Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FBI Moneypack Virus/Trojaner - kein Zugriff

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.05.2013, 09:43   #1
Janine80
 
FBI Moneypack Virus/Trojaner - kein Zugriff - Standard

FBI Moneypack Virus/Trojaner - kein Zugriff



Hallo liebes Forum!

Gestern Abend erschien plötzlich während des Internetsurfens (bei Pinterest) eine Seite, vermeintlich vom FBI, die mich aufforderte Geld zu zahlen. Mein Computer ist nun blockiert und auch meine Webcam wurde gehackt, so dass ich mich selbst sehen konnte.

Ich komme lediglich in den abgesicherten Modus mit Eingabeaufforderung. Wenn ich nur den einfachen abgesicherten Modus wähle, erscheint ein schwarzer Bildschirm. An meine Daten komme ich nicht mehr. Noch ein HInweis - die Datei des Virus/Trojaners endet auf: ugopa gopojy zoz. Ich weiß nicht, ob das weiterhilft.

Im Internet bin ich nur auf dubiose Seiten gestoßen. Daher wende ich mich gleich an Euch. Ihr hattet mir schon einmal geholfen. Ich hatte damals auch entsprechende Programme installiert, wie z. B. Sandbox, die ich aber nicht beim "normalen" Surfen verwende. Naja, nun weiß ich, dass man sie wirklich immer nutzen sollte ... auch beim harmlosen surfen.

Aktuell nutze ich den PC meines Freundes. Hierüber könnte ich entsprechende Dateien runterladen.

Was genau kann ich tun?

Über Eure Hilfe würde ich mich sehr freuen!!
Vielen Dank und beste Grüße,
Janine

Geändert von Janine80 (09.05.2013 um 09:54 Uhr)

Alt 09.05.2013, 12:50   #2
M-K-D-B
/// TB-Ausbilder
 
FBI Moneypack Virus/Trojaner - kein Zugriff - Standard

FBI Moneypack Virus/Trojaner - kein Zugriff






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Wir versuchen OTL im abgesicherten Modus mit Eingabeaufforderung zu starten:




Lade dir auf einem Zweitrechner bitte OTL (von Oldtimer) herunter und speichere es auf einen USB-Stick (nicht in einen Unterordner!).
  • Schließe diesen USB-Stick nun an den infizierten Rechner an.
  • Starte den infizierten Computer in den abgesicherten Modus mit Eingabeaufforderung.
  • In der Kommandozeile gib nun notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Arbeitsplatz.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schließe Notepad wieder.
  • Gib nun bitte folgenden Befehl in die Kommandozeile ein und drücke Enter:
    e:\OTL.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
    Es sollte sich nun das Fenster von OTL öffnen.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) angezeigt und auf dem USB-Stick gespeichert.
  • Poste bitte auf dem Zweitrechner den Inhalt dieser Logfiles hier in den Thread.
__________________

__________________

Alt 09.05.2013, 15:44   #3
Janine80
 
FBI Moneypack Virus/Trojaner - kein Zugriff - Standard

FBI Moneypack Virus/Trojaner - kein Zugriff



Hallo Matthias,

vielen Dank, dass Du mir bei emeinem Problem hilfst!!
Ich habe das Programm heruntergeladen und meinen PC im abgesicherten Modus mit Eingabeaufforderung geöffnet. Leider kann ich noch nicht einmal die .txt-Datei speichern, egal wo.

Wie verfahre ich weiter?


Danke und beste Grüße,
Janine

Ok, ich habe es einfach ohne diese .txt-Datei versucht und habe auch zwei Dateien nach dem Scan erhalten.

