Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "Bundestrojaner" ism_0_llatsni.pad

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2012, 19:52   #1
meister-jogi
 
"Bundestrojaner" ism_0_llatsni.pad - Standard

"Bundestrojaner" ism_0_llatsni.pad



Moin,
PC mit "Bundestrojaner" infiziert und nach Booten gesperrt.

Hier die OTL-Logs
hxxp://pastebin.com/EVq5DCY8
hxxp://pastebin.com/PQKvEP9A

Vielen Dank im Voraus!

Code:
ATTFilter
OTL Extras logfile created on: 15.08.2012 20:31:41 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,58% Memory free
5,87 Gb Paging File | 5,46 Gb Available in Paging File | 93,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,41 Gb Total Space | 189,21 Gb Free Space | 70,49% Space Free | Partition Type: NTFS
Drive D: | 196,24 Gb Total Space | 155,00 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive E: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19BAED0E-6EC3-48D9-84BB-467A06A8FCF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BD733F4-1852-4DC1-B3C2-10A2A8FBC67A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1DB58D99-63E8-40AA-A9B8-AC668093265B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FF13A5C-04A8-46ED-A2C5-CEEC7FE88AB9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{458B680F-528E-4235-8EE6-3D81B99D8399}" = lport=139 | protocol=6 | dir=in | app=system | 
"{55949055-7AB5-40B6-B302-7E5073F2B3E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56769413-E2EB-4F16-87A9-5C60703A8BB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B8EA9A3-731D-4C72-9E74-10CCD409ECB0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6DD3FD40-986F-435D-B83A-468969B5F005}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{87868136-CEF3-4992-805D-DAE28EF20C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{87A6B174-8D7F-44E2-8FCA-F9F187AE85DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AE27B97-0DFC-410C-A981-9B0B43051FC6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9659E3BD-785D-480D-8AF6-EB1C1D664E72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9AA0989D-A6AD-44D9-82A9-A3CA3464CDDD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A85AC191-EC39-4616-B483-8CFE47269C90}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE2DE1D0-9786-46DE-ABC8-0467F1946A61}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B5C31CB9-6A3D-420E-879E-EC069CB67602}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BB58BEE5-D267-4D48-8252-5C1450CB7A93}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CAA8D3D8-A050-471E-84CA-7A414CCFFF66}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{E59D1EAA-E68B-466F-999F-E2832812A826}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB75AFDD-E744-407D-9410-A36733BCB13C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EF7E9A20-039D-4E37-B8E8-C44FC0595BE5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EF94B0EB-A416-4E22-8233-F17765E02FC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F14FAF4E-F767-4A19-9490-F6200A3C5A1F}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BCEDC8-A5E7-4FD0-B7E6-D997F7AE6260}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{04AC94A8-97DE-4DA5-9C57-902A32C4A7EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0C41C340-ABCE-48CC-A129-3FA945E809B7}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{1AF9E94F-42FD-428D-8B4D-6EE288DC63D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D840BB9-4A71-406C-8FFD-A070B32A3A8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20A3C3F0-2858-4B0A-A59E-1A892FC3841B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{23A8395F-F888-4CA9-B0DB-9DCD6935FAEA}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{36C1D4B9-B292-4838-8FA0-807EDB6621BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3FD1872B-32CF-4CF6-8FEC-267EBD39E426}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6082574B-2A1B-4725-9B65-5DB5A8F62D27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{619C572C-D89D-4590-B838-6D18F04FDA50}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{66FF81E9-E3C1-4B78-BF85-7BA0BFA57F90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{695BAA77-E4A6-419A-92A7-86FDE8CFD767}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6CED230B-B37E-4C5A-9163-018513B36B46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75EA2970-02FF-471E-9C3D-5FDABD5F934C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{879B511D-E791-4E8D-BDB9-293F85B62A50}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{959297F2-85E6-4974-82C6-E3143A0B50FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{95A45DFB-2204-4F8C-BBD4-0B6E4E523416}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe | 
"{A0DBFE86-D7F0-43E3-A934-1DD448BE1243}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A825EAE4-912E-4BF2-8FA8-993E8B7D7B16}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B218F17F-BE5E-40AD-A322-CAE16FCCAC33}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B2197F69-43ED-497D-BC3C-FC7C6E5C853C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{B48D7767-CD7B-4D83-A4AD-1B6614354054}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B971AA3D-D41C-4DBB-8401-9CA0719DB6E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD36E50C-FCDF-4C61-982D-4B68465611C4}" = protocol=6 | dir=out | app=system | 
"{CDB55DF9-9E35-45D3-AC5B-4E3E94730ECB}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{D9E20743-9BDB-46A2-96EC-C8BE992E7FBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{DE73718C-1B3C-4542-8648-BA2FF94B84A1}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{DE9C9F75-D7F1-467B-AC54-C3299502D839}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E807A2A2-77D8-40D9-B3B8-51C55729C2C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC2968FD-366C-40BE-8B15-DC9FA3E6D9EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEE464A2-35E0-4ED4-B98F-732A85A36C77}" = protocol=17 | dir=in | app=c:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe | 
"{F22FCD4F-1E11-4AFD-8EFE-C36A03CFE7B0}" = protocol=6 | dir=in | app=c:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe | 
"TCP Query User{649CC22E-A75D-4083-A018-788AE4079158}C:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe | 
"UDP Query User{91417370-8608-45A8-BE25-B5FCB7B3C77B}C:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\fritz.box_fon_wlan_7113.04.67.recover-image.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.5
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"TVWiz" = Intel(R) TV Wizard
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 06:45:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00045468  ID des fehlerhaften Prozesses: 0x908  Startzeit der fehlerhaften Anwendung:
 0x01cd7209ea16799f  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 8c55a250-de21-11e1-8b93-001f16302c00
 
