Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom-Infektion

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.09.2012, 15:05   #1
bedwyrr
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Anti-Malware vermeldet mir den Fund des Trojan.Ransom.
Nun erbitte ich eure Hilfe bei der endgültigen Beseitigung des Fieslings.

Der Anti-Malware-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lars :: LARS-PC [Administrator]

03.09.2012 15:33:31
mbam-log-2012-09-03 (15-33-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201433
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Die Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 03.09.2012 15:50:13 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Lars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,54% Memory free
8,00 Gb Paging File | 5,74 Gb Available in Paging File | 71,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 80,89 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AEE3E5-9BE0-4F8C-B718-9E135E6B9498}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3190A989-F553-4761-BCBB-A3AAB254C734}" = lport=445 | protocol=6 | dir=in | app=system | 
"{35A2CD90-F40F-4183-B7E6-372D4B2B94A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{40AC7F32-E139-42C8-B6B8-1BC1839D2A39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{417E403B-49BA-4DA4-A8A0-DA2BE133087D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BADF3CA-AC0D-4973-AC64-E653C24A8CAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D04E3E6-E964-4685-8D45-EDDBE9283E95}" = rport=138 | protocol=17 | dir=out | app=system | 
"{53B7A91F-CD87-4C74-B723-C1C20A1C11E6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{53D4EBD9-5719-4B09-B1EE-41AABD0A8148}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6E6965A4-119F-4E17-8893-544D9EF38116}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6E918369-4540-4144-A7D8-6DC89886C117}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFB3A6C-EC83-4CCF-8B0B-3978FD6E102F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{73CF36E1-B200-4EC6-BA9D-DB2393F2BE79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B589969-3B6B-4EDC-B7D8-41B8C533C649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A028E54-D771-4B68-9295-971319BD94FC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8A91F1C6-635F-46BF-96D7-B50923E4625F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{958444CE-3723-41B9-894C-2EE251EFE7C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A8FF2BFC-3DE5-4118-A408-39F1E9D30BFD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB876F04-27AB-474B-91F7-30E00AE042E8}" = lport=80 | protocol=6 | dir=in | name=http | 
"{BEB7FB14-A7EA-44A4-876C-7BEF9EECEE7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C79D6E11-9DD7-4F8F-A230-CB6517D5EFCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCB743AC-8CD8-492C-9580-E1D4C47482E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E115B713-EF06-4BD6-B79E-7C9680B0C80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EC27EEE6-21D5-4EAF-8C18-9C16134EE2A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0627414E-3679-4B25-92CE-B773B7182137}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{07FDF522-5B63-43FA-A0EC-BC2114657199}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{15254041-5E6B-46BC-A958-7C25714BE58F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{39B93A8F-2C2A-46EF-A6F4-A72900ADFCD5}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{47FD95CF-5D31-4C96-961B-465D5F6FF4EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5FF93CCE-AFAB-451E-B840-40A196BEEDFA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{604A8BBA-E993-4DE2-A3E1-78DD4DC481C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | 
"{68C5C2C8-471A-4353-9D2B-B43CE3EB1929}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{838A353E-FF14-4D20-8D0B-511BA65ABB7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{87B88E5E-DBC7-441D-A2EE-6EF144576DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{89EAD9EC-FD42-47A4-BD0A-35CA5EE7380E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | 
"{95D0EA74-1147-4798-86FD-3471E7732BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{9E91901E-9BC7-47B2-A060-43374C34FF90}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A01633F8-BE88-4232-A8BB-269D21BF8A01}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{ABB67060-F400-4ED5-A75C-1B9145BF005B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AED82496-1129-40E4-9FE6-58E25BE3ABC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C543F3FE-AE53-42A9-B842-1E707F12051D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{CBA21894-754F-4D15-A470-8F62CBA78943}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{CF7764E7-D5A2-4FEB-9040-0D9EF18071EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E655E257-466A-482B-ADB5-E8D906F17FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{ECE3926D-D3F6-4BFC-9FAF-540D6141FFAD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{6A235C60-1743-4D72-9977-3AFDE8D50836}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{81EFA3AB-732E-4561-80D9-CC1F2516A46D}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{950F46BA-8B46-48C2-A151-9983EB7C6DBC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{A6E31FDD-2EF1-4B91-B063-4744AFFE1903}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{B247CABB-8E40-4EF5-822F-9B03F25B9932}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{BC053CF3-1A94-4592-A089-36D797BAE2D9}C:\test\nmutil\nmserve.exe" = protocol=6 | dir=in | app=c:\test\nmutil\nmserve.exe | 