Hier zuerst das Ergebnis aus Extra.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 16:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = e:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,67% Memory free
4,21 Gb Paging File | 4,03 Gb Available in Paging File | 95,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 80,85 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Drive E: | 14,96 Gb Total Space | 5,35 Gb Free Space | 35,78% Space Free | Partition Type: FAT32
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Classes\<extension>]
.exe [@ = {132C4A06-1316-2911-0E3B-000100000EBD}] -- C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe (PEERNET Inc.)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CCA0D2C-E4E0-4E87-AAFA-401F34112694}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{27F5E031-5B43-44C2-9D53-1CE2E1D1C797}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{36959419-9838-47A0-BEDC-753CBD5ECD0F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{38C7D479-E5A5-45EC-9F51-487B2A80B4ED}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4D95DC6E-E8FA-415C-8EB3-55CD2826F060}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5D6AE7D7-2007-4F8A-A736-44381F4E4929}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{5F1A80AF-AAFA-45F8-A424-AAC2AD891CB6}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{883A6B86-FCA0-493E-925C-1317EBD2E51F}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{93072909-AFA5-4011-B89C-D4289A02A8C8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9D0A09FD-C079-40F6-BA8F-F109F6CD0739}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{BAFAA578-D81B-4516-B67C-FC7315A2CA97}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{D12D6AB6-361C-4D26-88BC-19D35D35313C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E6129E1B-3351-413E-9FEA-4D9BD1295078}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC55CD53-9196-4E9E-B207-B434D40C6E50}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EEC2E408-129A-4AEA-803D-8C55D34831EF}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{F6F6C267-B81E-44AE-AA73-1922EEF73A8A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F8C8B814-6125-4A31-BDF6-27E492D844E5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B7638-5DE7-4D8F-86BC-6E51776F315A}" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{029EE8BE-8B95-402D-8B33-75813846EFAF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0689C1CE-BDE4-471A-B91B-ED2FB8752219}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1A448E56-4B5B-4C03-8B99-80A4EC5D535D}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{232E1C8A-1249-4877-85DC-1F63BC2A23B1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{319920CC-8A17-4C72-A44E-BFFFB64F45C5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{331A5F83-042B-4ABB-932F-F411293B9D16}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{3C565502-4DDC-4E9C-95B6-18CDCA28B40B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{3D29157F-DF83-4B15-9D22-965A3EC0BC1F}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{47A7001B-084C-4D69-B944-A33A86A86168}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{4B188B7C-63B2-4D94-9DD2-107182EC5FEE}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{56201BDF-E15D-4C44-9F18-0B8607F8F25E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{631C5681-0416-49E7-9A3C-5F34808DFC92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6530119A-9BF6-4C83-9463-375592F6F94C}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{71219B40-80A2-49D0-B4FC-F728053A5536}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7DF74687-DE9D-4C12-B362-6DA2A2CD0ADC}" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"{873E1B1A-F277-4691-84A0-635E1A7BD01E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8DA648AD-7A8F-44EB-9AE3-C525A828F37C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F1574FE-5368-44C5-808D-BE9911DF18BF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{93619E8A-43F2-494C-84FC-A5E7B531BADE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A62FF787-9A93-4AE9-B9A4-60A619F87F2F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{A68CAEB0-F7D1-49BD-B76F-D03204B32DA8}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 
"{ADABFC08-BE60-4B03-A9F0-7AA5664334A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B21713DF-ED73-4CD4-99FC-CF7134822494}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B9B885E8-717B-48E7-8FA5-D77AE52E2354}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{BE3BA0A3-9EA9-4528-B26A-21EAA82AF797}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{BFE56262-9C09-4FCA-9591-2675430F1E8D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C9D303DB-7D2B-4ABB-8964-046C9BC286D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C9F97C57-9575-486F-A5F4-304B9C5146B9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D40CBAD4-F475-4050-AD24-9C4AFE069307}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E7B8E2C3-4DC5-4416-B787-A42ADB0E0A5E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FE50E32C-E7D9-4D9A-90BE-6D49D36A7B86}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"TCP Query User{11022D4B-9A25-4447-B618-102FF391D289}C:\users\janine\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{33E98BB3-5C4E-4C63-8842-207D822D0F37}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{59DB1207-E5DE-45B9-B8E8-4A9E4F682A15}C:\Program Files\IBM\SPSS\statistics\20\JRE\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
"TCP Query User{6E2252C9-7974-4EC0-A805-C389DF402D0E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{A4585EBD-4D25-4608-9703-066A044365BF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{FC07FCF3-49ED-4DA1-A2FA-D493B700889B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{1917CE51-4913-42A3-8495-B6E2A588520C}C:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2ABC3DED-E9C8-4094-ABFB-D722A50658A6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{663ABE72-3A5E-4287-8BC5-A41B8A145845}C:\users\janine\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\janine\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{9DCBDCBE-D64B-44E4-A19A-42B8BBACF3C2}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{E882F980-0D0A-4F6C-97F2-985D603B431B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{FBC3AC9E-CA90-45BE-974B-9DE37E65BDEA}C:\Program Files\IBM\SPSS\statistics\20\JRE\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}" = IEEE 802.11g Wireless LAN driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = SuyinCam
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.0
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.22beta
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 6 (Testversion)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"imeshtoolbar2" = Search-Results Toolbar
"LG PC Suite IV" = LG PC Suite IV
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NewsLetter Pro_is1" = NewsLetter Pro - Deinstallation
"Picasa 3" = Picasa 3
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Sandboxie" = Sandboxie 3.62 (32-bit)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.0
"Zero" = Zero-Buchhaltung
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.6.0.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.09.2012 05:40:43 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1294075
 
