Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.05.2014, 09:20   #1
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Hallo,

erstmal vorab schon herzlichen Dank für eure Anleitung, ihr seid echt super! Seit gestern macht mich mein Computer fertig, den ich (leider) auch dringend zum Arbeiten benötige. Aufgetretene Probleme:

1) Haufenweise Autostart-Fehlermeldungen, Fehler beim Laden des Moduls XXX" etc; Malewarebytes drüberlaufen gelassen--> 616 Funde --> alle in Quarantäne; jetzt taucht nur noch eine Fehlermeldung beim Systemstart auf, die aber dauerhaft!

2) Passwort Manager startet immer automatisch (weiss nicht ob das der Lenovo ist oder ein gefakter Screen) und fordert zur Windows-Kennworteingabe (Fingerprint) auf

3) Das Bluetooth Lämpchen leuchte fortwährend, auch wenn ich es im Geräte-Manager deaktiviere

4) HighJackThis kann nicht vollständig ausgeführt werden und hängt dann in der Mitte des Prozesses an der Stelle: "O4 - System and Autostart" (oder so ähnlich); Hijackthis kann dann nur noch über den Task Manager beendet werden.

5) Bei Eingabe im Browser (Startseite ist Google) springt das Google Suchfeld nach links oben in die Adresszeile --> sehr seltsam?!

6) das wlan-Verbindungsicon rechts unten zeigt den Kreis (für Verbindungsaufbau) an obwohl schon längst verbunden ist, erst nach ca. 15 Minuten springt es auf das "verbunden"-Symbol um

7) Beim Laden von Superantispy kam plötzlich die Fehlermeldung "Server ausgelastet", hat dann aber nach nochmaligem Neustart funktioniert


Meine Aktionen gestern:

0) Wise Registry Cleaner

1) Malewarebytes Anti-Malware --> siehe oben

2) SuperAntispy --> 118 Adware funde --> alle gelöscht

3) HiJackthis hat nicht funktioniert --> siehe oben

4) AVIRA-Komplettscan

5) Heute früh ihre Anleitung komplett abgearbeitet

Deshalb hier die Logfiles im Einzelnen:

a) GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-20 09:21:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0003 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\MARKUS~1\AppData\Local\Temp\kwroyuow.sys


---- System - GMER 2.1 ----

SSDT            90108486                                                                                                                  ZwCreateSection
SSDT            90108490                                                                                                                  ZwRequestWaitReplyPort
SSDT            9010848B                                                                                                                  ZwSetContextThread
SSDT            90108495                                                                                                                  ZwSetSecurityObject
SSDT            9010849A                                                                                                                  ZwSystemDebugControl
SSDT            90108427                                                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                                  82C44A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                    82C7E212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                       82C8558C 4 Bytes  [86, 84, 10, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                       82C858E8 4 Bytes  CALL 934CE96F 
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                       82C8592C 4 Bytes  [8B, 84, 10, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                       82C859A8 4 Bytes  [95, 84, 10, 90] {XCHG EBP, EAX; TEST [EAX], DL; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                       82C859FC 4 Bytes  JMP 934CF483 
.text           ...                                                                                                                       
.text           C:\Windows\system32\DRIVERS\atipmdag.sys                                                                                  section is writeable [0x9040C000, 0x2D27D6, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtCreateFile + 6               7710560E 4 Bytes  [28, 88, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtCreateFile + B               77105613 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtMapViewOfSection + 6         77105C6E 4 Bytes  [28, 8B, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtMapViewOfSection + B         77105C73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenFile + 6                 77105D1E 4 Bytes  [68, 88, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenFile + B                 77105D23 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcess + 6              77105DCE 4 Bytes  [A8, 89, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcess + B              77105DD3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessToken + 6         77105DDE 4 Bytes  CALL 7610CB6C 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessToken + B         77105DE3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessTokenEx + 6       77105DEE 4 Bytes  [A8, 8A, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenProcessTokenEx + B       77105DF3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThread + 6               77105E4E 4 Bytes  [68, 89, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThread + B               77105E53 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadToken + 6          77105E5E 4 Bytes  [68, 8A, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadToken + B          77105E63 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadTokenEx + 6        77105E6E 4 Bytes  CALL 7610CBFD 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtOpenThreadTokenEx + B        77105E73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryAttributesFile + 6      77105F7E 4 Bytes  [A8, 88, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryAttributesFile + B      77105F83 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryFullAttributesFile + 6  7710602E 4 Bytes  CALL 7610CDBB 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtQueryFullAttributesFile + B  77106033 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationFile + 6       7710667E 4 Bytes  [28, 89, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationFile + B       77106683 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationThread + 6     771066DE 4 Bytes  [28, 8A, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtSetInformationThread + B     771066E3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtUnmapViewOfSection + 6       771069FE 4 Bytes  [68, 8B, 6D, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3812] ntdll.dll!NtUnmapViewOfSection + B       77106A03 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + 6         77105C6E 4 Bytes  [18, 00, E9, 72]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[3868] ntdll.dll!NtMapViewOfSection + B         77105C73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + 6               7710560E 4 Bytes  [28, 58, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtCreateFile + B               77105613 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + 6         77105C6E 4 Bytes  [28, 5B, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtMapViewOfSection + B         77105C73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + 6                 77105D1E 4 Bytes  [68, 58, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenFile + B                 77105D23 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + 6              77105DCE 4 Bytes  [A8, 59, 30, 00] {TEST AL, 0x59; XOR [EAX], AL}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcess + B              77105DD3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + 6         77105DDE 4 Bytes  CALL 76108E3C 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessToken + B         77105DE3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + 6       77105DEE 4 Bytes  [A8, 5A, 30, 00] {TEST AL, 0x5a; XOR [EAX], AL}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenProcessTokenEx + B       77105DF3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + 6               77105E4E 4 Bytes  [68, 59, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThread + B               77105E53 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + 6          77105E5E 4 Bytes  [68, 5A, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadToken + B          77105E63 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + 6        77105E6E 4 Bytes  CALL 76108ECD 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtOpenThreadTokenEx + B        77105E73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + 6      77105F7E 4 Bytes  [A8, 58, 30, 00] {TEST AL, 0x58; XOR [EAX], AL}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryAttributesFile + B      77105F83 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + 6  7710602E 4 Bytes  CALL 7610908B 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtQueryFullAttributesFile + B  77106033 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + 6       7710667E 4 Bytes  [28, 59, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationFile + B       77106683 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + 6     771066DE 4 Bytes  [28, 5A, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtSetInformationThread + B     771066E3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + 6       771069FE 4 Bytes  [68, 5B, 30, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[4560] ntdll.dll!NtUnmapViewOfSection + B       77106A03 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + 6               7710560E 4 Bytes  [28, DC, CD, 00] {SUB AH, BL; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtCreateFile + B               77105613 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + 6         77105C6E 4 Bytes  [28, DF, CD, 00] {SUB BH, BL; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtMapViewOfSection + B         77105C73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + 6                 77105D1E 4 Bytes  [68, DC, CD, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenFile + B                 77105D23 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + 6              77105DCE 4 Bytes  [A8, DD, CD, 00] {TEST AL, 0xdd; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcess + B              77105DD3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessToken + 6         77105DDE 4 Bytes  CALL 76112BC0 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessToken + B         77105DE3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + 6       77105DEE 4 Bytes  [A8, DE, CD, 00] {TEST AL, 0xde; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenProcessTokenEx + B       77105DF3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + 6               77105E4E 4 Bytes  [68, DD, CD, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThread + B               77105E53 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + 6          77105E5E 4 Bytes  [68, DE, CD, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadToken + B          77105E63 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadTokenEx + 6        77105E6E 4 Bytes  CALL 76112C51 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtOpenThreadTokenEx + B        77105E73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + 6      77105F7E 4 Bytes  [A8, DC, CD, 00] {TEST AL, 0xdc; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryAttributesFile + B      77105F83 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryFullAttributesFile + 6  7710602E 4 Bytes  CALL 76112E0F 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtQueryFullAttributesFile + B  77106033 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + 6       7710667E 4 Bytes  [28, DD, CD, 00] {SUB CH, BL; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationFile + B       77106683 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + 6     771066DE 4 Bytes  [28, DE, CD, 00] {SUB DH, BL; INT 0x0}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtSetInformationThread + B     771066E3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + 6       771069FE 4 Bytes  [68, DF, CD, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5056] ntdll.dll!NtUnmapViewOfSection + B       77106A03 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + 6               7710560E 4 Bytes  [28, 6C, 75, 00] {SUB [EBP+ESI*2+0x0], CH}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + B               77105613 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + 6         77105C6E 4 Bytes  [28, 6F, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + B         77105C73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + 6                 77105D1E 4 Bytes  [68, 6C, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + B                 77105D23 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + 6              77105DCE 4 Bytes  [A8, 6D, 75, 00] {TEST AL, 0x6d; JNZ 0x4}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + B              77105DD3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + 6         77105DDE 4 Bytes  CALL 7610D350 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + B         77105DE3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + 6       77105DEE 4 Bytes  [A8, 6E, 75, 00] {TEST AL, 0x6e; JNZ 0x4}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + B       77105DF3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + 6               77105E4E 4 Bytes  [68, 6D, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + B               77105E53 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + 6          77105E5E 4 Bytes  [68, 6E, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + B          77105E63 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + 6        77105E6E 4 Bytes  CALL 7610D3E1 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + B        77105E73 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + 6      77105F7E 4 Bytes  [A8, 6C, 75, 00] {TEST AL, 0x6c; JNZ 0x4}
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + B      77105F83 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + 6  7710602E 4 Bytes  CALL 7610D59F 
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + B  77106033 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + 6       7710667E 4 Bytes  [28, 6D, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + B       77106683 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + 6     771066DE 4 Bytes  [28, 6E, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + B     771066E3 1 Byte  [E2]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + 6       771069FE 4 Bytes  [68, 6F, 75, 00]
.text           C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + B       77106A03 1 Byte  [E2]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                   Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                   Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b                                               
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78dd08b0d533                                               
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)                           
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78dd08b0d533 (not active ControlSet)                           