Error - 04.08.2012 11:35:08 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001b2706  ID des fehlerhaften Prozesses: 0x1a578  Startzeit der fehlerhaften Anwendung:
 0x01cd723e4cc95312  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 f849cfb7-de49-11e1-8b93-001f16302c00
 
Error - 04.08.2012 13:02:56 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d40a3  ID des fehlerhaften Prozesses: 0x1684c  Startzeit der fehlerhaften Anwendung:
 0x01cd7256c0318318  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 3c158bb1-de56-11e1-8b93-001f16302c00
 
Error - 04.08.2012 14:46:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001b2706  ID des fehlerhaften Prozesses: 0x11934  Startzeit der fehlerhaften Anwendung:
 0x01cd7263a2097a11  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 afd133e0-de64-11e1-8b93-001f16302c00
 
Error - 05.08.2012 08:38:14 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d3fcc  ID des fehlerhaften Prozesses: 0x8e94  Startzeit der fehlerhaften Anwendung:
 0x01cd72fb9d3a29fa  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 6c11df8a-defa-11e1-b6bf-001f16302c00
 
Error - 05.08.2012 08:56:52 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00045468  ID des fehlerhaften Prozesses: 0xe88  Startzeit der fehlerhaften Anwendung:
 0x01cd73094f528111  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 068d86a0-defd-11e1-b6bf-001f16302c00
 
Error - 05.08.2012 10:21:08 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d3fcc  ID des fehlerhaften Prozesses: 0x2b20  Startzeit der fehlerhaften Anwendung:
 0x01cd7309cf6569e5  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 cc56caf3-df08-11e1-b6bf-001f16302c00
 
Error - 05.08.2012 13:08:37 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d3fcc  ID des fehlerhaften Prozesses: 0x16cd0  Startzeit der fehlerhaften Anwendung:
 0x01cd73191edd841b  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 31b73b38-df20-11e1-b6bf-001f16302c00
 
Error - 08.08.2012 08:17:15 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PowerDVDCinema.exe, Version: 9.0.2122.0,
 Zeitstempel: 0x4ab893a1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x149ec  Startzeit der fehlerhaften Anwendung: 0x01cd755fae9b97ed  Pfad 
der fehlerhaften Anwendung: C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: fd25eb1f-e152-11e1-b840-001f16302c00
 
Error - 08.08.2012 13:24:49 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_270.exe,
 Version: 11.3.300.270, Zeitstempel: 0x50198027  Name des fehlerhaften Moduls: NPSWF32_11_3_300_270.dll,
 Version: 11.3.300.270, Zeitstempel: 0x5019828e  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001b2706  ID des fehlerhaften Prozesses: 0x17ec  Startzeit der fehlerhaften Anwendung:
 0x01cd7579d179f56e  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
Berichtskennung:
 f4191173-e17d-11e1-b518-001f16302c00
 
[ Media Center Events ]
Error - 08.08.2012 08:15:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 14:15:49 - Fehler beim Herstellen der Internetverbindung.  14:15:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.08.2012 23:57:22 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 05:56:39 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Unbekannter Fehler beim Empfangen..)