Error - 14.09.2012 05:40:43 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1294075
 
Error - 14.09.2012 05:40:44 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.09.2012 05:40:44 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1295089
 
Error - 14.09.2012 05:40:44 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1295089
 
Error - 14.09.2012 05:40:45 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.09.2012 05:40:45 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1296088
 
Error - 14.09.2012 05:40:45 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1296088
 
Error - 14.09.2012 05:40:46 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.09.2012 05:40:46 | Computer Name = Janine-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1297086
 
[ OSession Events ]
Error - 19.03.2012 13:50:35 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4699
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 04.04.2012 08:18:39 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 275
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 19.04.2012 00:10:31 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 68714
 seconds with 5580 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2012 10:15:52 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82192
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.07.2012 03:43:27 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48342
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 15.04.2013 14:15:56 | Computer Name = Janine-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.05.2013 10:39:36 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 09.05.2013 10:45:35 | Computer Name = Janine-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 09.05.2013 10:45:35 | Computer Name = Janine-Laptop | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---


Hier das Ergebnis aus OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.05.2013 16:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = e:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,67% Memory free
4,21 Gb Paging File | 4,03 Gb Available in Paging File | 95,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 80,85 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Drive E: | 14,96 Gb Total Space | 5,35 Gb Free Space | 35,78% Space Free | Partition Type: FAT32
 