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         




b) defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:45 on 20/05/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         



c) FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by ***** (administrator) on ***** on 20-05-2014 08:48:07
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [709920 2009-08-23] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [sydausa] => regsvr32.exe "C:\ProgramData\sydausa.dat"
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\MountPoints2: {0d585298-0de9-11e0-a07b-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-06-05]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
S2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-09-01] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-09-01] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 Winmgmt; C:\PROGRA~2\2992199F9A\0216.dll [X]

==================== Drivers (Whitelisted) ====================

R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 08:48 - 2014-05-20 08:48 - 00020025 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 08:46 - 00000490 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:27 - 2014-05-20 08:27 - 00024262 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 01:52 - 2014-05-20 01:52 - 00001024 _____ () C:\.rnd
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:36 - 2014-05-20 01:52 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\mia.exe
2014-05-19 22:45 - 2014-05-19 23:15 - 00000000 ____D () C:\Windows\pss
2014-05-19 21:29 - 2014-05-20 00:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 21:29 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 21:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:46 - 2014-05-19 15:51 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:29 - 2014-05-19 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-16 17:20 - 2014-05-19 14:00 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-16 15:32 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 10:24 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:24 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:24 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 08:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 17:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 17:49 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 17:49 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 17:49 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 17:49 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 17:49 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 17:49 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 17:49 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 17:49 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 17:49 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 17:49 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 17:49 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 17:49 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 17:49 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 17:49 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 17:49 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 17:49 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 17:49 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 17:49 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 17:49 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-24 09:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 09:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 09:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-20 08:48 - 2014-05-20 08:48 - 00020025 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:46 - 2014-05-20 08:45 - 00000490 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:45 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****
2014-05-20 08:41 - 2010-12-24 17:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 08:31 - 2012-04-07 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 08:27 - 2014-05-20 08:27 - 00024262 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 08:27 - 2010-12-24 18:44 - 00000000 ____D () C:\Users\*****\Salomon
2014-05-20 08:20 - 2013-07-23 20:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2014-05-20 04:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 03:00 - 2010-12-22 18:47 - 01085606 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 02:00 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 02:00 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 01:54 - 2012-08-04 15:32 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-05-20 01:54 - 2012-08-04 15:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-05-20 01:52 - 2014-05-20 01:52 - 00001024 _____ () C:\.rnd
2014-05-20 01:52 - 2014-05-20 00:36 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-20 01:52 - 2013-09-17 12:49 - 00020417 _____ () C:\Windows\setupact.log
2014-05-20 01:52 - 2010-12-24 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 01:52 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:04 - 2014-05-19 21:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\mia.exe
2014-05-19 23:15 - 2014-05-19 22:45 - 00000000 ____D () C:\Windows\pss
2014-05-19 22:09 - 2010-12-22 18:42 - 00094430 _____ () C:\Windows\PFRO.log
2014-05-19 22:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-19 16:01 - 2014-05-16 15:32 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:51 - 2014-05-19 15:46 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:34 - 2014-05-19 15:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:26 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-19 14:00 - 2014-05-16 17:20 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-19 14:00 - 2012-05-25 08:22 - 00000000 ____D () C:\Program Files\Tradesignal Online Chart
2014-05-19 14:00 - 2010-12-25 17:46 - 00000000 ____D () C:\Users\Test
2014-05-19 14:00 - 2010-12-23 03:04 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-19 14:00 - 2009-07-21 13:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-15 20:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 19:30 - 2012-08-04 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 19:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 10:28 - 2013-07-11 23:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 10:26 - 2010-12-24 12:20 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 09:20 - 2013-07-23 20:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2014-05-14 14:28 - 2012-04-07 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 14:28 - 2011-05-16 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:28 - 2010-12-24 18:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-05-09 17:27 - 2009-07-21 07:30 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 05:25 - 2014-05-15 10:24 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 10:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-24 09:08 - 2013-11-06 09:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2012-02-23 09:27 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5hscb.dll
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 08:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 12:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---






d) Addition


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by ***** at 2014-05-20 08:49:09
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Acrobat X Suite (HKLM\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)
ActiveTrader 5.0.0_b15 (HKCU\...\ActiveTrader 5.0.0_b15) (Version:  - )
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Captivate Quiz Results Analyzer (HKLM\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Captivate Quiz Results Analyzer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Captivate Reviewer (HKLM\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Captivate Reviewer (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.4.6 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0825.2146.37269 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0825.2146.37269 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Dutch (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help English (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help French (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help German (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Italian (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Japanese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Korean (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Spanish (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Swedish (Version: 2009.0825.2145.37269 - ATI) Hidden
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0825.2146.37269 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Free Fire Screensaver (HKLM\...\Free Fire Screensaver) (Version:  - Laconic Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Search Enhancement Pack (Version: 1.2.121.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{2735AEFA-57A5-44AD-81B6-BE30CA07C066}) (Version: 6.3.7.117 - Tradesignal GmbH)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Wise Registry Cleaner 8.11 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.11 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2011-06-05 13:28 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {97AC3792-9BD1-45B3-A57F-6EF4DB6B4447} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {ECBDB0F4-042F-46A8-9858-1A58318FF095} - System32\Tasks\AdobeAAMUpdater-1.0-*****-***** => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-09-01 00:32 - 2009-09-01 00:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2013-07-09 10:34 - 2013-07-09 10:29 - 00394824 ____N () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 18:42 - 2009-08-23 20:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 ____N () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2014-05-20 01:54 - 2014-05-20 01:54 - 00041984 _____ () C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg5hscb.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00065352 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00674632 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00093000 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 04081480 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00390472 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 01647432 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 13695816 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 01:46:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/20/2014 01:44:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/19/2014 03:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1440