 
[ System Events ]
Error - 29.05.2012 12:29:54 | Computer Name = ***-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
 
Error - 31.05.2012 01:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Peernetzwerkidentitäts-Manager erreicht.
 
Error - 31.05.2012 01:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 31.05.2012 01:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 31.05.2012 01:11:10 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 03.06.2012 00:56:51 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2012 um 06:55:18 unerwartet heruntergefahren.
 
Error - 03.06.2012 12:34:27 | Computer Name = ***-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
 
Error - 04.06.2012 11:13:54 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 04.06.2012 11:13:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 04.06.2012 11:13:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         

Code:
ATTFilter
OTL logfile created on: 15.08.2012 20:31:41 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 85,58% Memory free
5,87 Gb Paging File | 5,46 Gb Available in Paging File | 93,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,41 Gb Total Space | 189,21 Gb Free Space | 70,49% Space Free | Partition Type: NTFS
Drive D: | 196,24 Gb Total Space | 155,00 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive E: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (STacSV) -- c:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\SearchScopes,DefaultScope = {EB80369F-DFB6-4B0A-A58A-1B70C0EB7F1D}
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\SearchScopes\{EB80369F-DFB6-4B0A-A58A-1B70C0EB7F1D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.05 16:23:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\***\AppData\Roaming\14001.014 [2012.08.10 16:26:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.05 16:23:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.12.25 20:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.02 21:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usuqden5.default\extensions
[2012.04.21 11:20:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usuqden5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.17 23:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.10 16:26:03 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\14001.014
[2012.08.05 16:23:44 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 12:57:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 12:57:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 12:57:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 12:57:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 12:57:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 12:57:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000..\Run: [Userinit] C:\Users\***\AppData\Roaming\appConf32.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F30672F-5405-4FE0-A154-C75B5147744A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E6B7F23-CE46-439F-ACEA-E1C0E26AC30C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 20:20:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.15 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.08.10 20:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.10 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.014
[2012.08.10 06:07:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.012
[2012.08.08 14:16:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2012.08.08 14:16:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2012.08.08 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2012.08.08 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.011
[2012.08.07 16:30:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.010
[2012.08.06 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.009
[2012.08.05 16:34:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.008
[2012.07.31 18:56:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\13001.033
[2012.07.30 18:55:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\13001.032
[2012.07.28 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2012.07.28 18:51:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\13001.031
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 20:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 20:24:27 | 2363,125,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.15 19:29:18 | 001,183,103 | ---- | M] () -- C:\Users\***\Desktop\ism_0_llatsni.pad
[2012.08.15 19:08:46 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 19:08:46 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.14 17:14:35 | 000,001,901 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.12 21:17:16 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.12 21:17:16 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.12 21:17:16 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.12 21:17:16 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.10 19:57:26 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.08.10 16:25:57 | 000,203,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe187.dll
[2012.08.05 15:47:35 | 000,000,047 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.08.02 19:43:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.02 19:43:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.28 21:02:11 | 000,024,656 | ---- | M] () -- C:\Users\***\Desktop\study abroad advert.pdf
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.14 17:14:42 | 001,183,103 | ---- | C] () -- C:\Users\***\Desktop\ism_0_llatsni.pad
[2012.08.14 17:14:35 | 000,001,901 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.10 16:25:57 | 000,203,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe187.dll
[2012.07.30 18:10:56 | 000,000,047 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.07.28 21:02:11 | 000,024,656 | ---- | C] () -- C:\Users\***\Desktop\study abroad advert.pdf
[2012.07.12 20:09:04 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.02.22 21:04:39 | 000,000,614 | ---- | C] () -- C:\Windows\wiso.ini
[2011.12.28 23:07:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2012.07.12 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.023
[2012.07.28 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.031
[2012.07.30 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.032
[2012.07.31 18:56:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.033
[2012.08.05 16:34:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.008
[2012.08.06 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.009
[2012.08.07 16:30:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.010
[2012.08.08 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.011
[2012.08.10 06:07:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.012
[2012.08.10 16:26:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.014
[2012.02.22 21:06:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.04.21 11:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.04.21 11:20:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.14 21:04:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.07.12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.12.28 23:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.08.10 06:08:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.12 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.07.08 05:16:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 15.08.2012, 22:25   #2
t'john
/// Helfer-Team
 