"TCP Query User{E89D9805-6060-4F29-97FB-4713A3B1F083}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{2BF0DE8C-69F7-4713-893E-3FA23DBECE14}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{7D018620-2DC7-48A2-B928-CEB4D8788F86}C:\test\nmutil\nmserve.exe" = protocol=17 | dir=in | app=c:\test\nmutil\nmserve.exe | 
"UDP Query User{81DFFD97-1B28-4DD0-8EFD-29C437E6B239}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{90AC7CFB-8DF5-4F0B-885B-8B7FF4BD04B1}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{C244D60C-7BF7-4BED-994C-D9C9EFF0C0FB}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{D869B2DC-ABA4-4949-93ED-2B27CDE525F3}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{D8DACB73-A224-4972-962D-CF3FB06079AF}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{197F2BEF-2705-406E-8CEB-8E404FFFE414}" = VMLite Workstation
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D42871F-4A1E-82E5-9494-3012BA3084F2}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{6FCA487B-89F0-4378-E1BC-91B81BCD8C98}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X3
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{ED96A4F2-C990-0C70-33FA-AE213E8697C0}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"GIMP-2_is1" = GIMP 2.6.12
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.6.9
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B247BF7-D393-1855-C8B3-66DED90DCCB6}" = Catalyst Pro Control Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15219EE8-4DCC-C6C5-CB04-351D4DD72ACF}" = Catalyst Control Center InstallProxy
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A10CD9-E281-4F3F-850E-F41D144B97C6}" = LibreOffice 3.4 Help Pack (German)
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{442CB906-7844-E2F5-A2EB-90D44C0BF2DF}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{4AB3F9D4-0020-4A93-A7EB-C931C09ABD29}" = n-tv plus
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{59997DD7-9434-4D44-8DFA-26EB87DD96A1}" = WISE-FTP 6
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{666B1A9E-863B-4730-9FC9-B70B60E4C8C7}" = Compucon EOS 3.0
"{67D30650-3501-66ED-265A-20870A20A689}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7355D6F3-DBA4-4CD4-8FC3-B96FA766B642}" = calibre
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{82FEA187-116E-4CDA-A333-AB6ED22380C7}_is1" = Audio 180% 7.5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{896052CA-1097-4275-B084-D74440881FE6}" = AKVIS SmartMask
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = soft Xpansion Perfect PDF 6 Converter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{b582bad2-f527-422f-8e34-a56a52ec003d}" = Nero 9
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7AB751E-235F-4B3B-A1B7-400F1D20F139}" = StarMoney 7.0 
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C2460E42-DD90-4CB5-BC67-ACE64FB0201E}_is1" = Inpaint 3 Install
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Auvisio DigiTV Device Utilities
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DC4071FC-A3FF-4F6B-0001-CCB79085A90A}" = Formatwandler 4 SE
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F23159DD-B8B4-4993-9726-41DF962A3EA2}" = EOS 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB8BEF4C-E2B8-725E-F84A-AF6D1E4C8960}" = Catalyst Control Center Graphics Previews Common
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A1-Faktura_is1" = A1-Faktura 1.428
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobiSplitCat" = COMPUTER BILD Splitcat
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DigiFM_is1" = DigiFM Software
"DigiTV_is1" = DigiTV Software
"Drakensang_is1" = Drakensang
"DS-MP3 Source" = DS-MP3 Source 1.30
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.90
"FreeCommander_is1" = FreeCommander 2009.02b
"Freeware Faktura" = Freeware Faktura 2012.04.20
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20110718 code)
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 4.25
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HyperCam 3" = HyperCam 3
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mobile Partner" = Mobile Partner
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Opera 12.01.1532" = Opera 12.01
"PartyPoker" = PartyPoker
"PRJPRO" = Microsoft Office Project Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Sparfuchs_is1" = Sparfuchs
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TVRTLDrv" = Auvisio DigiTV Device
"Update Engine" = Sony Ericsson Update Engine
"VirtualCloneDrive" = VirtualCloneDrive
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
"WinSysClean X3" = WinSysClean X3
"Wireshark" = Wireshark 1.6.5
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.13.1
"Wondershare vDownloader_is1" = Wondershare vDownloader(Build 1.0.0.5)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Color Picker" = Color Picker
"Google Chrome" = Google Chrome
"Unicode Charts _ Tools" = Unicode Charts :: Tools
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.08.2012 07:39:07 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 27.08.2012 07:39:07 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 29.08.2012 06:23:20 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIMain.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ca41cf9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xde4  Startzeit der fehlerhaften Anwendung: 0x01cd85c58048b7f6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 8ddaf142-f1c3-11e1-a7d1-00030d818492
 
