Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.01.2013, 20:07   #1
User4713
 
BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft - Standard

BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft



Hallo!

Ich bitte um Unterstützung bei der Nachbereinigung meines Systems (Notebook, Specs dürften ja in den Logs sein, die ich im Theatstart sogleich einfüge.

Sachverhalt ganz kurz:

1. Beim Streaming hatte ich einen der "üblichen" Sperrbildschirme mit Zahlungsaufforderung etc..

2. Nach den Anweisungen, die Kaspersky zum Unlocker gibt:
Rescue Disk vom USB gebootet, Unlocker zum öffnen des Systems verwendet.
Soweit ich das sagen kann, war das System wieder voll lauffähig.

3. Nachdem Northon 360 keinen Fund hatte, Emsisoft verwendet;

(Ich nehme an, dass der zweite Trojan ein falscher Anschlag war. Der Pfad verweist auf den Speicherort von GMER)

Quarantine Log:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
quarantine log

Datum	Ursprung	Vorgang	Verhalten/Infektion
14.01.2013 23:38:29	C:\Users\pc\Downloads\gmer-2.0.18444.exe	In Quarantäne gestellt	Trojan.Generic.8557653 (B)
13.01.2013 08:53:01	C:\Users\pc\AppData\Roaming\skype.dat	In Quarantäne gestellt	Trace.File.ScreenLocker (A)
         

5. GMER durchlaufen Lassen

Ergebnis:

Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-13 13:40:24
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 Hitachi_ rev.PB2O 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\pc\AppData\Local\Temp\uxldapow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                      0000000076f81401 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                        0000000076f81419 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                      0000000076f81431 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                      0000000076f8144a 2 bytes [F8, 76]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                         0000000076f814dd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                  0000000076f814f5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                         0000000076f8150d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                  0000000076f81525 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                        0000000076f8153d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                             0000000076f81555 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                      0000000076f8156d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                        0000000076f81585 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                           0000000076f8159d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                        0000000076f815b5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                      0000000076f815cd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                  0000000076f816b2 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[1668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                  0000000076f816bd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                        0000000076f81401 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                          0000000076f81419 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                        0000000076f81431 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                        0000000076f8144a 2 bytes [F8, 76]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                           0000000076f814dd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                    0000000076f814f5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                           0000000076f8150d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                    0000000076f81525 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                          0000000076f8153d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                               0000000076f81555 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                        0000000076f8156d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                          0000000076f81585 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                             0000000076f8159d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                          0000000076f815b5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                        0000000076f815cd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                    0000000076f816b2 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe[1712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                    0000000076f816bd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     0000000076f81401 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       0000000076f81419 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     0000000076f81431 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     0000000076f8144a 2 bytes [F8, 76]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        0000000076f814dd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 0000000076f814f5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        0000000076f8150d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 0000000076f81525 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       0000000076f8153d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            0000000076f81555 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     0000000076f8156d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       0000000076f81585 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          0000000076f8159d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       0000000076f815b5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     0000000076f815cd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 0000000076f816b2 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 0000000076f816bd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     0000000076f81401 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       0000000076f81419 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     0000000076f81431 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     0000000076f8144a 2 bytes [F8, 76]
.text    ...                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        0000000076f814dd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 0000000076f814f5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        0000000076f8150d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 0000000076f81525 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       0000000076f8153d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            0000000076f81555 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     0000000076f8156d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       0000000076f81585 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          0000000076f8159d 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       0000000076f815b5 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     0000000076f815cd 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 0000000076f816b2 2 bytes [F8, 76]
.text    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 0000000076f816bd 2 bytes [F8, 76]