"Bundestrojaner" ism_0_llatsni.pad - Standard

"Bundestrojaner" ism_0_llatsni.pad





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\SearchScopes,DefaultScope = {EB80369F-DFB6-4B0A-A58A-1B70C0EB7F1D} 
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\SearchScopes\{EB80369F-DFB6-4B0A-A58A-1B70C0EB7F1D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox 
IE - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/webhp?hl=de" 
FF - user.js - File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found 
O4 - HKU\S-1-5-21-4221648154-2277380602-1875423964-1000..\Run: [Userinit] C:\Users\***\AppData\Roaming\appConf32.exe File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
[2012.08.14 17:14:35 | 000,001,901 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.08.06 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.009 
[2012.08.05 16:34:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.008 
[2012.07.28 18:54:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs 
[2012.08.15 19:29:18 | 001,183,103 | ---- | M] () -- C:\Users\***\Desktop\ism_0_llatsni.pad 
[2012.08.14 20:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.08.10 19:57:26 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res 
[2012.08.10 16:25:57 | 000,203,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe187.dll 
[2012.08.10 16:26:03 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\Roaming\14001.014 
[2012.08.10 16:26:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.014 
[2012.07.12 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.023 
[2012.07.12 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock 
:Files
C:\Users\***\AppData\Roaming\140*
C:\Users\***\AppData\Roaming\*croIEHelp* 

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 27.10.2012, 04:53   #3
t'john
/// Helfer-Team
 
"Bundestrojaner" ism_0_llatsni.pad - Standard

"Bundestrojaner" ism_0_llatsni.pad



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu "Bundestrojaner" ism_0_llatsni.pad
bingbar, booten, bundes, bundestrojaner, document, extras.txt, infiziert, install.exe, ism_0_llatsni.pad, launch, ntdll.dll, sttray.exe



Ähnliche Themen: "Bundestrojaner" ism_0_llatsni.pad


  1. samsung galaxy tab 3 LITE "Bundestrojaner entfernen"
    Smartphone, Tablet & Handy Security - 24.02.2016 (17)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Bundestrojaner vor 1 Monat "entfernt", jedoch NICHT vollständig
    Log-Analyse und Auswertung - 07.08.2013 (13)
  5. "bundestrojaner" seit heute morgen auf pc
    Log-Analyse und Auswertung - 11.06.2013 (10)
  6. Bundestrojaner AppData\Roaming\Gyiv\dirao.exe aufgrund von Emailanhang "Vertrag Vorname Nachname.zip"
    Log-Analyse und Auswertung - 24.02.2013 (1)
  7. "Schweizer-Eidgenossenschafts-Trojaner" (dem "Bundestrojaner" sehr ähnlich)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (12)
  8. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  9. U-Cash "Bundestrojaner" Nachwirkungen beseitigen
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (14)
  10. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  11. Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!
    Log-Analyse und Auswertung - 01.10.2012 (9)
  12. Mit Bundestrojaner infiziert "ism_0_llatsni.pad "
    Log-Analyse und Auswertung - 14.09.2012 (23)
  13. Probleme mit Internetverbindung über LAN und "wpbt0.dll-Fehlermeldung" nach entferntem Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  14. C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung
    Log-Analyse und Auswertung - 08.07.2012 (5)
  15. Nach "Bundestrojaner" verschlüsselte Datein entschlüsseln?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema "Bundestrojaner" ism_0_llatsni.pad - Moin, PC mit "Bundestrojaner" infiziert und nach Booten gesperrt. Hier die OTL-Logs hxxp://pastebin.com/EVq5DCY8 hxxp://pastebin.com/PQKvEP9A Vielen Dank im Voraus! Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 15.08.2012 20:31:41 - "Bundestrojaner" ism_0_llatsni.pad...
Archiv
Du betrachtest: "Bundestrojaner" ism_0_llatsni.pad auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.