Error - 30.08.2012 06:15:20 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIMain.exe, Version: 1.0.0.1, Zeitstempel:
 0x4ca41cf9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x5cc  Startzeit der fehlerhaften Anwendung: 0x01cd8691a6dfe100  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 99f15126-f28b-11e1-9aa1-00030d818492
 
Error - 31.08.2012 06:12:58 | Computer Name = Lars-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 31.08.2012 10:53:59 | Computer Name = Lars-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 31.08.2012 10:55:13 | Computer Name = Lars-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 01.09.2012 04:18:32 | Computer Name = Lars-PC | Source = VSS | ID = 12344
Description = 
 
[ Media Center Events ]
Error - 09.08.2012 13:57:51 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 19:57:51 - Fehler beim Herstellen der Internetverbindung.  19:57:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.08.2012 13:58:05 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 19:57:56 - Fehler beim Herstellen der Internetverbindung.  19:57:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 21:59:03 | Computer Name = Lars-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) USB Digital
 TV
 
Error - 13.08.2012 22:01:10 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 04:01:09 - Fehler beim Herstellen der Internetverbindung.  04:01:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 23:01:18 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 05:01:18 - Fehler beim Herstellen der Internetverbindung.  05:01:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2012 00:01:25 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 06:01:25 - Fehler beim Herstellen der Internetverbindung.  06:01:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.08.2012 01:01:32 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 07:01:32 - Fehler beim Herstellen der Internetverbindung.  07:01:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.08.2012 04:53:33 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 10:53:32 - Fehler beim Herstellen der Internetverbindung.  10:53:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.08.2012 07:15:23 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 13:15:22 - Fehler beim Herstellen der Internetverbindung.  13:15:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.08.2012 20:48:51 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 02:48:51 - Fehler beim Herstellen der Internetverbindung.  02:48:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.09.2012 08:21:08 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.09.2012 08:30:00 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.09.2012 08:30:37 | Computer Name = Lars-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 03.09.2012 08:55:42 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 03.09.2012 09:16:27 | Computer Name = Lars-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 03.09.2012 09:16:43 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Virtueller Datenträger erreicht.
 
