/2012 9:41:12 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     bei System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     bei System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     bei System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     bei System.Activator.CreateInstance(Type type, Boolean nonPublic)

   bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: de-DE  RAM: 4070  Ram
 Utilization: 50  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ HP Connection Manager Events ]
Error - 7/6/2012 6:45:45 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:45.705|00000528|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/6/2012 6:45:55 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:55.716|00000528|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/6/2012 6:45:55 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:55.965|00000528|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/7/2012 9:02:14 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:14.934|00001378|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/7/2012 9:02:24 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:24.938|00001378|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/7/2012 9:02:28 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:28.256|00001378|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/7/2012 7:46:31 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/08 01:46:31.338|000016F8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/7/2012 7:46:31 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/08 01:46:31.665|000016F8|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 7/13/2012 7:46:49 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/13 13:46:49.803|000004D0|Error      |CWWAN::DataClassChanged|Fire_DataClassChanged
 failed [hr:0x800706BA]
 
Error - 7/13/2012 9:05:14 AM | Computer Name = PC-826.wgag.intra | Source = hpMobile | ID = 5
Description = 2012.07.13 15:05:14.081|000016B8|Error      |[HP.Mobile]Sms::.ctor{}|Error
 registering WWAN events: 
 
[ HP Power Assistant Events ]
Error - 3/4/2012 7:44:19 AM | Computer Name = PC-826.wgag.intra | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Level value needs to be an integer between 0 and 100, got 106UpdateBatteryPredictions()
 has bad values.  Check PMCCapabilities.XML and PMCData.XML if in emulation mode
 
[ System Events ]
Error - 7/13/2012 8:42:18 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst HP Power Assistant Service erreicht.
 
Error - 7/13/2012 9:01:55 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 7/13/2012 9:02:13 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 7/13/2012 9:05:11 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 7/13/2012 9:34:56 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec Event Manager" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 200 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 7/13/2012 9:34:56 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec Settings Manager" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 7/13/2012 9:38:28 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 7/13/2012 9:38:31 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 7/13/2012 9:57:23 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 7/13/2012 9:57:26 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
 
< End of report >
         
Wer kann mir helfen und ein Fehlerbehebungs-Script erstellen?

Herzlichen Dank und Gruss

Alt 13.07.2012, 15:40   #2
markusg
/// Malware-holic
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [lqrffjyjqizgofb] C:\ProgramData\lqrffjyj.exe ()
[2012/07/13 13:37:00 | 000,000,051 | ---- | M] () -- C:\ProgramData\nvhecbewiqbkuce
 :Files
C:\ProgramData\lqrffjyj.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 13.07.2012, 16:02   #3
dsiegrist
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



Es hat funktioniert. Herzlichen Dank. nachfolgend noch das Log-File:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\Software\Microsoft\Windows\CurrentVersion\Run\\lqrffjyjqizgofb deleted successfully.
C:\ProgramData\lqrffjyj.exe moved successfully.
C:\ProgramData\nvhecbewiqbkuce moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: carlovalenti
 
User: danielsiegrist
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: localadmin
 
User: localadmin.PC-826
->Flash cache emptied: 492 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: carlovalenti
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: danielsiegrist
->Temp folder emptied: 20307 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: localadmin
 
User: localadmin.PC-826
->Temp folder emptied: 518702 bytes
->Temporary Internet Files folder emptied: 6713147 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13343 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33304 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_164535

Files\Folders moved on Reboot...
C:\Users\danielsiegrist\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\player[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\PShidden[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\119386-trojaner-computer-wurde-gesperrt-ukash-eur-100-a[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\AccountViewMail153924b0[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\ads[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\windows\temp\JETA063.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Users\danielsiegrist\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\localadmin.PC-826\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\player[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\PShidden[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\119386-trojaner-computer-wurde-gesperrt-ukash-eur-100-a[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\AccountViewMail153924b0[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\ads[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\windows\temp\JETA063.tmp not found!

Registry entries deleted on Reboot...
         