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef9b7741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef9b75f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef9b75674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef9b75e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef9b77f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef9b76a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef9b76ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef9b77b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef9b77ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef9b778b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef9b74fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef9b75d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2008] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef9b77584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2132]                                                                                                                    00000000608ae21c
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2704]                                                                                                                    000000006be03bf2
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2956]                                                                                                                    0000000072967019
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2964]                                                                                                                    000000007277eec8
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2972]                                                                                                                    000000007277eec8
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:2976]                                                                                                                    000000007277eec8
Thread   C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864:3056]                                                                                                                    0000000072031854
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:196]                                                                                                                000007fef0e0cc10
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:3620]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:2620]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:2280]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:3340]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4112]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4120]                                                                                                               000007fef0ddf718
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4128]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4140]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4144]                                                                                                               000007fef0cc143c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:4412]                                                                                                               000007fef1306050
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644:3972]                                                                                                               000007fef0ccb564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4168:4440]                                                                                                              000007fefc282a7c
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [1864]                                                                                                0000000073420000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2948]                                                                                                000000006b0d0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [644]                                                                                           000007fef7030000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4168]                                                                                          000007fefd9d0000

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.0 ----

         
5. Superantispyware durchlaufen lassen: Kein Fund.

6. Zuerst für einige Zeit durchgeschnauft und Das System zur Seite gestellt. Einzelne Dateien (Fotos, Textdokumente) auf einen USB-Stick gezogen. Aber ich wollte gerne sicher sein, dass das System verwendet werden kann, ohne spätere böse Überraschungen.

Deshalb jetzt noch OTL:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 15.01.2013 19:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 46,87% Memory free
7,49 Gb Paging File | 5,16 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215,74 Gb Total Space | 148,14 Gb Free Space | 68,67% Space Free | Partition Type: NTFS
Drive D: | 16,85 Gb Total Space | 2,42 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
 
Computer Name: PC-HP | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 18:44:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
PRC - [2013.01.14 02:37:54 | 001,868,432 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2013.01.12 03:31:53 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.10.28 13:12:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Tools\Firefox\firefox.exe
PRC - [2012.10.28 13:12:37 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Tools\Firefox\plugin-container.exe
PRC - [2012.04.03 16:17:53 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
PRC - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 03:31:53 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012.10.28 13:12:37 | 002,295,264 | ---- | M] () -- C:\Tools\Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010.06.17 17:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.19 18:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013.01.14 02:37:54 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012.12.12 18:02:06 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 22:42:44 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.07.06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.11.05 00:11:35 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.06.17 18:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.17 17:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.23 02:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.23 02:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.08 03:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.08 03:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.10.07 00:05:26 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.10.07 00:02:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009.08.24 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2012.12.08 23:50:46 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130115.002\ex64.sys -- (NAVEX15)
DRV - [2012.12.08 23:50:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.12.08 23:50:46 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20130115.002\eng64.sys -- (NAVENG)
DRV - [2012.10.24 00:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.09.01 01:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20130113.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.09 14:04:03 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.04.30 17:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc)
DRV - [2012.04.30 17:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010.05.05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {91A0D425-B370-4C12-9E68-35FD7DAD1442}
IE:64bit: - HKLM\..\SearchScopes\{22C4AF48-5BD2-488A-9FD9-3FAB9C11643D}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{26554D48-3932-4A34-B58A-AF5B5F340608}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{91A0D425-B370-4C12-9E68-35FD7DAD1442}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {91A0D425-B370-4C12-9E68-35FD7DAD1442}
IE - HKLM\..\SearchScopes\{22C4AF48-5BD2-488A-9FD9-3FAB9C11643D}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{26554D48-3932-4A34-B58A-AF5B5F340608}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{91A0D425-B370-4C12-9E68-35FD7DAD1442}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\..\SearchScopes,DefaultScope = {91A0D425-B370-4C12-9E68-35FD7DAD1442}
IE - HKCU\..\SearchScopes\{22C4AF48-5BD2-488A-9FD9-3FAB9C11643D}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{26554D48-3932-4A34-B58A-AF5B5F340608}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKCU\..\SearchScopes\{91A0D425-B370-4C12-9E68-35FD7DAD1442}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.13.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Tools\Foxit\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.10 10:06:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2013.01.15 18:39:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.17 03:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Tools\Firefox\components [2012.10.28 13:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Tools\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Tools\Sunbird\components [2011.10.24 13:48:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Tools\Sunbird\plugins [2012.03.17 03:04:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Tools\Thunderbird\components [2012.12.16 22:18:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Tools\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Tools\Firefox\components [2012.10.28 13:12:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Tools\Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Tools\Thunderbird\components [2012.12.16 22:18:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Tools\Thunderbird\plugins
 