Error - 03.09.2012 09:16:43 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Virtueller Datenträger" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 03.09.2012 09:16:53 | Computer Name = Lars-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 03.09.2012 09:31:31 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 03.09.2012 09:40:06 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
Die OLT.txt:
Code:
ATTFilter
OTL logfile created on: 03.09.2012 15:50:13 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Lars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,54% Memory free
8,00 Gb Paging File | 5,74 Gb Available in Paging File | 71,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 80,89 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.09.03 15:49:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe
PRC - [2012.08.27 12:32:39 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012.08.27 12:32:39 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012.08.08 14:34:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.15 15:43:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.15 15:43:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.19 05:48:22 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2010.09.30 14:00:28 | 001,193,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
PRC - [2010.09.30 14:00:28 | 000,687,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.10.05 15:59:38 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2007.05.17 22:22:06 | 000,049,152 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\BisonAPP.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 17:47:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2010.09.30 14:00:28 | 001,304,912 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
MOD - [2010.09.30 14:00:28 | 001,193,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
MOD - [2010.09.30 14:00:28 | 000,691,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
MOD - [2010.09.30 14:00:28 | 000,687,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
MOD - [2010.09.30 14:00:28 | 000,677,200 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
MOD - [2010.09.30 14:00:28 | 000,617,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
MOD - [2010.09.30 14:00:28 | 000,565,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
MOD - [2010.09.30 14:00:28 | 000,564,048 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
MOD - [2010.09.30 14:00:28 | 000,371,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
MOD - [2010.09.30 14:00:28 | 000,323,920 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
MOD - [2010.09.30 14:00:28 | 000,309,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
MOD - [2010.09.30 14:00:28 | 000,268,112 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
MOD - [2010.09.30 14:00:28 | 000,245,072 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
MOD - [2010.09.30 14:00:28 | 000,235,344 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
MOD - [2010.09.30 14:00:28 | 000,234,320 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
MOD - [2010.09.30 14:00:28 | 000,228,176 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
MOD - [2010.09.30 14:00:28 | 000,221,520 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
MOD - [2010.09.30 14:00:28 | 000,183,632 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
MOD - [2010.09.30 14:00:28 | 000,175,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
MOD - [2010.09.30 14:00:28 | 000,168,784 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
MOD - [2010.09.30 14:00:28 | 000,162,128 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
MOD - [2010.09.30 14:00:28 | 000,154,960 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\CMCOMService.dll
MOD - [2010.09.30 14:00:28 | 000,150,352 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
MOD - [2010.09.30 14:00:28 | 000,141,648 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
MOD - [2010.09.30 14:00:28 | 000,134,992 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
MOD - [2010.09.30 14:00:28 | 000,125,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
MOD - [2010.09.30 14:00:28 | 000,124,752 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
MOD - [2010.09.30 14:00:28 | 000,098,128 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
MOD - [2010.09.30 14:00:28 | 000,096,080 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
MOD - [2010.09.30 14:00:28 | 000,095,568 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
MOD - [2010.09.30 14:00:28 | 000,090,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
MOD - [2010.09.30 14:00:28 | 000,089,936 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2008.12.03 15:09:30 | 000,184,320 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV - [2012.08.22 17:47:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.20 14:57:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.15 15:43:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.15 15:43:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.19 05:48:22 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.08 15:13:12 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010.08.21 01:15:50 | 000,426,600 | ---- | M] (VMLite, Inc.) [Auto | Running] -- C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.07 22:51:11 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.07.07 22:51:11 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.06.18 13:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.06.18 13:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012.05.15 15:43:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.15 15:43:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.08.18 12:30:00 | 000,135,272 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vmliteusbmon.sys -- (VMLiteUSBMon)
DRV:64bit: - [2010.08.11 18:37:50 | 000,177,768 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmlitestor.sys -- (vmlitestor)
DRV:64bit: - [2010.08.11 14:39:34 | 000,146,216 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.08.03 20:28:28 | 000,014,952 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vmlitedrv.sys -- (vmlitedrv)
DRV:64bit: - [2010.07.01 13:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2010.07.01 13:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010.05.11 19:06:18 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.05.11 19:06:18 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.05.11 19:06:18 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010.01.20 15:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.10.26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.18 11:42:34 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009.06.18 11:42:16 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009.06.18 11:41:58 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009.06.18 11:41:46 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 21:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2009.02.09 17:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 17:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 17:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.08.24 02:16:16 | 000,742,312 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2007.06.14 00:47:02 | 000,070,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007.01.08 13:38:52 | 000,047,104 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV - [2012.02.19 05:48:23 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 E5 77 7E CD 7E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - user.js..network.proxy.autoconfig_url: "hxxp://sudafe.com/hKkfHer2/proxy.pac"
FF - user.js..network.proxy.type: 2