Startzeit: 01cf7369906005d8

Endzeit: 5

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:28:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5e98

Startzeit: 01cf73660a83ef3b

Endzeit: 0

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1370

Startzeit: 01cf7362956681bb

Endzeit: 16

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ca0

Startzeit: 01cf736206978372

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2c14

Startzeit: 01cf736124bfad37

Endzeit: 16

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:51:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2610

Startzeit: 01cf736090a0f84c

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1064

Startzeit: 01cf73601f47ebad

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c88

Startzeit: 01cf735f2656b684

Endzeit: 32

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:


System errors:
=============
Error: (05/20/2014 08:51:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:50:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:50:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:49:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:49:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:46:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:29:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:28:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:28:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/20/2014 08:27:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (12/10/2013 10:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 11:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (05/24/2012 06:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 62%
Total physical RAM: 2520.03 MB
Available physical RAM: 950.12 MB
Total Pagefile: 5038.34 MB
Available Pagefile: 3014.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.63 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:125.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

e) AVSCAN (Avira Free)


Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 20. Mai 2014  01:54


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : *****

Versionsinformationen:
BUILD.DAT      : 14.0.3.350     56624 Bytes  25.02.2014 11:41:00
AVSCAN.EXE     : 14.0.3.332   1058384 Bytes  20.02.2014 17:28:37
AVSCANRC.DLL   : 14.0.2.292     62008 Bytes  18.02.2014 17:28:45
LUKE.DLL       : 14.0.3.336     65616 Bytes  20.02.2014 17:28:54
AVSCPLR.DLL    : 14.0.3.336    124496 Bytes  20.02.2014 17:28:38
AVREG.DLL      : 14.0.3.336    250448 Bytes  20.02.2014 17:28:35
avlode.dll     : 14.0.3.336    544848 Bytes  20.02.2014 17:28:34
avlode.rdf     : 14.0.4.22      64276 Bytes  15.05.2014 17:27:00
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 16:41:01
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 07:22:54
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 11:56:37
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 06:42:57
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 15:30:46
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 06:33:26
VBASE006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 17:06:01
VBASE007.VDF   : 7.11.145.136  2117120 Bytes  28.04.2014 12:17:26
VBASE008.VDF   : 7.11.145.137     2048 Bytes  28.04.2014 12:17:26
VBASE009.VDF   : 7.11.145.138     2048 Bytes  28.04.2014 12:17:26
VBASE010.VDF   : 7.11.145.139     2048 Bytes  28.04.2014 12:17:26
VBASE011.VDF   : 7.11.145.140     2048 Bytes  28.04.2014 12:17:26
VBASE012.VDF   : 7.11.145.141     2048 Bytes  28.04.2014 12:17:26
VBASE013.VDF   : 7.11.146.20   166912 Bytes  29.04.2014 16:40:08
VBASE014.VDF   : 7.11.146.131   194048 Bytes  01.05.2014 16:49:39
VBASE015.VDF   : 7.11.146.243   167936 Bytes  03.05.2014 20:43:40
VBASE016.VDF   : 7.11.147.97   122368 Bytes  05.05.2014 14:40:06
VBASE017.VDF   : 7.11.147.207   169472 Bytes  06.05.2014 15:02:30
VBASE018.VDF   : 7.11.148.61   174080 Bytes  08.05.2014 07:04:01
VBASE019.VDF   : 7.11.148.149   257024 Bytes  09.05.2014 07:06:14
VBASE020.VDF   : 7.11.148.241   135168 Bytes  12.05.2014 07:06:15
VBASE021.VDF   : 7.11.149.61   139264 Bytes  13.05.2014 06:56:54
VBASE022.VDF   : 7.11.149.169   160256 Bytes  15.05.2014 06:47:30
VBASE023.VDF   : 7.11.150.31   189440 Bytes  17.05.2014 07:46:20
VBASE024.VDF   : 7.11.150.32     2048 Bytes  17.05.2014 07:46:20
VBASE025.VDF   : 7.11.150.33     2048 Bytes  17.05.2014 07:46:20
VBASE026.VDF   : 7.11.150.34     2048 Bytes  17.05.2014 07:46:20
VBASE027.VDF   : 7.11.150.35     2048 Bytes  17.05.2014 07:46:20
VBASE028.VDF   : 7.11.150.36     2048 Bytes  17.05.2014 07:46:20
VBASE029.VDF   : 7.11.150.37     2048 Bytes  17.05.2014 07:46:21
VBASE030.VDF   : 7.11.150.38     2048 Bytes  17.05.2014 07:46:21
VBASE031.VDF   : 7.11.150.104   252928 Bytes  19.05.2014 19:45:39
Engineversion  : 8.3.18.22 
AEVDF.DLL      : 8.3.0.4       118976 Bytes  20.03.2014 19:41:43
AESCRIPT.DLL   : 8.1.4.204     528584 Bytes  15.05.2014 17:26:59
AESCN.DLL      : 8.3.0.2       135360 Bytes  20.03.2014 19:41:43
AESBX.DLL      : 8.2.20.24    1409224 Bytes  09.05.2014 07:04:00
AERDL.DLL      : 8.2.0.138     704888 Bytes  02.12.2013 14:30:08
AEPACK.DLL     : 8.4.0.24      778440 Bytes  14.05.2014 06:56:53
AEOFFICE.DLL   : 8.3.0.4       205000 Bytes  17.04.2014 17:00:51
AEHEUR.DLL     : 8.1.4.1066   6705352 Bytes  15.05.2014 17:26:59
AEHELP.DLL     : 8.3.0.0       274808 Bytes  13.03.2014 08:28:33
AEGEN.DLL      : 8.1.7.26      450752 Bytes  17.04.2014 17:00:51
AEEXP.DLL      : 8.4.1.312     569544 Bytes  30.04.2014 14:41:20
AEEMU.DLL      : 8.1.3.2       393587 Bytes  12.07.2012 06:08:43
AECORE.DLL     : 8.3.0.6       241864 Bytes  19.03.2014 13:45:06
AEBB.DLL       : 8.1.1.4        53619 Bytes  10.11.2012 10:57:42
AVWINLL.DLL    : 14.0.3.252     23608 Bytes  20.02.2014 17:28:30
AVPREF.DLL     : 14.0.3.252     48696 Bytes  20.02.2014 17:28:35
AVREP.DLL      : 14.0.3.252    175672 Bytes  20.02.2014 17:28:35
AVARKT.DLL     : 14.0.3.336    256080 Bytes  20.02.2014 17:28:31
AVEVTLOG.DLL   : 14.0.3.336    165968 Bytes  20.02.2014 17:28:33
SQLITE3.DLL    : 3.7.0.1       394824 Bytes  09.07.2013 08:29:15
AVSMTP.DLL     : 14.0.3.252     60472 Bytes  20.02.2014 17:28:38
NETNT.DLL      : 14.0.3.252     13368 Bytes  20.02.2014 17:28:54
RCIMAGE.DLL    : 14.0.3.260   4979256 Bytes  20.02.2014 17:28:30
RCTEXT.DLL     : 14.0.3.282     72760 Bytes  20.02.2014 17:28:30