Computer Name: JANINE-LAPTOP | User Name: Janine | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.09 16:35:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- e:\OTL.exe
PRC - [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013.04.13 07:25:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 19:04:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.08 15:06:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.08.09 04:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.11.15 17:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] --  -- (mailKmd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.03.07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.03.07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.03.07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.03.07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.03.07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013.03.07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.03.07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.03.07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.02 17:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012.03.02 17:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012.03.02 17:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012.03.02 17:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2011.11.23 15:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.03.31 07:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007.02.07 19:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2006.11.15 19:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.15 14:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.15 12:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=1447365989214973&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 0A 66 A4 35 05 CD 01  [binary data]
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=e0c6c8a50000000000000007ca07162b
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\..\SearchScopes\{610726E0-B07A-43E4-80A3-9F7D49767291}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=1447365989214973&q={searchTerms}
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:14.0.482
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=e0c6c8a50000000000000007ca07162b&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.03.17 10:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 19:04:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 19:04:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.15 16:03:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Extensions
[2012.07.10 15:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2013.04.23 18:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Firefox\Profiles\mrviyxkn.default\extensions
[2012.09.15 16:02:42 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Janine\AppData\Roaming\mozilla\Firefox\Profiles\mrviyxkn.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2}
[2013.04.23 18:18:16 | 000,686,247 | ---- | M] () (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\firefox\profiles\mrviyxkn.default\extensions\feedly@devhd.xpi
[2013.02.23 12:01:40 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\firefox\profiles\mrviyxkn.default\extensions\firebug@software.joehewitt.com.xpi
[2012.09.15 16:02:24 | 000,002,685 | ---- | M] () -- C:\Users\Janine\AppData\Roaming\mozilla\firefox\profiles\mrviyxkn.default\searchplugins\Search_Results.xml
[2013.04.12 19:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 19:04:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.06 09:56:41 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.15 16:02:24 | 000,002,685 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.08 16:06:34 | 000,003,347 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 192.168.112.207
O1 - Hosts: 127.0.0.1 192.168.112.2o7.net
O1 - Hosts: 127.0.0.1 194.224.66.48
O1 - Hosts: 127.0.0.1 199.7.52.190
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 127.0.0.1 199.7.54.72
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 2o7.net
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 64 more lines...
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\Mediabar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\Programme\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\Programme\iMesh Applications\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-8883839-1194815376-2639807636-1000..\Run: [LG LinkAir]  File not found
O4 - HKU\S-1-5-21-8883839-1194815376-2639807636-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*EvtMgr32] C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe (PEERNET Inc.)
O4 - HKU\S-1-5-21-8883839-1194815376-2639807636-1000..\RunOnce: [*EvtMgr32] C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe (PEERNET Inc.)
O4 - Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Janine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ACB8AB6-7716-415E-994B-7C8ACC032845}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF773DD-A683-485C-8DF5-83702BD4EB3D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-8883839-1194815376-2639807636-1000 Winlogon: Shell - (C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe) - C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe (PEERNET Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-8883839-1194815376-2639807636-1000\...exe [@ = {132C4A06-1316-2911-0E3B-000100000EBD}] -- C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe (PEERNET Inc.)
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 21:36:50 | 000,329,728 | -HS- | C] (PEERNET Inc.) -- C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe
[2013.04.17 19:47:56 | 000,000,000 | ---D | C] -- C:\Users\Janine\Desktop\shop
[2013.04.12 19:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.10 17:34:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 17:34:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 17:34:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 17:34:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 17:34:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 17:34:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 17:34:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 17:34:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 17:11:18 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 17:11:17 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 17:11:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 17:05:13 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 17:05:03 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 16:42:24 | 000,631,270 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.09 16:42:24 | 000,598,294 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.09 16:42:24 | 000,126,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.09 16:42:24 | 000,104,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.09 16:38:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 09:27:07 | 139,640,409 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.09 08:18:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.09 08:18:28 | 000,006,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 08:18:27 | 000,006,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 21:52:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.08 21:36:23 | 000,329,728 | -HS- | M] (PEERNET Inc.) -- C:\Users\Janine\AppData\Roaming\{132C4A06-1316-2911-0E3B-000100000E2E}.exe
[2013.05.08 21:05:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.08 06:47:14 | 000,002,633 | ---- | M] () -- C:\Users\Janine\Desktop\Microsoft Office Excel 2007.lnk
[2013.05.07 15:54:41 | 000,002,631 | ---- | M] () -- C:\Users\Janine\Desktop\Microsoft Office Word 2007.lnk
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.13 07:25:57 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.13 07:25:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.10 18:43:39 | 001,722,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.17 10:25:18 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.03.17 10:25:18 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.02.11 16:21:17 | 000,000,966 | ---- | C] () -- C:\Windows\wiso.ini
[2012.11.06 10:44:20 | 000,004,096 | -H-- | C] () -- C:\Users\Janine\AppData\Local\keyfile3.drm
[2012.09.09 11:50:08 | 000,027,094 | ---- | C] () -- C:\Users\Janine\blockcart.zip
[2012.08.05 11:11:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.08.05 11:11:09 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012.05.31 11:55:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.05.31 11:55:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012.05.31 09:58:20 | 000,000,043 | ---- | C] () -- C:\Users\Janine\dlmgr_.pro
[2012.02.28 18:06:42 | 000,002,754 | ---- | C] () -- C:\Users\Janine\.recently-used.xbel
[2012.01.08 15:18:18 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.12.21 22:24:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.12.19 17:34:41 | 000,003,046 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.12.19 14:05:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011.12.19 14:05:39 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011.12.19 14:05:38 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.12.19 14:05:36 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011.12.19 08:33:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.12.19 08:24:57 | 000,631,270 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.12.19 08:24:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.12.19 08:24:57 | 000,126,690 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.12.19 08:24:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.12.19 08:15:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.19 08:15:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.19 00:59:28 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2011.12.19 00:32:21 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.12.19 00:32:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2011.12.19 00:25:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.12.19 00:17:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---
__________________