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.04.19 08:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\vDownloader\SVRFirefoxExt\ [2012.07.25 13:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:57:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.23 22:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2012.07.25 12:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\rgekk9sl.default\extensions
[2012.04.03 15:40:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\rgekk9sl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.26 12:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.19 08:12:34 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011.10.14 15:15:20 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\LARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RGEKK9SL.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012.07.25 12:54:51 | 000,010,449 | ---- | M] () (No name found) -- C:\USERS\LARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RGEKK9SL.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012.08.20 14:57:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.24 22:54:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 22:54:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.24 22:54:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.24 22:54:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.24 22:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 22:54:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.19 07:52:34 | 000,000,890 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:   127.0.0.1 activate.adobe.com
O1 - Hosts:   127.0.0.1 practivate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Wondershare vDownloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\vDownloader\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - C:\Program Files (x86)\soft Xpansion\Perfect PDF 6 Converter\iexp64.dll (soft Xpansion)
O3 - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - C:\Program Files (x86)\soft Xpansion\Perfect PDF 6 Converter\iexp32.dll (soft Xpansion)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com ()
F3 - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lars\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lars\Desktop\PartyPoker.lnk ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B46AA3-7C3F-49B0-B6BB-046E5205F0FF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A3DF95-ADC5-45FB-93A2-BECE87C5E016}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell - "" = AutoRun
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell\AutoRun\command - "" = E:\AutoStarter.exe
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.03 15:49:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe
[2012.09.03 14:22:56 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Microsoft Games
[2012.09.03 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes
[2012.09.03 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.03 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.03 14:09:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.03 14:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.02 12:01:00 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Adobe
[2012.09.02 11:51:42 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\ATI
[2012.08.31 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\Lars\Local Settings
[2012.08.28 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\ElevatedDiagnostics
[2012.08.24 20:34:00 | 000,000,000 | ---D | C] -- C:\WindowsDebug
[2012.08.24 20:34:00 | 000,000,000 | ---D | C] -- C:\Windows\MiniDump
[2012.08.24 14:28:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C437D41F-A277-4A3E-BF29-78D6AD51991A}
[2012.08.24 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinSysClean X3
[2012.08.24 14:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems
[2012.08.20 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Nero
[2012.08.18 15:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TabletPmt
[2012.08.18 15:15:36 | 000,227,840 | ---- | C] (TODO: <公司名稱>) -- C:\Windows\SysWow64\MyDrawLineWindowDll.dll
[2012.08.18 15:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
[2012.08.18 15:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET
[2012.08.18 15:10:13 | 000,356,352 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\tabcfg.exe
[2012.08.18 15:10:13 | 000,073,728 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\WTSrv.exe
[2012.08.18 15:10:13 | 000,053,248 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\pcpanel.cpl
[2012.08.18 15:10:13 | 000,053,248 | ---- | C] (Pen Tablet) -- C:\Windows\SysNative\pcpanel.cpl
[2012.08.18 15:10:13 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysWow64\WTClient.exe
[2012.08.18 15:10:13 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\WTClient.exe
[2012.08.18 15:10:13 | 000,027,304 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\TClass2k.sys
[2012.08.18 15:10:13 | 000,027,304 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimBus.sys
[2012.08.18 15:10:13 | 000,022,696 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\UCTblHid.sys
[2012.08.18 15:10:13 | 000,017,064 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimHid.sys
[2012.08.18 14:48:23 | 001,435,272 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash8.ocx
[2012.08.18 14:42:40 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\PackageAware
[2012.08.16 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft
[2012.08.10 23:19:39 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
[2012.08.10 20:44:54 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\VMLite Workstation
[2012.08.10 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Lars\VMLites
[2012.08.10 19:30:08 | 000,135,272 | ---- | C] (VMLite, Inc.) -- C:\Windows\SysNative\drivers\vmliteusbmon.sys
[2012.08.10 19:29:38 | 000,014,952 | ---- | C] (VMLite, Inc.) -- C:\Windows\SysNative\drivers\vmlitedrv.sys
[2012.08.10 19:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMLite Workstation
[2012.08.10 19:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\VMLite
[2012.08.07 15:58:25 | 000,000,000 | ---D | C] -- C:\Users\Lars\Documents\Rechnungen Stickservice
[2012.08.07 15:48:52 | 000,000,000 | ---D | C] -- C:\des
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 15:49:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe
[2012.09.03 15:47:03 | 000,015,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:47:03 | 000,015,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.03 15:39:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 15:39:04 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 14:49:19 | 000,081,980 | ---- | M] () -- C:\Users\Lars\Documents\cc_20120903_144914.reg
[2012.09.03 14:10:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 16:52:31 | 000,000,002 | ---- | M] () -- C:\Users\Lars\uz.dat
[2012.08.27 13:39:10 | 007,161,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.27 13:39:10 | 002,618,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.27 13:39:10 | 002,221,220 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.27 13:39:10 | 001,989,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 13:39:10 | 000,006,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.24 16:49:59 | 000,001,456 | ---- | M] () -- C:\Users\Lars\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.08.24 14:28:24 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\WinSysClean X3 (64-bit).lnk
[2012.08.18 16:38:43 | 005,098,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.18 14:48:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Photo Collage Studio.lnk
[2012.08.15 14:29:16 | 000,038,531 | ---- | M] () -- C:\Users\Lars\Documents\Kto_15_08_2012.pdf
[2012.08.14 03:59:03 | 000,007,776 | ---- | M] () -- C:\Windows\KernelMessage
[2012.08.07 17:45:46 | 000,029,064 | ---- | M] () -- C:\Users\Lars\Documents\Pflegehinweis.odt
 