[2011.10.24 13:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2011.10.24 13:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.10.24 13:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Sunbird\Profiles\gbzom8xg.default\extensions
[2012.03.17 03:04:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.01.15 18:39:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_13_2
[2012.02.10 10:06:54 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\pc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\pc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88590A8D-6F1D-4310-8AB5-2AC203C3EA6E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 18:44:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2013.01.15 12:18:14 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.01.15 12:18:14 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.01.14 12:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.14 12:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.14 11:53:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.13 15:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.01.13 14:25:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\SUPERAntiSpyware.com
[2013.01.13 13:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013.01.13 11:57:28 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\Programs
[2013.01.13 06:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.01.13 06:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.01.13 06:38:21 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Anti-Malware
[2013.01.13 05:30:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.08 16:55:32 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Museumsnacht
[2013.01.08 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Mittelalter
[2013.01.08 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Halloween 2012
[2012.12.30 00:03:11 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\My Games
[2012.12.30 00:01:47 | 000,000,000 | ---D | C] -- C:\GOG Games
[2012.12.30 00:01:11 | 163,977,944 | ---- | C] (GOG.com                                                     ) -- C:\Users\pc\Desktop\setup_ftl_2.0.0.9.exe
[2012.12.17 20:17:47 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\Equilibrium - Demo
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 18:46:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 18:46:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 18:44:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\OTL.exe
[2013.01.15 18:38:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 18:38:17 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 13:27:11 | 000,023,905 | ---- | M] () -- C:\Users\pc\Documents\PatVV.odt
[2013.01.15 12:18:14 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013.01.15 12:18:14 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013.01.14 11:59:13 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.01.13 15:33:54 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.01.13 13:40:38 | 000,000,007 | ---- | M] () -- C:\Users\pc\Desktop\Neues RTF-Dokument.rtf
[2013.01.13 11:16:38 | 000,042,452 | ---- | M] () -- C:\Users\pc\Desktop\cc_20130113_111622.reg
[2013.01.13 06:39:03 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.13 04:08:56 | 000,000,004 | ---- | M] () -- C:\Users\pc\AppData\Roaming\skype.ini
[2013.01.13 03:58:12 | 000,058,880 | ---- | M] () -- C:\Users\pc\3552034.exe
[2013.01.10 07:28:48 | 000,306,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:08:52 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.10 03:08:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.10 03:08:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.10 03:08:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.10 03:08:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.08 14:20:07 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpc.job
[2013.01.01 03:44:58 | 000,001,043 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.31 01:12:25 | 032,052,483 | ---- | M] () -- C:\Users\pc\Desktop\HexenhammerSprenger1923.pdf
[2012.12.30 00:02:08 | 000,001,678 | ---- | M] () -- C:\Users\Public\Desktop\Faster Than Light.lnk
[2012.12.29 23:48:24 | 007,168,064 | ---- | M] (                                                            ) -- C:\Users\pc\Desktop\patch_faster_than_light_2.0.0.9.exe
[2012.12.29 23:48:12 | 163,977,944 | ---- | M] (GOG.com                                                     ) -- C:\Users\pc\Desktop\setup_ftl_2.0.0.9.exe
[2012.12.19 22:59:47 | 000,019,230 | ---- | M] () -- C:\Users\pc\Documents\Fish.odt
[2012.12.17 11:58:12 | 000,018,853 | ---- | M] () -- C:\Users\pc\Documents\Frohes Fest Ariadne.odt
 