Das Movedfiles.zip lade ich dir noch gleich mit dem Uploadchannel hoch.
__________________

Alt 13.07.2012, 16:20   #4
markusg
/// Malware-holic
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.07.2012, 17:41   #5
dsiegrist
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



Ich habe den ComboFix ausgeführt. Nachfolgen das Resultat:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-13.02 - danielsiegrist 13.07.2012  18:03:03.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.4070.1277 [GMT 2:00]
ausgeführt von:: c:\users\danielsiegrist\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
C:\Thumbs.db
c:\windows\SysWow64\charset.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-13 bis 2012-07-13  ))))))))))))))))))))))))))))))
.
.
2012-07-13 16:12 . 2012-07-13 16:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-13 16:12 . 2012-07-13 16:12	--------	d-----w-	c:\users\carlovalenti\AppData\Local\temp
2012-07-13 13:14 . 2012-07-13 13:14	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-13 13:14 . 2012-07-13 13:14	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-13 13:14 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-13 12:38 . 2012-07-13 12:39	--------	d-----w-	c:\users\localadmin.PC-826
2012-07-13 11:36 . 2012-07-13 11:36	--------	d-----w-	c:\programdata\kdlnnwgrqdsfzbw
2012-07-09 11:13 . 2012-07-09 11:13	87456	----a-w-	c:\windows\SysWow64\FwsVpn.dll
2012-07-09 11:13 . 2012-07-09 11:13	54904	----a-w-	c:\windows\system32\drivers\WPSDRVnt.sys
2012-07-09 11:13 . 2012-07-09 11:13	20400	----a-w-	c:\windows\system32\SnacNp.dll
2012-07-09 11:13 . 2012-07-09 11:13	18352	----a-w-	c:\windows\SysWow64\SnacNp.dll
2012-07-09 11:13 . 2012-07-09 11:13	138144	----a-w-	c:\windows\SysWow64\SymVPN.dll
2012-07-09 11:13 . 2012-07-09 11:13	138144	----a-w-	c:\windows\system32\SymVPN.dll
2012-07-09 11:13 . 2012-07-09 11:13	482424	----a-w-	c:\windows\SysWow64\drivers\srtspl64.sys
2012-07-09 11:13 . 2012-07-09 11:13	482424	----a-w-	c:\windows\system32\drivers\srtspl64.sys
2012-07-09 11:13 . 2012-07-09 11:13	453240	----a-w-	c:\windows\SysWow64\drivers\srtsp64.sys
2012-07-09 11:13 . 2012-07-09 11:13	453240	----a-w-	c:\windows\system32\drivers\srtsp64.sys
2012-07-09 11:13 . 2012-07-09 11:13	32376	----a-w-	c:\windows\SysWow64\drivers\srtspx64.sys
2012-07-09 11:13 . 2012-07-09 11:13	32376	----a-w-	c:\windows\system32\drivers\srtspx64.sys
2012-07-06 14:44 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-07-06 14:44 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-07-06 14:44 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-07-06 14:44 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-07-06 14:44 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-07-06 14:44 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-07-06 14:44 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-07-06 14:44 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-07-06 14:44 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-07-06 09:45 . 2012-07-06 09:45	--------	d-----w-	c:\program files\iPod
2012-07-06 09:45 . 2012-07-06 09:46	--------	d-----w-	c:\program files\iTunes
2012-07-06 09:45 . 2012-07-06 09:46	--------	d-----w-	c:\program files (x86)\iTunes
2012-06-15 15:16 . 2012-06-15 15:16	--------	d-----w-	c:\users\danielsiegrist\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:35 . 2012-04-18 06:41	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:35 . 2012-01-10 15:32	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:17 . 2011-11-08 12:39	34720	----a-w-	c:\windows\system32\LMIport.dll
2012-07-12 08:17 . 2011-11-08 12:39	87488	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 08:17 . 2011-11-08 12:39	80800	----a-w-	c:\windows\system32\LMIinit.dll
2012-07-09 11:14 . 2011-11-08 11:59	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-22 07:30 . 2011-11-08 12:39	80768	----a-w-	c:\windows\system32\LMIinit.dll.000.bak
2012-04-26 17:01 . 2012-04-26 17:01	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-04-26 17:01 . 2012-04-26 17:01	2155344	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-20 11:53 . 2012-04-20 11:53	47208	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-16 12:08 . 2012-03-28 10:46	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2011-01-12 514544]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-06 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2011-03-10 93240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Zarafa auto-updater launcher"="c:\program files (x86)\Zarafa\Zarafa Outlook Client\ZarafaLaunchUpdater.exe" [2011-09-26 53440]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2012-07-09 115624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-13 296056]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\danielsiegrist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
"RecycleBinSize"= 10 (0xa)
"NoFavoritesMenu"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-11-08 53880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-06 203776]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-27 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2010-11-27 1907656]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZarafaUpdaterService.exe;Zarafa Updater Service;c:\program files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe [2011-09-26 378560]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-06 9090048]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-06 299520]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-21 316080]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 h36wgps;HP  Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2011-02-28 101416]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Mbm3CBus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208]
S3 Mbm3DevMt;HP  Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912]
S3 Mbm3mdfl;HP  Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528]
S3 Mbm3Mdm;HP  Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-11-08 12904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-03-04 277032]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 12:35]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleFordanielsiegrist.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForPC-826$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2011-09-24 5398528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bielertagblatt.ch
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 172.20.1.84 172.20.1.86
TCP: Interfaces\{4A84D4C2-2593-4FCE-BFC1-8327D6259BE4}: NameServer = 138.188.101.186 138.188.101.189
FF - ProfilePath - c:\users\danielsiegrist\AppData\Roaming\Mozilla\Firefox\Profiles\n6ab4d2d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bielertagblatt.ch
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-File Sanitizer - c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
Wow6432Node-HKLM-Run-ISUSPM Startup - c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Wow6432Node-HKLM-Run-ISUSScheduler - c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-Symantec Antvirus
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-13  18:37:12
ComboFix-quarantined-files.txt  2012-07-13 16:37
.
Vor Suchlauf: 11 Verzeichnis(se), 254'648'336'384 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 253'910'335'488 Bytes frei
.
- - End Of File - - 2933D6774208E7CABCF0B1CC57A93463
         