========== Files Created - No Company Name ==========
 
[2012.09.03 14:49:16 | 000,081,980 | ---- | C] () -- C:\Users\Lars\Documents\cc_20120903_144914.reg
[2012.09.03 14:10:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.30 16:52:31 | 000,000,002 | ---- | C] () -- C:\Users\Lars\uz.dat
[2012.08.24 14:28:24 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\WinSysClean X3 (64-bit).lnk
[2012.08.18 15:15:36 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012.08.18 15:10:13 | 000,231,936 | ---- | C] () -- C:\Windows\SysNative\WinTab32.dll
[2012.08.18 15:10:13 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2012.08.18 15:10:13 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\UCMfg.exe
[2012.08.18 15:10:13 | 000,037,967 | ---- | C] () -- C:\Windows\SysNative\Tablet2k_x64.cat
[2012.08.18 15:10:13 | 000,031,662 | ---- | C] () -- C:\Windows\SysNative\Tablet2k.inf
[2012.08.18 15:10:13 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\ucinst32.dll
[2012.08.18 15:10:13 | 000,007,529 | ---- | C] () -- C:\Windows\SysNative\PTSimHid_x64.cat
[2012.08.18 15:10:13 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\PTSimBus_x64.cat
[2012.08.18 15:10:13 | 000,002,505 | ---- | C] () -- C:\Windows\SysNative\PTSimHid.inf
[2012.08.18 15:10:13 | 000,001,566 | ---- | C] () -- C:\Windows\SysNative\PTSimBus.inf
[2012.08.18 15:10:12 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe
[2012.08.18 15:10:12 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\Desk.scf
[2012.08.18 14:48:24 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Photo Collage Studio.lnk
[2012.08.15 14:22:17 | 000,038,531 | ---- | C] () -- C:\Users\Lars\Documents\Kto_15_08_2012.pdf
[2012.08.07 16:03:06 | 000,337,632 | ---- | C] () -- C:\Users\Lars\Documents\Preisliste_PB.odt
[2012.08.07 16:03:06 | 000,336,015 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_Aushang.odt
[2012.08.07 16:03:06 | 000,335,459 | ---- | C] () -- C:\Users\Lars\Documents\Brief Bewerbungzusage Franzi.odt
[2012.08.07 16:03:06 | 000,334,957 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_Öffnungszeiten.odt
[2012.08.07 16:03:06 | 000,334,707 | ---- | C] () -- C:\Users\Lars\Documents\Brief Investitionsbank.odt
[2012.08.07 16:03:06 | 000,334,433 | ---- | C] () -- C:\Users\Lars\Documents\Brief Stickservice WVB.odt
[2012.08.07 16:03:06 | 000,207,267 | ---- | C] () -- C:\Users\Lars\Documents\Brief Bewerbungzusage Franzi.pdf
[2012.08.07 16:03:06 | 000,029,064 | ---- | C] () -- C:\Users\Lars\Documents\Pflegehinweis.odt
[2012.08.07 16:03:06 | 000,021,764 | ---- | C] () -- C:\Users\Lars\Documents\AGB.odt
[2012.08.07 16:03:06 | 000,014,712 | ---- | C] () -- C:\Users\Lars\Documents\Sonderangebot.odt
[2012.08.07 16:03:06 | 000,010,596 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_geschlossen.odt
[2012.08.07 16:03:06 | 000,007,645 | ---- | C] () -- C:\Users\Lars\Documents\AGB.html
[2012.08.07 16:03:05 | 000,352,862 | ---- | C] () -- C:\Users\Lars\Documents\Adressfeld_A3.odt
[2012.08.07 16:03:05 | 000,010,618 | ---- | C] () -- C:\Users\Lars\Documents\Adressfeld.odt
[2012.08.07 16:03:05 | 000,009,935 | ---- | C] () -- C:\Users\Lars\Documents\Texte Homepage.odt
[2012.06.26 16:34:04 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.05.30 11:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.05.21 18:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.04.20 12:58:57 | 000,000,862 | ---- | C] () -- C:\Users\Lars\AppData\Local\recently-used.xbel
[2012.03.22 22:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.03.12 13:51:23 | 000,006,144 | ---- | C] () -- C:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.19 22:19:19 | 000,000,001 | ---- | C] () -- C:\Users\Lars\AppData\Local\llftool.4.25.agreement
[2012.01.09 23:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.25 20:40:28 | 000,294,974 | R--- | C] () -- C:\Windows\SysWow64\RTL283XACCESS.dll
[2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.12.02 01:48:30 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.12.02 01:48:30 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.12.02 01:48:30 | 000,012,782 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.msg
[2011.12.02 01:48:29 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2011.12.02 01:48:29 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.12.02 01:48:28 | 000,709,568 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.exe
[2011.12.02 01:48:28 | 000,007,645 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.dat
[2011.11.27 17:07:09 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.10.19 23:46:15 | 000,000,092 | ---- | C] () -- C:\Users\Lars\AppData\Local\fusioncache.dat
[2011.10.19 23:45:14 | 000,006,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.06 15:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.05.10 14:38:21 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.05.04 19:13:32 | 000,017,408 | ---- | C] () -- C:\Users\Lars\AppData\Local\WebpageIcons.db
[2011.04.28 15:41:01 | 000,001,456 | ---- | C] () -- C:\Users\Lars\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.24 20:18:44 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.24 16:19:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.24 15:23:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011.04.19 07:35:04 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.17 18:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2011.12.07 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\AceBIT
[2012.07.04 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.12.09 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ASCOMP Software
[2011.11.02 18:59:34 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Auslogics
[2011.11.27 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\BOM
[2012.08.31 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\calibre
[2011.09.09 14:09:38 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Canon
[2011.12.12 00:18:48 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\CBL-Electronics
[2012.04.19 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.02 15:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\concept design
[2011.12.02 01:53:00 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Engelmann Media
[2012.08.31 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\FileZilla
[2011.12.02 15:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Franzis
[2011.09.02 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\FreeCommander
[2011.10.19 23:26:34 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Gaijin Ent
[2012.03.02 14:41:42 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\gtk-2.0
[2012.01.19 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\HD Tune Pro
[2012.06.29 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de)
[2011.12.25 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\KWorld Multimedia
[2011.10.17 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\LibreOffice
[2012.07.18 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ManyCam
[2012.07.08 03:15:31 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\MyPhoneExplorer
[2011.12.01 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Nik Software
[2012.06.14 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Opera
[2012.07.12 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ProtectDISC
[2012.06.26 16:07:17 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Shark007
[2012.06.15 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Sony
[2012.02.08 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Trillian
[2012.07.12 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TS3Client
[2012.06.26 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Win7codecs
[2012.03.01 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Wireshark
[2012.07.25 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Wondershare
[2012.06.23 02:10:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:FF566C71