Alt 09.05.2013, 16:22   #4
M-K-D-B
/// TB-Ausbilder
 
FBI Moneypack Virus/Trojaner - kein Zugriff - Standard

FBI Moneypack Virus/Trojaner - kein Zugriff



Servus,



Aus deiner Logdatei:
Zitat:
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Damit ist das Thema beendet.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 09.05.2013, 17:42   #5
Janine80
 
FBI Moneypack Virus/Trojaner - kein Zugriff - Standard

FBI Moneypack Virus/Trojaner - kein Zugriff



Dann bitte ich um die Löschung meines Beitrages.


Antwort

Themen zu FBI Moneypack Virus/Trojaner - kein Zugriff
abgesicherten, beste, blockiert, computer, dateien, daten, forum, gehackt, geld, installiert, interne, kein zugriff, modus, nutze, nutzen, plötzlich, programme, schwarzer, seite, seiten, webcam, wirklich, würde, zugriff



Ähnliche Themen: FBI Moneypack Virus/Trojaner - kein Zugriff


  1. Virus - Kein zugriff mehr auf meine Daten
    Log-Analyse und Auswertung - 21.03.2015 (3)
  2. BKA Virus, auch im abgesicherten Modus kein Zugriff auf PC
    Log-Analyse und Auswertung - 30.09.2013 (29)
  3. GVU Trojaner und kein Windows Zugriff
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (2)
  4. GVU Trojaner und kein Zugriff auf abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (12)
  5. GVU Trojaner, kein Zugriff mehr möglich
    Log-Analyse und Auswertung - 19.02.2013 (5)
  6. AKM 50€ Trojaner Win 7, kein Zugriff auf Computer, OTL bei
    Log-Analyse und Auswertung - 23.09.2012 (1)
  7. (2x) GEMA-Trojaner, kein Zugriff möglich, kein Laufwerk vorhanden
    Mülltonne - 25.03.2012 (1)
  8. nach GEMA Virus kein Zugriff auf den Rechner
    Log-Analyse und Auswertung - 15.12.2011 (1)
  9. Kein Zugriff auf Ordner von USB-Stick nach Virus!
    Plagegeister aller Art und deren Bekämpfung - 11.11.2011 (3)
  10. Virus dank Malwarebytes weg - alle Dateien noch da, aber kein Zugriff möglich
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (10)
  11. Kaspersky, TeamViewer & Internet deaktiviert / kein Zugriff -> Virus?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2011 (3)
  12. Kein Zugriff auf Haupt-Benutzerkonto - Virus möglich?
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  13. BKA Trojaner, kein zugriff auf desktop.
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (4)
  14. Kein Zugriff auf Festplatten, Trojaner ?
    Log-Analyse und Auswertung - 15.01.2009 (0)
  15. VIRUS ALERT! neben Windows Uhr, Kein Zugriff auf Sytemsteuerung und Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 19.08.2008 (11)
  16. Kein Desktop zugriff???? Virus !!!!!!!
    Plagegeister aller Art und deren Bekämpfung - 06.06.2008 (1)
  17. Kein Zugriff auf Arbeitsplatz, Internet, alles langsam... Virus???
    Log-Analyse und Auswertung - 12.11.2006 (8)

Zum Thema FBI Moneypack Virus/Trojaner - kein Zugriff - Hallo liebes Forum! Gestern Abend erschien plötzlich während des Internetsurfens (bei Pinterest) eine Seite, vermeintlich vom FBI, die mich aufforderte Geld zu zahlen. Mein Computer ist nun blockiert und auch - FBI Moneypack Virus/Trojaner - kein Zugriff...
Archiv
Du betrachtest: FBI Moneypack Virus/Trojaner - kein Zugriff auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.