========== Files Created - No Company Name ==========
 
[2013.01.15 13:15:15 | 000,023,905 | ---- | C] () -- C:\Users\pc\Documents\PatVV.odt
[2013.01.14 11:59:12 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.01.13 15:33:54 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2013.01.13 13:40:38 | 000,000,007 | ---- | C] () -- C:\Users\pc\Desktop\Neues RTF-Dokument.rtf
[2013.01.13 11:16:32 | 000,042,452 | ---- | C] () -- C:\Users\pc\Desktop\cc_20130113_111622.reg
[2013.01.13 06:39:02 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.01.13 03:58:36 | 000,000,004 | ---- | C] () -- C:\Users\pc\AppData\Roaming\skype.ini
[2013.01.13 03:58:12 | 000,058,880 | ---- | C] () -- C:\Users\pc\3552034.exe
[2012.12.31 01:12:24 | 032,052,483 | ---- | C] () -- C:\Users\pc\Desktop\HexenhammerSprenger1923.pdf
[2012.12.30 00:02:08 | 000,001,678 | ---- | C] () -- C:\Users\Public\Desktop\Faster Than Light.lnk
[2012.12.30 00:01:11 | 007,168,064 | ---- | C] (                                                            ) -- C:\Users\pc\Desktop\patch_faster_than_light_2.0.0.9.exe
[2012.12.19 22:59:45 | 000,019,230 | ---- | C] () -- C:\Users\pc\Documents\Fish.odt
[2012.12.17 11:58:10 | 000,018,853 | ---- | C] () -- C:\Users\pc\Documents\Frohes Fest Ariadne.odt
[2012.10.14 20:02:11 | 000,030,439 | ---- | C] () -- C:\Windows\scunin.dat
[2012.09.14 20:28:54 | 000,039,632 | ---- | C] () -- C:\Users\pc\Expert2.lst
[2012.09.14 20:28:52 | 000,000,101 | ---- | C] () -- C:\Users\pc\Expert2.prf
[2012.09.14 20:28:49 | 000,004,988 | ---- | C] () -- C:\Users\pc\Expert2.dic
[2012.09.10 12:41:25 | 000,002,119 | ---- | C] () -- C:\Users\pc\.recently-used.xbel
[2012.04.29 10:23:33 | 000,025,912 | ---- | C] () -- C:\Users\pc\AppData\Local\recently-used.xbel
[2012.04.22 00:16:40 | 000,005,451 | ---- | C] () -- C:\Users\pc\.heldEinstellungen4_1.xml
[2012.04.22 00:16:38 | 000,000,266 | ---- | C] () -- C:\Users\pc\.dsa4.properties
[2012.03.08 23:25:46 | 000,000,034 | ---- | C] () -- C:\Users\pc\AppData\Roaming\Spin Chat Preferences
[2011.10.14 11:00:02 | 000,010,476 | ---- | C] () -- C:\Users\pc\AppData\Roaming\SmarThruOptions.xml
[2011.10.14 10:59:46 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\sskinst.exe
[2011.10.14 10:59:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2011.10.14 10:59:28 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2011.10.14 10:59:10 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.10.14 10:59:09 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.07 00:44:36 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Amazon
[2011.09.13 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\BrainYoo
[2013.01.15 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Dropbox
[2012.08.01 16:36:36 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DVDVideoSoft
[2012.08.01 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.06 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\FloodLightGames
[2012.09.10 12:41:25 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\gtk-2.0
[2011.09.24 15:45:54 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\JonDo
[2011.12.11 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.09.06 15:14:54 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenOffice.org
[2012.02.04 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Opera
[2011.10.14 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SmarThru4
[2011.09.02 11:59:52 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Thunderbird
[2011.09.06 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >
         
Und Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 19:42:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 46,87% Memory free
7,49 Gb Paging File | 5,16 Gb Available in Paging File | 68,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215,74 Gb Total Space | 148,14 Gb Free Space | 68,67% Space Free | Partition Type: NTFS
Drive D: | 16,85 Gb Total Space | 2,42 Gb Free Space | 14,38% Space Free | Partition Type: NTFS
 