< End of report >
         
Vielen Dank für eure Hilfe.

Alt 03.09.2012, 20:41   #2
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found 
F3:64bit: - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com () 
F3 - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) 
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell - "" = AutoRun 
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell\AutoRun\command - "" = E:\AutoStarter.exe 
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell - "" = AutoRun 
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun 
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun 
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun 
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell - "" = AutoRun 
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\E\Shell - "" = AutoRun 
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence 
[2012.08.24 14:28:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C437D41F-A277-4A3E-BF29-78D6AD51991A} 
 

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:FF566C71 
 
[2011.04.24 16:19:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files

C:\Users\Lars\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Lars\AppData\Local\Temp\*.exe
C:\Users\Lars\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 04.09.2012, 15:36   #3
bedwyrr
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Erstmal vielen Dank für die schnelle Antwort.

Das OTL-Log ist leider weg. Mea Culpa. Ich hab nach dem alles fertig war und ich alles hier reinkopiert hatte vorm Absenden im OTL auf "Bereinigen" geklickt... Neustart... alle OTL-Dateien weg und im Zwischenspeicher natürlich auch nichts mehr. sry. Jedenfalls gab's keine Fehlermeldungen im Log soweit ich das sehen konnte.
Die anderen Logdateien sind aber zum Glück noch da.

Der Log des Anti-Malware Vollscans:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lars :: LARS-PC [Administrator]

04.09.2012 13:25:02
mbam-log-2012-09-04 (13-25-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 534395
Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

C:\AdwCleaner[R1].txt
Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/04/2012 um 16:14:21 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - LARS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Lars\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [737 octets] - [04/09/2012 16:14:21]

########## EOF - C:\AdwCleaner[R1].txt - [796 octets] ##########
         

C:\AdwCleaner[S1].txt
Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/04/2012 um 16:16:06 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - LARS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Lars\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Opera v12.1.1532.0

Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [864 octets] - [04/09/2012 16:14:21]
AdwCleaner[S1].txt - [1455 octets] - [04/09/2012 16:16:06]

########## EOF - C:\AdwCleaner[S1].txt - [1515 octets] ##########
         
Ich hoffe, das ist jetzt auch ohne das OTL-Log aussagekräftig genug. (ich geißle mich ja schon)
__________________

Alt 04.09.2012, 19:39   #4
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.09.2012, 09:58   #5
bedwyrr
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Leider nein da sich aus einem mir unerfindlichen Grund OTL beim Klick auf "Bereinigen" auch selbst deinstalliert. Ohne Rückfrage übrigens. Einfach alles weg.
Vorher war der Ordner C:\_OTL\ da und dann plötzlich weg.


Alt 06.09.2012, 00:41   #6
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Ahja, schade.


Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Trojan.Ransom-Infektion

Alt 06.09.2012, 10:18   #7
bedwyrr
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Er läuft wieder ganz gut denke ich. Vielen Dank. Gefühlt bummeln die Rechenknechte natürlich immer ^^

Das Emsisoft-Log:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.09.2012 12:34:39

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	05.09.2012 12:35:43

Value: hkey_current_user\software\partygaming --> autologintoothergames 	gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall 	gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown 	gefunden: Trace.Registry.partypoker!E1
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\airdecap-ng.exe 	gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\aircrack-ng.exe 	gefunden: possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\makeivs-ng.exe 	gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\packetforge-ng.exe 	gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Windows Loader 2.1\Windows Loader.exe 	gefunden: not-a-virus-Activator.WindowsLoader!E2
C:\Users\Lars\Downloads\Aircrack\bin\airdecap-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\aircrack-ng.exe 	gefunden: possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\Aircrack\bin\airtun-ng.exe 	gefunden: Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\aireplay-ng.exe 	gefunden: Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\makeivs-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\packetforge-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\airdecap-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\aircrack-ng.exe 	gefunden: possible-Threat.Aircra.A!E2
C:\test\Aircrack\bin\airtun-ng.exe 	gefunden: Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\aireplay-ng.exe 	gefunden: Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\packetforge-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\makeivs-ng.exe 	gefunden: Riskware.Hacktool.Aircrack!E2