--- --- ---


So ich hoffe, dass jetzt alles erledigt ist. Besten Dank.


Alt 14.07.2012, 16:15   #6
markusg
/// Malware-holic
 
Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Standard

Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100



lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
--> Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100

Antwort

Themen zu Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100
alternate, antivirus, bho, computer, defender, document, error, excel, firefox, flash player, format, gesperrt, home, ihr computer wurde gesperrt, install.exe, intranet, log-datei, logfile, microsoft office word, programm, registry, rundll, scan, searchscopes, security, software, symantec, trojaner, windows



Ähnliche Themen: Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100


  1. Trojaner: "Zugang zu ihrem Computer wurde aus folgenden Gründen gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2015 (17)
  2. Computer wurde gesperrt - "Polizei" Trojaner/Virus
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (15)
  3. Win XP (SP3) Trojaner: "Computer wurde von Bundesamt gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (11)
  4. "Ihr Computer wurde gesperrt" Trojaner (User:Landvoigt)
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (18)
  5. "Ihr Computer wurde gesperrt"-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (11)
  6. GVU Trojaner "Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 22.12.2012 (13)
  7. "Ihr Computer wurde gesperrt" Trojaner eingefangen - Hilfe :(
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  8. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  9. auswertung Logdatei des Trojaner "der Computer ist für die Verletzung der Gesetze der Bundesrepublik deutschland wurde Blockert" Ukash
    Log-Analyse und Auswertung - 03.10.2012 (13)
  10. Trojaner: "ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  11. Trojaner Bundesschutzpolizei UKash "Ihr System wurde gesperrt"
    Log-Analyse und Auswertung - 27.09.2012 (22)
  12. Trojaner "Ihr Computer wurde gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (4)
  13. UKASH-Trojaner "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.09.2012 (14)
  14. "Ihr Computer wurde gesperrt", Schweizerische Eidgenossenschaft, Ukash
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (7)
  15. Windows 7 64 Bit "GVU"" Ihr Computer wurde gesperrt."
    Log-Analyse und Auswertung - 30.07.2012 (27)
  16. BKA Trojaner auf meinem Laptop "Ihr Computer wurde gesperrt" Benötige Hilfe
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  17. Malware/Trojaner "Achtung! Ihr Computer wurde gesperrt!"
    Log-Analyse und Auswertung - 02.05.2012 (19)

Zum Thema Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 - Hallo zusammen Ich habe mir einen Trojaner auf meinem Windows 7 Notebook unter meinem Domain-Benutzernamen mit Admin-Rechten eingefangen. Den Scan habe ich lokal mit dem Localadmin für alle Benutzer durchgeführt. - Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100...
Archiv
Du betrachtest: Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.