Computer Name: PC-HP | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Tools\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022F2CC1-160A-41D7-8298-FC3F61B7B535}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{02BEFDBC-F01C-4BFD-A278-B73441BBAB22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F347744-2A82-4CA9-9AAC-C1430F14F38B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0F5A91CD-79E7-454A-86B1-007CFA557987}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{20ED43E8-2A40-43E4-85D9-BE6B69F8DCDE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{26A3D220-ED05-476A-8364-DC5E8C4B6FA4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{377F76A1-7ADA-40AF-9159-B66A5DBC600D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{42380E36-157A-4F1C-87DC-51C7F0C4A072}" = lport=137 | protocol=17 | dir=in | app=system | 
"{52FF6AB5-5B67-4545-B22F-371D95CAD319}" = lport=445 | protocol=6 | dir=in | app=system | 
"{590D7485-828D-4D52-85ED-18C6CF696A81}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6C405A79-DE4A-4084-90B9-58D7B561B515}" = lport=138 | protocol=17 | dir=in | app=system | 
"{74196756-935B-4F7A-8105-2C40DD023E50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7EF0409A-3E10-44E5-B301-8D142FDE568E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{919630D7-C3C0-482A-AB4F-0ECABF3FEA34}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9EB1ECCC-A724-4C04-9D7B-9FAC57475A1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A01A1834-B44F-4AF7-B4B4-D8DE852C3D9C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A22E58E6-6D5B-42B0-AE14-DC8F87449FEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B322D545-7BA4-47ED-95A2-567CD66A6494}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C7FA5085-C725-40E2-A2B7-B95D64FCABE6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D167818E-401E-4EDA-B723-FBF6563CC787}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D50A87F7-75C4-4EC0-B63C-C767B84E960F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E60F18A1-F886-423B-B5F5-B2E892076233}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED2D17A7-5914-4912-9542-8CE54FE15558}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C5876E-E981-4A36-B8FB-9A689D67B068}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{17A6CF61-47CD-44A0-BAC1-34D16F9D0024}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FC508B3-B5A2-4D1E-B212-B96649A3A443}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35B55390-C5E8-49BE-8F18-5EE57B302441}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{372DA243-BDCA-45DE-B759-DD75A9B9FCFE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3EFD68E0-E46F-4110-AEEB-FFB20AA86471}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{40FB2214-7A59-401D-B7D2-F0DC5E0A2539}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{425B7056-4529-4F73-9D88-6FCCE6B6C428}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4D788079-41B5-4615-9328-0CEDD0C5C601}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5142A7A3-5C6D-472A-9AFD-DFD5C6944E02}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{59B06395-400B-4481-9D3D-F735FA6824D3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5C528F2D-AF9A-4096-882F-70706819F38C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61FE9F5F-D162-481A-9809-41B9EB921D5C}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{626981AC-7E02-4313-B13F-E5365F59CC9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DF048E9-212D-40A9-9EAA-516D684757F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6EF5DCDF-DC58-4D69-944A-E8C4AE386FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{8DE5E178-9BF6-43F9-9D8B-89A8FF1E2A26}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{8E240DD5-DAA5-484C-8101-4AB3EDD77700}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{8E4EFCE0-C178-4E00-A887-4A573C43BB4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98EFAF62-6103-4D24-A75A-530439347233}" = protocol=6 | dir=in | app=c:\games\todelete\game.dat | 
"{A48EA7BF-46AC-40AE-B485-5071CC479825}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A5728B7B-C004-4365-B269-7930D41B9033}" = protocol=6 | dir=out | app=system | 