Gescannt	785859
Gefunden	20

Scan Ende:	05.09.2012 15:23:31
Scan Zeit:	2:47:48

C:\Users\Lars\Downloads\Aircrack\bin\airtun-ng.exe	Quarantäne Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\aireplay-ng.exe	Quarantäne Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\airtun-ng.exe	Quarantäne Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\aireplay-ng.exe	Quarantäne Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\airdecap-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\makeivs-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\packetforge-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\airdecap-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\packetforge-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\makeivs-ng.exe	Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Windows Loader 2.1\Windows Loader.exe	Quarantäne not-a-virus-Activator.WindowsLoader!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\aircrack-ng.exe	Quarantäne possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\Aircrack\bin\aircrack-ng.exe	Quarantäne possible-Threat.Aircra.A!E2
C:\test\Aircrack\bin\aircrack-ng.exe	Quarantäne possible-Threat.Aircra.A!E2
Value: hkey_current_user\software\partygaming --> autologintoothergames	Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall	Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown	Quarantäne Trace.Registry.partypoker!E1

Quarantäne	17
         

Alt 06.09.2012, 18:40   #8
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Zitat:
C:\Users\Lars\Downloads\Windows Loader 2.1\Windows Loader.exe gefunden: not-a-virus-Activator.WindowsLoader!E2
Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.09.2012, 22:33   #9
bedwyrr
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Also da liegt der Hase im Pfeffer. Alles klar. Dann mache ich mich mal ans Werk. Den Rechner hab ich übrigens so mit System gekauft. Gibt's da nach der Zeit noch Regressansprüche? Das ist ja im Endeffekt Betrug wenn ich den Rechner zwar gebraucht aber mit Windows 7 Lizenz vorinstalliert kaufe beim Händler. Zum Glück hebe ich immer alle Rechnungen auf.
Vielen Dank für deine Hilfe. Ich bin erst mal Daten sichern.

Alt 07.09.2012, 18:00   #10
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



C:\Users\Lars\Downloads\

Hast du den Rechner mit gebrauchtem Windows gekauft?
Du benutzt ein Windows System das vorher von jemanden anderen benutzt und eingestellt wurde?
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.10.2012, 04:47   #11
t'john
/// Helfer-Team
 
Trojan.Ransom-Infektion - Standard

Trojan.Ransom-Infektion



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Trojan.Ransom-Infektion
autorun, avira, beseitigung, bho, brief, error, excel, fehler, firefox, flash player, format, google, home, install.exe, langs, logfile, mozilla, object, plug-in, realtek, recuva, registry, rundll, security, senden, software, starmoney, svchost.exe, tablet, tcp, teamspeak, visual studio, wrapper



Ähnliche Themen: Trojan.Ransom-Infektion


  1. Trojan-Ransom.Win32.Blocker.cbsn & Trojan-Spy.Win.32.Zbot.nsur eingefangen -.-
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (23)
  2. Nach spontanen mbam scan: Trojan.Phex.THAGen6 und Trojan.Ransom.ED
    Log-Analyse und Auswertung - 22.12.2013 (1)
  3. Trojan.Ransom.SUGen/PUM.Hijack.StartMenu/und Trojan Ransom
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (2)
  4. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  5. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  7. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  8. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  9. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  10. Trojan.Downloader, Riskware.tool.ck, exploit.drop.gs & Trojan.Ransom.SUGen in different locations!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (1)
  11. 2 Funde Trojan.Ransom.SUGen Trojan.Ransom
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (15)
  12. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  13. Hilfe Virus! Internet tot!Trojan.Ransom.FGen Trojan.0Access
    Log-Analyse und Auswertung - 07.10.2012 (13)
  14. Infektion mit GVU Trojaner;Trjan.0Accsess,Ransom.Gen,Delf,Dropper.BCMiner,Drop.Gs
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  15. Auf meinem PC: PUM.Disabled.SecurityCenter, Exploit.Drop.GS, Trojan.Delf, Trojan.Ransom.Gen
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (29)
  16. Trojaner-Infektion auf Windows Vista (Exploit.Drop, Trojan.Ransom.Gen...)
    Log-Analyse und Auswertung - 30.08.2012 (3)
  17. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)

Zum Thema Trojan.Ransom-Infektion - Anti-Malware vermeldet mir den Fund des Trojan.Ransom. Nun erbitte ich eure Hilfe bei der endgültigen Beseitigung des Fieslings. Der Anti-Malware-Log: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank - Trojan.Ransom-Infektion...
Archiv
Du betrachtest: Trojan.Ransom-Infektion auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.