"{A5B771E0-CCCE-4379-AE82-D07CC43FE79D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA136D60-22C4-454C-B694-80CCB15A276F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4ED8928-D7CD-40D5-974B-9F441A03EAFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BD083B56-172A-45E5-88E3-0370F41236E1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C3A8E762-9A1E-49B7-B7ED-20AF50F6BE41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C59E8566-6950-4D67-B074-9E1193F2351E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA9ACB03-68FC-4775-A85F-88995C4FC847}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CCA326D5-131F-418F-B3A8-A8656DD4EE65}" = protocol=17 | dir=in | app=c:\games\todelete\game.dat | 
"{EC3E81CD-2F23-45BB-93E7-6C8298637059}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F5949AB9-87A0-406D-B777-0C92D8DFACA4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{FC8D263A-7FCA-47C3-98CF-D8219A3E89C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FE0AF8B0-5083-42A2-8205-AD736FDD67C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6C97B34C-51D6-49FB-9FEC-C4669CA866EF}" = CIB pdf brewer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{C8118019-96B5-42FB-9A45-5D82D1CB62EE}" = AxCrypt 1.7.2867.0
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3673845-DF42-4482-A7A6-213EFED8F5B9}_is1" = BrainYoo 1.51.7
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Comodo Dragon" = Comodo Dragon
"DivX Setup" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GOGPACKFTL_is1" = Faster Than Light
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"JAP" = JAP
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"Mozilla Thunderbird (6.0.1)" = Mozilla Thunderbird (6.0.1)
"My HP Game Console" = HP Game Console
"N360" = Norton 360
"Opera 11.62.1347" = Opera 11.62
"SmarThru PC Fax" = SmarThru PC Fax
"Spin Upload" = Spin Upload 1.0
"ST6UNST #1" = The Drawing Board v2 Beta
"Starcraft" = Starcraft
"The Guild Gold_is1" = The Guild Gold
"Timers" = Timers
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2012 22:38:03 | Computer Name = pc-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 15.12.2012 22:39:00 | Computer Name = pc-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 18.12.2012 10:10:18 | Computer Name = pc-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.12.2012 10:11:29 | Computer Name = pc-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.12.2012 22:05:20 | Computer Name = pc-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 20.12.2012 22:06:21 | Computer Name = pc-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.12.2012 06:31:05 | Computer Name = pc-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.12.2012 06:32:11 | Computer Name = pc-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.12.2012 21:54:39 | Computer Name = pc-HP | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.12.2012 21:55:38 | Computer Name = pc-HP | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Hewlett-Packard Events ]
Error - 26.09.2012 08:14:08 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 03.10.2012 08:11:15 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 10.10.2012 14:13:32 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 17.10.2012 17:07:36 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 24.10.2012 08:23:54 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 31.10.2012 09:32:47 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 07.11.2012 09:18:11 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 14.11.2012 21:29:41 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 21.11.2012 09:42:59 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 28.11.2012 21:24:15 | Computer Name = pc-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 3834  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
[ HP Wireless Assistant Events ]
Error - 04.09.2012 17:15:15 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 06.09.2012 14:12:39 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 09.10.2012 03:16:43 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 09.10.2012 10:23:11 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 19.10.2012 16:09:14 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 31.10.2012 09:24:26 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 08.11.2012 19:45:07 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 16.11.2012 18:23:00 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 23.11.2012 14:17:35 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 28.11.2012 21:16:01 | Computer Name = pc-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 14.01.2013 11:45:45 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 14.01.2013 11:48:37 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 14.01.2013 11:48:42 | Computer Name = pc-HP | Source = DCOM | ID = 10005
Description = 
 
Error - 14.01.2013 11:48:42 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 14.01.2013 11:48:42 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 14.01.2013 11:49:39 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 14.01.2013 12:19:08 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 14.01.2013 20:36:49 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 15.01.2013 07:14:41 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
Error - 15.01.2013 13:38:59 | Computer Name = pc-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%20
 
 
< End of report >
         

Sollte ich Hilfe bekommen, wäre ich meinem Helfer sehr verbunden, wenn er sich den (zusätzlichen) Moment Zeit nehmen könnte, mir ein einem Satz oder so zu sagen, was ich da tue, wenn ich einen Fix bekomme und ggf. warum er tut, was er tut. Das habe ich sehr vermisst, als ich die Hilfeforen gelesen habe. Gerne auch per PM.

Soweit ich OTL verstehe, wurden um 3:58 am 13.01.2013 zwei Dateien erstellt, die mit der Infektion in Zusammenhang stehen, und von der eine den Schädling enthielt? Die Dateien sind aber noch vorhanden. (?)

In jedem Fall freue ich mich aber über Unterstützung um das System wieder in Ordnung zu bringen.

Viele Grüße!

P.S.: Der Rechner ist über einen Cisco Client für ein Arbeiten an der Uni vorgesehen, was ich bisher allerdings wegen der ungeklärten Lage unterlassen habe.

Nachtrag;

Nachdem Emsisoft nur den einen File als Bedrohung erkannt hatte, habe ich jetzt doch noch ESET durchlaufen lassen, wie in der Anleitung hier im Forum beschrieben.


ESET Online Scanner

C:\Users\pc\3552034.exe a variant of Win32/Injector.ABFD trojan

Nach Rücksprache mit kommerziellem Support habe ich mich nun doch zur Formattierung und zum Neuaufsetzen des Systems entschlossen.

Der Threat kann geschlossen und von einem Mod oder Admin gelöscht werden.

Geändert von User4713 (15.01.2013 um 20:21 Uhr) Grund: Klarstellung wegen VPN Client

Antwort

Themen zu BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft
application/pdf:, autorun, bka-trojaner, browser, browser.exe, ccc.exe, converter, diner dash, emsisoft, fehler, firefox, flash player, helper, install.exe, kaspersky, kaspersky verwendet, launch, mom.exe, mozilla, nachbehandlung, plug-in, realtek, registry, richtlinie, schädling, security, software, symantec, trojan, unknown mbr, warum, win 7 64 bit, win32/injector.abfd



Ähnliche Themen: BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft


  1. BKA-Trojaner und Kaspersky Rescue Disk; PC Winows 7
    Log-Analyse und Auswertung - 31.07.2014 (1)
  2. Keine Netzwerkverbindung mit Kaspersky Rescue Disk
    Alles rund um Windows - 04.03.2014 (11)
  3. Interpol Trojaner mit Kaspersky Rescue Disk 10 entfernen geht nicht.
    Log-Analyse und Auswertung - 21.12.2013 (15)
  4. Kaspersky Rescue Disk Bericht
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (1)
  5. 2x | Kaspersky Rescue Disk Bericht
    Mülltonne - 12.09.2013 (1)
  6. Bundespolizei Trojaner, Probleme mit Kaspersky Rescue Disk.....
    Log-Analyse und Auswertung - 18.02.2013 (3)
  7. GVU Trojaner mit Kaspersky Rescue Disk 10 evtl nicht richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2012 (12)
  8. DLL-Fehler nach Polizei-Malware Entfernung mit Kaspersky Rescue Disk 10
    Log-Analyse und Auswertung - 07.11.2012 (10)
  9. PC gesperrt, kASPERSKY Rescue Disk bootet nicht.
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (16)
  10. Kaspersky Rescue Disk funktioniert nicht
    Log-Analyse und Auswertung - 27.10.2012 (1)
  11. Kaspersky Rescue Disk, updatequelle nicht gefunden, keine Netzwerkverbindung
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  12. BKA (UKASH) Trojaner - mit Kaspersky Rescue Disk entfernt - Reicht das?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (9)
  13. BKA-Virus nicht durch Kaspersky Rescue Disk erkannt
    Plagegeister aller Art und deren Bekämpfung - 16.09.2011 (14)
  14. Virenbekämpfung mit Kaspersky rescue disk 10 ... hängengeblieben?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.07.2011 (15)
  15. Kaspersky Rescue Disk 10
    Alles rund um Windows - 18.06.2011 (1)
  16. Kaspersky Rescue Disk
    Anleitungen, FAQs & Links - 24.03.2010 (3)

Zum Thema BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft - Hallo! Ich bitte um Unterstützung bei der Nachbereinigung meines Systems (Notebook, Specs dürften ja in den Logs sein, die ich im Theatstart sogleich einfüge. Sachverhalt ganz kurz: 1. Beim Streaming - BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft...
Archiv
Du betrachtest: BKA-Ransomware: Unterstützung bei Nachbereinigung nach Symptombeseitigung mir Kaspersky Rescue Disk 10 und Emsisoft auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.