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 20. Mai 2014  01:54

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, Q:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'Eraser.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'cssauth.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpfnf6r.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPOSDSVC.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '173' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'AtService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTS.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2705' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows7_OS>
Beginne mit der Suche in 'Q:\' <Lenovo_Recovery>


Ende des Suchlaufs: Dienstag, 20. Mai 2014  04:44
Benötigte Zeit:  2:49:47 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  29666 Verzeichnisse wurden überprüft
 761253 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 761253 Dateien ohne Befall
  33652 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 836661 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Alt 20.05.2014, 15:14   #2
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



und hier noch das letzte Logfile:

f) Malewarebytes


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 19.05.2014
Scan Time: 21:44:55
Logfile: Malware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.19.10
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281772
Time Elapsed: 15 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [5de9da793744ac8ade27ffb709fab848], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [47ff75de56257bbb072ccbc2bd45db25], 

Registry Values: 240
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sydausa, regsvr32.exe "C:\ProgramData\sydausa.dat", , [5ee83221413a89adf4f114f648b942be]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|opvrze, regsvr32.exe "C:\ProgramData\opvrze.dat", , [d175f162e398ce6806df5ab0659c6b95]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoulwl, regsvr32.exe "C:\ProgramData\xoulwl.dat", , [2d19a5aeff7c03335095e7230bf69d63]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yvcdlk, regsvr32.exe "C:\ProgramData\yvcdlk.dat", , [3e0856fd6516a5915a8bcd3d7e83bd43]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rqlelq, regsvr32.exe "C:\ProgramData\rqlelq.dat", , [68de68ebf58696a03baa81890ef3fe02]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ghmdjzbf, regsvr32.exe "C:\ProgramData\ghmdjzbf.dat", , [e36330239ae1dd595590bf4bcd34dc24]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|orjppey, regsvr32.exe "C:\ProgramData\orjppey.dat", , [1e285cf7ceade650bf26ea20689930d0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|akwmruy, regsvr32.exe "C:\ProgramData\akwmruy.dat", , [dc6a87cc3f3cc76fb92cf713c140ec14]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wbkzscr, regsvr32.exe "C:\ProgramData\wbkzscr.dat", , [bb8baea5f4870f27ca1b49c128d9f808]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rkhruab, regsvr32.exe "C:\ProgramData\rkhruab.dat", , [93b33e15abd069cdda0bf01a0cf5c937]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tswywbr, regsvr32.exe "C:\ProgramData\tswywbr.dat", , [ac9a70e3cab191a5925368a2b1506799]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gtsttr, regsvr32.exe "C:\ProgramData\gtsttr.dat", , [af97d083dd9ea393ecf95cae48b92bd5]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qlbzsuz, regsvr32.exe "C:\ProgramData\qlbzsuz.dat", , [083e32214b30340200e58c7ee918a858]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hopkpyk, regsvr32.exe "C:\ProgramData\hopkpyk.dat", , [2c1a3c177704bb7bc1247694ba477789]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ywaqjrvk, regsvr32.exe "C:\ProgramData\ywaqjrvk.dat", , [4bfbd182384374c2786db05a8f7224dc]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ytdxmcy, regsvr32.exe "C:\ProgramData\ytdxmcy.dat", , [11358cc74b30be78e1048882c9388779]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fkexkl, regsvr32.exe "C:\ProgramData\fkexkl.dat", , [85c15bf8106b1e18e1042bdf7988b050]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kewkgat, regsvr32.exe "C:\ProgramData\kewkgat.dat", , [52f4084b93e894a2499cc545e41dc838]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nakfxw, regsvr32.exe "C:\ProgramData\nakfxw.dat", , [e4622d26245794a2eef73ad0a65b649c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dybfld, regsvr32.exe "C:\ProgramData\dybfld.dat", , [0640ef64413a5adc21c4d33709f83dc3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qiudzu, regsvr32.exe "C:\ProgramData\qiudzu.dat", , [ce785cf7314abd79e401050525dc4db3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|augkjmhx, regsvr32.exe "C:\ProgramData\augkjmhx.dat", , [3f071c37c9b296a0de0799719c65f20e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wvlgfya, regsvr32.exe "C:\ProgramData\wvlgfya.dat", , [fe4854ffd6a5231337aed9310ef3ff01]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zfsgiz, regsvr32.exe "C:\ProgramData\zfsgiz.dat", , [1036d47f93e8be7808dd5fab29d87090]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wxzstt, regsvr32.exe "C:\ProgramData\wxzstt.dat", , [a5a199ba413a4fe7885d50ba000136ca]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fxhexose, regsvr32.exe "C:\ProgramData\fxhexose.dat", , [c4821b380774a4925a8b6f9b0100f40c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kbrahtb, regsvr32.exe "C:\ProgramData\kbrahtb.dat", , [b78f371c6219360062838486e31eb050]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xcvuiwc, regsvr32.exe "C:\ProgramData\xcvuiwc.dat", , [0442322135460a2c33b27b8f9071a25e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cxohfsbs, regsvr32.exe "C:\ProgramData\cxohfsbs.dat", , [172fdc7777042e084c99c34791702ed2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|unyfcs, regsvr32.exe "C:\ProgramData\unyfcs.dat", , [0f375af94239c67000e55ab0e021817f]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dkngshje, regsvr32.exe "C:\ProgramData\dkngshje.dat", , [004674df671488aeb431ef1bac55758b]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wpuohqtl, regsvr32.exe "C:\ProgramData\wpuohqtl.dat", , [01450c47cfac0e280ed765a5837e847c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zglrtzrh, regsvr32.exe "C:\ProgramData\zglrtzrh.dat", , [c77fe27190ebf2448065878354adc13f]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zmjuaans, regsvr32.exe "C:\ProgramData\zmjuaans.dat", , [3f07d47fa7d4ea4c915403070001eb15]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kekoowoq, regsvr32.exe "C:\ProgramData\kekoowoq.dat", , [271f94bfe497a49212d3c64437ca6898]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kibsfrj, regsvr32.exe "C:\ProgramData\kibsfrj.dat", , [b98dc58e86f5ed4932b322e8679a43bd]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scqnznx, regsvr32.exe "C:\ProgramData\scqnznx.dat", , [80c6da795724da5c0bdae4262cd5ff01]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nwcoqat, regsvr32.exe "C:\ProgramData\nwcoqat.dat", , [3016cd8677040b2be7fe7793ad54728e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tmiwwy, regsvr32.exe "C:\ProgramData\tmiwwy.dat", , [2e180a498bf084b2e4018e7c6d94dd23]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kduphzwp, regsvr32.exe "C:\ProgramData\kduphzwp.dat", , [43031e35136804323ea76d9d8081fa06]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rotsbzl, regsvr32.exe "C:\ProgramData\rotsbzl.dat", , [b6907fd492e99f9729bc63a7a06145bb]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|chvsqih, regsvr32.exe "C:\ProgramData\chvsqih.dat", , [52f4b1a21f5c15219c492bdfb051a957]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pdwayvtf, regsvr32.exe "C:\ProgramData\pdwayvtf.dat", , [91b5163d5f1c221436afb05aea1704fc]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vvezpepa, regsvr32.exe "C:\ProgramData\vvezpepa.dat", , [f3534a0935463bfb60857f8be61b8977]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vmsglua, regsvr32.exe "C:\ProgramData\vmsglua.dat", , [c284b59e1269db5b875e50ba8e73a060]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ldbrizde, regsvr32.exe "C:\ProgramData\ldbrizde.dat", , [0d39de75c0bb65d1469f8f7bcc352ed2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yrynwoq, regsvr32.exe "C:\ProgramData\yrynwoq.dat", , [cd79361dfb80a88ec32268a22fd2e21e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vvpmizwr, regsvr32.exe "C:\ProgramData\vvpmizwr.dat", , [83c3b2a11c5f55e1568fd23831d02cd4]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zfxqmbq, regsvr32.exe "C:\ProgramData\zfxqmbq.dat", , [e462c48f8eed53e38e57eb1f2cd5cc34]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kqyqbr, regsvr32.exe "C:\ProgramData\kqyqbr.dat", , [4df9322190ebc07605e00dfd26db55ab]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xstxowvm, regsvr32.exe "C:\ProgramData\xstxowvm.dat", , [e264c291314a320471748486cf3250b0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jlfumjo, regsvr32.exe "C:\ProgramData\jlfumjo.dat", , [c581be952f4c64d2c1246e9c659c748c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sbtnaz, regsvr32.exe "C:\ProgramData\sbtnaz.dat", , [bb8b470c8af1ac8a7d68f01a4ab7be42]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xgabaei, regsvr32.exe "C:\ProgramData\xgabaei.dat", , [3a0cc88ba0db50e6ad38b6542fd257a9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jymvycl, regsvr32.exe "C:\ProgramData\jymvycl.dat", , [ef57ca893a41092d08dd8a80ce33a45c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xipthfq, regsvr32.exe "C:\ProgramData\xipthfq.dat", , [ca7c69ea6c0f72c4b92c2edc5fa2bf41]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qumhbg, regsvr32.exe "C:\ProgramData\qumhbg.dat", , [c284242fd9a260d618cd59b1768b1be5]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xklrmbw, regsvr32.exe "C:\ProgramData\xklrmbw.dat", , [71d5b49fb0cb2313a1446f9bed147a86]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wujwtt, regsvr32.exe "C:\ProgramData\wujwtt.dat", , [43039eb5bfbc62d4a73eee1c778a8a76]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nqisauz, regsvr32.exe "C:\ProgramData\nqisauz.dat", , [d373c48f0e6d53e373720a0018e906fa]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|txvlfjft, regsvr32.exe "C:\ProgramData\txvlfjft.dat", , [91b5d2811e5d0630d510e8227b860cf4]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sptrub, regsvr32.exe "C:\ProgramData\sptrub.dat", , [a1a564ef4635360026bfd5359e63d030]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|echlzrq, regsvr32.exe "C:\ProgramData\echlzrq.dat", , [ef575201c1baab8b727345c531d0748c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yjtipmpf, regsvr32.exe "C:\ProgramData\yjtipmpf.dat", , [92b4054e621957df984d65a5da2739c7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|eslazdhm, regsvr32.exe "C:\ProgramData\eslazdhm.dat", , [a5a1d182661579bd12d3ed1d1ee316ea]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xtxlqa, regsvr32.exe "C:\ProgramData\xtxlqa.dat", , [9aaca3b0413a7bbbeff622e8dd248779]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xcvqnge, regsvr32.exe "C:\ProgramData\xcvqnge.dat", , [de68b99a4734d85e22c3ea20dd2428d8]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ontimht, regsvr32.exe "C:\ProgramData\ontimht.dat", , [ef575201e39847efebfaa8629c6560a0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lralplxh, regsvr32.exe "C:\ProgramData\lralplxh.dat", , [8db9f45fa6d52e08b3328882e31ea35d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qnpvlx, regsvr32.exe "C:\ProgramData\qnpvlx.dat", , [96b0ee654932d95d13d2c24878894db3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yojgvmdf, regsvr32.exe "C:\ProgramData\yojgvmdf.dat", , [bf873320fe7dbc7a7273b45602ffd52b]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|odkixd, regsvr32.exe "C:\ProgramData\odkixd.dat", , [ac9af75c5229fc3ab62f000aa45d8d73]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ozkvvh, regsvr32.exe "C:\ProgramData\ozkvvh.dat", , [6bdb9eb5dba078bef0f5a5655da414ec]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cvcpio, regsvr32.exe "C:\ProgramData\cvcpio.dat", , [e95d8fc484f788ae994cfc0e6f929d63]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lefpnu, regsvr32.exe "C:\ProgramData\lefpnu.dat", , [232330236b10c96d568f56b46a97be42]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ftghazg, regsvr32.exe "C:\ProgramData\ftghazg.dat", , [65e197bcc2b950e645a0f218d52c966a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkibmruv, regsvr32.exe "C:\ProgramData\qkibmruv.dat", , [5ee81c370774082e677e759530d1cf31]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fpgofrm, regsvr32.exe "C:\ProgramData\fpgofrm.dat", , [3d0969ea2e4dd3636e77f515e02138c8]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|oeqrpt, regsvr32.exe "C:\ProgramData\oeqrpt.dat", , [5aec183b0a71e353a243e822cb36a858]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|egchjwb, regsvr32.exe "C:\ProgramData\egchjwb.dat", , [d76f6ae9a2d961d520c5739750b1758b]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sioksamm, regsvr32.exe "C:\ProgramData\sioksamm.dat", , [72d450030f6ce155b1345cae2ed302fe]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kiskitj, regsvr32.exe "C:\ProgramData\kiskitj.dat", , [82c4b1a2215a9d99ecf9b05a9c659769]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qxhoydtq, regsvr32.exe "C:\ProgramData\qxhoydtq.dat", , [d96d4b089ddec47202e34bbf7e83b848]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wxxcbpfg, regsvr32.exe "C:\ProgramData\wxxcbpfg.dat", , [fc4afc57483359ddca1b7d8d7d8402fe]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bowflvd, regsvr32.exe "C:\ProgramData\bowflvd.dat", , [a0a623306d0eaa8c70752bdfe61b9b65]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lzxebdq, regsvr32.exe "C:\ProgramData\lzxebdq.dat", , [00466ee51d5e61d59550ae5c44bdbf41]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hcpter, regsvr32.exe "C:\ProgramData\hcpter.dat", , [59edc291d2a9ef47ebfab05ab9487c84]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|thqvrw, regsvr32.exe "C:\ProgramData\thqvrw.dat", , [301688cbc1ba7bbb21c40604e120ab55]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ctbtzh, regsvr32.exe "C:\ProgramData\ctbtzh.dat", , [68deaea50279a78f11d4050549b80cf4]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wguzsgs, regsvr32.exe "C:\ProgramData\wguzsgs.dat", , [58ee22312b504ee8c61f62a850b1e31d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nwjcis, regsvr32.exe "C:\ProgramData\nwjcis.dat", , [a0a6f360e992ee48994cf911cd347c84]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xrclurq, regsvr32.exe "C:\ProgramData\xrclurq.dat", , [d6707fd4e6959a9cbe27d03a09f8fd03]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zzqkwk, regsvr32.exe "C:\ProgramData\zzqkwk.dat", , [0c3aef643942310501e412f8df2250b0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qbkkdyd, regsvr32.exe "C:\ProgramData\qbkkdyd.dat", , [31150152215a94a2e203ab5fa45daf51]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tzfzdm, regsvr32.exe "C:\ProgramData\tzfzdm.dat", , [15317bd8a1daa1953aabd53560a14bb5]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fyjcruhg, regsvr32.exe "C:\ProgramData\fyjcruhg.dat", , [370f282b215a62d42abbe327c63ba759]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|czmsejka, regsvr32.exe "C:\ProgramData\czmsejka.dat", , [26201d3679026fc7faebe5259071a060]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ofpuzzbl, regsvr32.exe "C:\ProgramData\ofpuzzbl.dat", , [7dc9054e4c2f85b1f9ec20eade23c838]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|alqeve, regsvr32.exe "C:\ProgramData\alqeve.dat", , [de68322118635ed8a63fde2c05fced13]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mnfosn, regsvr32.exe "C:\ProgramData\mnfosn.dat", , [6fd7ce85e09bea4ca243fd0d0ff247b9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dnjdhfk, regsvr32.exe "C:\ProgramData\dnjdhfk.dat", , [58ee1d367407a195c61f2fdb25dc6b95]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|crbijv, regsvr32.exe "C:\ProgramData\crbijv.dat", , [2d190b48d4a7e94d07dea06ac23fae52]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nesoygi, regsvr32.exe "C:\ProgramData\nesoygi.dat", , [59edc68d661575c106df9674b948649c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ztxgjbe, regsvr32.exe "C:\ProgramData\ztxgjbe.dat", , [0442b2a1443789add80d7c8eaa57b34d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yrgelpur, regsvr32.exe "C:\ProgramData\yrgelpur.dat", , [db6b7ad906750333d01529e149b8fb05]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ikfttudu, regsvr32.exe "C:\ProgramData\ikfttudu.dat", , [242294bf32496dc945a029e1b8491ae6]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ocxmdlec, regsvr32.exe "C:\ProgramData\ocxmdlec.dat", , [72d4084baad12f079352808a01003dc3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|frxille, regsvr32.exe "C:\ProgramData\frxille.dat", , [81c5e76c5d1e56e07d6842c810f16997]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zydnsex, regsvr32.exe "C:\ProgramData\zydnsex.dat", , [b78ff063b2c980b6cd18a26830d13dc3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rdaeygu, regsvr32.exe "C:\ProgramData\rdaeygu.dat", , [7acc4c07ef8cf14520c5907a5ea3f40c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lcpuvgr, regsvr32.exe "C:\ProgramData\lcpuvgr.dat", , [c581391a44373bfbb134ae5cc33e41bf]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lsobjw, regsvr32.exe "C:\ProgramData\lsobjw.dat", , [2c1a72e189f275c1a93c51b9d42d7a86]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|acdjwcld, regsvr32.exe "C:\ProgramData\acdjwcld.dat", , [7ec8c78c1566ad890ed718f2d82939c7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hottri, regsvr32.exe "C:\ProgramData\hottri.dat", , [59ed41129fdc2e08cc197f8bc63b04fc]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fsnfye, regsvr32.exe "C:\ProgramData\fsnfye.dat", , [0343bf94a9d251e5a93c55b5e41d17e9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nbegcw, regsvr32.exe "C:\ProgramData\nbegcw.dat", , [84c264ef146745f15e87080241c09b65]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|owoizvw, regsvr32.exe "C:\ProgramData\owoizvw.dat", , [93b395bed6a591a55a8ba169a45d55ab]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uccfuha, regsvr32.exe "C:\ProgramData\uccfuha.dat", , [f650b49f413a1422d80d0406ba47966a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zpnbop, regsvr32.exe "C:\ProgramData\zpnbop.dat", , [6bdbc093582357df35b064a6f50c2dd3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hgkmpn, regsvr32.exe "C:\ProgramData\hgkmpn.dat", , [a5a17bd894e7e353727311f9699837c9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lpxnfzff, regsvr32.exe "C:\ProgramData\lpxnfzff.dat", , [1a2cb69d4b30a2945a8bae5c0bf69f61]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wggbaep, regsvr32.exe "C:\ProgramData\wggbaep.dat", , [cf77b79c09724beb776edf2b1be6ec14]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lrbbjx, regsvr32.exe "C:\ProgramData\lrbbjx.dat", , [a6a060f31c5f3df9f4f18288639e639d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fmodhpc, regsvr32.exe "C:\ProgramData\fmodhpc.dat", , [57ef084b7ffc77bf875e48c2a75a50b0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xzeisgli, regsvr32.exe "C:\ProgramData\xzeisgli.dat", , [212599ba6912d95d15d0ba50b44dae52]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|efqiij, regsvr32.exe "C:\ProgramData\efqiij.dat", , [46000f4482f9fd3905e056b4e71a649c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbrdjg, regsvr32.exe "C:\ProgramData\mbrdjg.dat", , [ad99cc87b1cafb3bcb1a26e436cb19e7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fnrlsb, regsvr32.exe "C:\ProgramData\fnrlsb.dat", , [c87e7dd69fdc9a9c02e3a26830d1eb15]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ahdlkoko, regsvr32.exe "C:\ProgramData\ahdlkoko.dat", , [ff4711424c2ff2442db87b8ff110d030]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vqeaan, regsvr32.exe "C:\ProgramData\vqeaan.dat", , [0b3bbe95681384b2af36bc4e5da40ff1]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|onvgsca, regsvr32.exe "C:\ProgramData\onvgsca.dat", , [f056e46fc2b9b6805f8664a6cb36b050]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mwsnmu, regsvr32.exe "C:\ProgramData\mwsnmu.dat", , [b492fb58354620160adb3bcf39c833cd]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vqwrgk, regsvr32.exe "C:\ProgramData\vqwrgk.dat", , [3016ce853f3c0432766f38d25fa232ce]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uqsoqxe, regsvr32.exe "C:\ProgramData\uqsoqxe.dat", , [0d3979da95e6989e766fc5459b668977]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vegxji, regsvr32.exe "C:\ProgramData\vegxji.dat", , [a1a55003c3b8a6902fb6f812659c7c84]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|abmdlo, regsvr32.exe "C:\ProgramData\abmdlo.dat", , [4ff74a09ef8c71c5a0450a00629f867a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yiynci, regsvr32.exe "C:\ProgramData\yiynci.dat", , [8db9153e23585fd72eb7f218e12028d8]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sfnfvxyl, regsvr32.exe "C:\ProgramData\sfnfvxyl.dat", , [5fe74013f38861d55b8ac3473fc2a759]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ivfcxwrf, regsvr32.exe "C:\ProgramData\ivfcxwrf.dat", , [192d5af98bf0b6808a5b3dcd37ca13ed]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|crpwykl, regsvr32.exe "C:\ProgramData\crpwykl.dat", , [76d0064dd6a5a690d312c64459a86a96]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wlbwyx, regsvr32.exe "C:\ProgramData\wlbwyx.dat", , [23239db60a7158defde8f21856abd32d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|damihrh, regsvr32.exe "C:\ProgramData\damihrh.dat", , [3c0a381ba1da57dfe40130da010045bb]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wrocbqvu, regsvr32.exe "C:\ProgramData\wrocbqvu.dat", , [92b4b49fccaf83b3b92c4fbb31d0837d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tldzyol, regsvr32.exe "C:\ProgramData\tldzyol.dat", , [192da3b0fd7e82b41fc67f8b728f49b7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lkkdre, regsvr32.exe "C:\ProgramData\lkkdre.dat", , [5ee8c68dd7a46ccae9fc63a7d22f669a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|oigsjr, regsvr32.exe "C:\ProgramData\oigsjr.dat", , [51f5e3701863053122c3d139867bb54b]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vujohlcg, regsvr32.exe "C:\ProgramData\vujohlcg.dat", , [4501cb88552665d14e97b8521ee347b9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|aypljo, regsvr32.exe "C:\ProgramData\aypljo.dat", , [f155d47f8af14ee88d586b9f44bd16ea]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|khfpqx, regsvr32.exe "C:\ProgramData\khfpqx.dat", , [6adc76dd2853f541f3f24ebc09f8817f]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rfctrv, regsvr32.exe "C:\ProgramData\rfctrv.dat", , [7acc93c02952290d0ed7f31729d8629e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkupvsjd, regsvr32.exe "C:\ProgramData\qkupvsjd.dat", , [25214d065427c1758b5afe0ca75a0df3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hotqrnlp, regsvr32.exe "C:\ProgramData\hotqrnlp.dat", , [1f27c88b116abf77d80d0406c0419b65]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nqldnkkp, regsvr32.exe "C:\ProgramData\nqldnkkp.dat", , [182e2e259ae14beb0cd930da976ab749]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kdoymazc, regsvr32.exe "C:\ProgramData\kdoymazc.dat", , [182e59fa92e99f97e401c446e71a51af]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|itaidt, regsvr32.exe "C:\ProgramData\itaidt.dat", , [f84e0b4895e687af796c3cce11f0af51]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rhxkvs, regsvr32.exe "C:\ProgramData\rhxkvs.dat", , [b98da7acf08b6acce9fc57b34eb3e11f]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|beplkprz, regsvr32.exe "C:\ProgramData\beplkprz.dat", , [68dec48fdba00f2763826e9c0cf55da3]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tdacip, regsvr32.exe "C:\ProgramData\tdacip.dat", , [73d350039dde7cba61840efc54ad46ba]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wobbxfzr, regsvr32.exe "C:\ProgramData\wobbxfzr.dat", , [4501b89bbebd57df974e57b35aa72fd1]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wnrdft, regsvr32.exe "C:\ProgramData\wnrdft.dat", , [a3a391c276056dc95f86779378898e72]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mdjesz, regsvr32.exe "C:\ProgramData\mdjesz.dat", , [2f17c19232490036faebdc2e24dd26da]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rshbmrj, regsvr32.exe "C:\ProgramData\rshbmrj.dat", , [ec5acb88accfd660a144df2b49b83ec2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvtcoo, regsvr32.exe "C:\ProgramData\uvtcoo.dat", , [b39378db6516d5618d586b9fc33efc04]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cdtsjrv, regsvr32.exe "C:\ProgramData\cdtsjrv.dat", , [63e382d11e5ddd59af3632d8b54c49b7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lihmub, regsvr32.exe "C:\ProgramData\lihmub.dat", , [4501c58ec2b99c9a6a7b9377c041629e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tkygcpd, regsvr32.exe "C:\ProgramData\tkygcpd.dat", , [6fd723309edd3cfa5590799125dc926e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vyzlvpzl, regsvr32.exe "C:\ProgramData\vyzlvpzl.dat", , [73d3183b6714cc6ab72e7892aa5750b0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qokmcg, regsvr32.exe "C:\ProgramData\qokmcg.dat", , [69ddc48fd2a9e74f0ed7898159a87789]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vedcseu, regsvr32.exe "C:\ProgramData\vedcseu.dat", , [df67b79c007bde58af362ae0a0617e82]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|siutfih, regsvr32.exe "C:\ProgramData\siutfih.dat", , [bb8bc390314ab87e9a4b7e8cda2704fc]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ydmgbey, regsvr32.exe "C:\ProgramData\ydmgbey.dat", , [c482c68d314ac0767d6846c4c140ad53]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cegxzj, regsvr32.exe "C:\ProgramData\cegxzj.dat", , [49fdaaa96c0f60d6c124060445bc966a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|njfcrq, regsvr32.exe "C:\ProgramData\njfcrq.dat", , [7bcbc39015660531a44101094db4936d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xufmenec, regsvr32.exe "C:\ProgramData\xufmenec.dat", , [e85eed661269aa8c28bdab5f34cdab55]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hwfanw, regsvr32.exe "C:\ProgramData\hwfanw.dat", , [82c47fd4037858de1ec719f18c753ec2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adhhpn, regsvr32.exe "C:\ProgramData\adhhpn.dat", , [d5710c4784f7f541ca1bb8527c85748c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uyocwu, regsvr32.exe "C:\ProgramData\uyocwu.dat", , [024469eab7c460d6776e2ddd41c08080]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mryuukk, regsvr32.exe "C:\ProgramData\mryuukk.dat", , [370fb49fdc9f1026b233bc4efc0513ed]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uvnzqhj, regsvr32.exe "C:\ProgramData\uvnzqhj.dat", , [2323361d98e3b87e588d0505936e52ae]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nnbbxspl, regsvr32.exe "C:\ProgramData\nnbbxspl.dat", , [96b0a4af17641e18db0ab05a699807f9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qkxuhdp, regsvr32.exe "C:\ProgramData\qkxuhdp.dat", , [b19569ea2c4f2a0cd70e84866b96fa06]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lypmlqh, regsvr32.exe "C:\ProgramData\lypmlqh.dat", , [c185e46fbdbec3737d6883875ca560a0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sicvzq, regsvr32.exe "C:\ProgramData\sicvzq.dat", , [0e380d461b6082b4da0b0505778ae21e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kmeewmr, regsvr32.exe "C:\ProgramData\kmeewmr.dat", , [70d6ff546b104de9eff623e75fa2f20e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zcnrhfuo, regsvr32.exe "C:\ProgramData\zcnrhfuo.dat", , [f74f5af9b4c7bf77f9ec38d208f917e9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qaqxvc, regsvr32.exe "C:\ProgramData\qaqxvc.dat", , [6dd96ce71d5e5dd98d5834d6ca37c23e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xgabzp, regsvr32.exe "C:\ProgramData\xgabzp.dat", , [db6b292aa0db78be0adbd7330100b947]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tihwmlqv, regsvr32.exe "C:\ProgramData\tihwmlqv.dat", , [c482ba9942391f17f0f5fd0de8192ed2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gvfodygv, regsvr32.exe "C:\ProgramData\gvfodygv.dat", , [af9721325f1ce551786dfe0c45bc1ce4]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|imbmwp, regsvr32.exe "C:\ProgramData\imbmwp.dat", , [7ccaf360611abd79974e7892699860a0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rlsnho, regsvr32.exe "C:\ProgramData\rlsnho.dat", , [69dd4a0924575adcf1f4f31712eff60a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ezcftb, regsvr32.exe "C:\ProgramData\ezcftb.dat", , [bf87ed66de9dfe3894515cae9e63728e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dylurqaj, regsvr32.exe "C:\ProgramData\dylurqaj.dat", , [d86e252ebbc0a88e766ff416aa5712ee]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|kqxdfq, regsvr32.exe "C:\ProgramData\kqxdfq.dat", , [93b38fc480fb082ee00536d417eacf31]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fwqvrc, regsvr32.exe "C:\ProgramData\fwqvrc.dat", , [1e282231d1aa6dc9e6ff79914ab7a45c]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fiowwzr, regsvr32.exe "C:\ProgramData\fiowwzr.dat", , [1d2900530378280e776e3bcf639e07f9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mfvufevu, regsvr32.exe "C:\ProgramData\mfvufevu.dat", , [0046e56eb2c9fb3bc91c19f1fa074eb2]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|omdvxdb, regsvr32.exe "C:\ProgramData\omdvxdb.dat", , [5fe7d1821665a88e5d88fa108a7729d7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|qtytqd, regsvr32.exe "C:\ProgramData\qtytqd.dat", , [222477dcf18a64d28e57c446b34ea957]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|amlxnde, regsvr32.exe "C:\ProgramData\amlxnde.dat", , [4204c48f96e51f170cd90efc18e949b7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcclyvzp, regsvr32.exe "C:\ProgramData\pcclyvzp.dat", , [321463f081fa132304e1c04a20e1d030]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fawvfpyv, regsvr32.exe "C:\ProgramData\fawvfpyv.dat", , [82c460f3c3b83bfb6a7bb95152afd52b]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uqnbqis, regsvr32.exe "C:\ProgramData\uqnbqis.dat", , [7ccafd564b309d9972733dcdc839a25e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zlvmzy, regsvr32.exe "C:\ProgramData\zlvmzy.dat", , [fe489cb79fdc3afc42a346c4d42d936d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ihmhyrpv, regsvr32.exe "C:\ProgramData\ihmhyrpv.dat", , [50f6f45fceadf244b82d17f32ed3e917]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uzhvesu, regsvr32.exe "C:\ProgramData\uzhvesu.dat", , [84c29cb71e5dcf6703e220eaa65b22de]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zhiwpw, regsvr32.exe "C:\ProgramData\zhiwpw.dat", , [0541252eef8c33037e67fa10758cce32]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fahaxi, regsvr32.exe "C:\ProgramData\fahaxi.dat", , [49fdcc87bdbe8fa7cc1917f3cd3429d7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bxkslz, regsvr32.exe "C:\ProgramData\bxkslz.dat", , [d472371c84f787af598cef1b5ba656aa]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|aufbvo, regsvr32.exe "C:\ProgramData\aufbvo.dat", , [e85e7ad9314aa6900fd615f50ef38878]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mgpdlkzh, regsvr32.exe "C:\ProgramData\mgpdlkzh.dat", , [5ee8ca890e6d88aefde8f61446bb10f0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dekjgi, regsvr32.exe "C:\ProgramData\dekjgi.dat", , [86c079dae992de586d785dadc0418c74]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|putmaj, regsvr32.exe "C:\ProgramData\putmaj.dat", , [c482f85b5b20f442b035e228ff02a35d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|tlvfwu, regsvr32.exe "C:\ProgramData\tlvfwu.dat", , [b096193a86f5142203e28d7d748de020]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uazvct, regsvr32.exe "C:\ProgramData\uazvct.dat", , [b690064da0dba98df0f5a2684ab71fe1]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rqdvqkh, regsvr32.exe "C:\ProgramData\rqdvqkh.dat", , [aa9c95be3d3e0c2a5b8a17f3639ec23e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hbxpxsoo, regsvr32.exe "C:\ProgramData\hbxpxsoo.dat", , [c97d9cb7f982e254b92c1ded50b1da26]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|subcvsbm, regsvr32.exe "C:\ProgramData\subcvsbm.dat", , [a2a45cf72457a2949f46a06aa85903fd]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yxeyupk, regsvr32.exe "C:\ProgramData\yxeyupk.dat", , [9aac2f2409728babfde87f8b23de4cb4]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bfzejg, regsvr32.exe "C:\ProgramData\bfzejg.dat", , [a6a064ef9be0bd7943a2cc3ea958bc44]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|owdkboi, regsvr32.exe "C:\ProgramData\owdkboi.dat", , [4bfb7ad97efdd36301e487839071a957]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vmmxmh, regsvr32.exe "C:\ProgramData\vmmxmh.dat", , [87bf76dd354668ce7d68709aa859c23e]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ogfxnm, regsvr32.exe "C:\ProgramData\ogfxnm.dat", , [093dc093d1aa989e17cea9613cc5669a]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wvdlfa, regsvr32.exe "C:\ProgramData\wvdlfa.dat", , [02446fe445360432707518f2ab5654ac]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gwwasg, regsvr32.exe "C:\ProgramData\gwwasg.dat", , [43036be84f2c15215f8665a5f809bb45]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ykjanwa, regsvr32.exe "C:\ProgramData\ykjanwa.dat", , [ec5a510280fbd5616481a664e9186898]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|sdicwmzy, regsvr32.exe "C:\ProgramData\sdicwmzy.dat", , [1e283d16d2a9fc3a747152b826db738d]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nohorih, regsvr32.exe "C:\ProgramData\nohorih.dat", , [69dd9cb78bf0072fb5306d9db34e39c7]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|umfrrpv, regsvr32.exe "C:\ProgramData\umfrrpv.dat", , [72d455fe7efdb2840cd932d804fd30d0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hfsgxg, regsvr32.exe "C:\ProgramData\hfsgxg.dat", , [65e156fd9dde072fa243e9217f82cf31]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ubzrgwxy, regsvr32.exe "C:\ProgramData\ubzrgwxy.dat", , [8abcfb588feca591e30274962cd5d729]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gprzsewn, regsvr32.exe "C:\ProgramData\gprzsewn.dat", , [53f364ef2c4fff374b9a0a005da417e9]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|jmvwldv, regsvr32.exe "C:\ProgramData\jmvwldv.dat", , [2521ef645f1c20165a8b66a48081e917]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zinvsfpm, regsvr32.exe "C:\ProgramData\zinvsfpm.dat", , [ae98f55eaecdcc6a667faa6022df1be5]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hnvkpzi, regsvr32.exe "C:\ProgramData\hnvkpzi.dat", , [ca7cd47ff38888ae994c5caec839fd03]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|hbjtbs, regsvr32.exe "C:\ProgramData\hbjtbs.dat", , [ac9a62f11c5ffd39de0701094cb5af51]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wdgjsggl, regsvr32.exe "C:\ProgramData\wdgjsggl.dat", , [a79faaa9abd0ef47f0f5c941c83910f0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|scbjlmic, regsvr32.exe "C:\ProgramData\scbjlmic.dat", , [85c189ca651650e6489d5ab0cb36ad53]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rhercavv, regsvr32.exe "C:\ProgramData\rhercavv.dat", , [a0a665eeb6c55ed83ea760aaaf5210f0]
Trojan.Ransom.Gend, HKU\S-1-5-21-1732376492-3782921457-3814634441-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|vkoconvv, regsvr32.exe "C:\ProgramData\vkoconvv.dat", , [91b5ed66374464d2cc191bef60a13ac6]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 360
Trojan.Ransom.Gend, C:\ProgramData\sydausa.dat, , [5ee83221413a89adf4f114f648b942be], 
Trojan.Ransom.Gend, C:\ProgramData\opvrze.dat, , [d175f162e398ce6806df5ab0659c6b95], 
Trojan.Ransom.Gend, C:\ProgramData\xoulwl.dat, , [2d19a5aeff7c03335095e7230bf69d63], 
Trojan.Ransom.Gend, C:\ProgramData\yvcdlk.dat, , [3e0856fd6516a5915a8bcd3d7e83bd43], 
Trojan.Ransom.Gend, C:\ProgramData\rqlelq.dat, , [68de68ebf58696a03baa81890ef3fe02], 
Trojan.Ransom.Gend, C:\ProgramData\ghmdjzbf.dat, , [e36330239ae1dd595590bf4bcd34dc24], 
Trojan.Ransom.Gend, C:\ProgramData\orjppey.dat, , [1e285cf7ceade650bf26ea20689930d0], 
Trojan.Ransom.Gend, C:\ProgramData\akwmruy.dat, , [dc6a87cc3f3cc76fb92cf713c140ec14], 
Trojan.Ransom.Gend, C:\ProgramData\wbkzscr.dat, , [bb8baea5f4870f27ca1b49c128d9f808], 
Trojan.Ransom.Gend, C:\ProgramData\rkhruab.dat, , [93b33e15abd069cdda0bf01a0cf5c937], 
Trojan.Ransom.Gend, C:\ProgramData\tswywbr.dat, , [ac9a70e3cab191a5925368a2b1506799], 
Trojan.Ransom.Gend, C:\ProgramData\gtsttr.dat, , [af97d083dd9ea393ecf95cae48b92bd5], 
Trojan.Ransom.Gend, C:\ProgramData\qlbzsuz.dat, , [083e32214b30340200e58c7ee918a858], 
Trojan.Ransom.Gend, C:\ProgramData\hopkpyk.dat, , [2c1a3c177704bb7bc1247694ba477789], 
Trojan.Ransom.Gend, C:\ProgramData\ywaqjrvk.dat, , [4bfbd182384374c2786db05a8f7224dc], 
Trojan.Ransom.Gend, C:\ProgramData\ytdxmcy.dat, , [11358cc74b30be78e1048882c9388779], 
Trojan.Ransom.Gend, C:\ProgramData\fkexkl.dat, , [85c15bf8106b1e18e1042bdf7988b050], 
Trojan.Ransom.Gend, C:\ProgramData\kewkgat.dat, , [52f4084b93e894a2499cc545e41dc838], 
Trojan.Ransom.Gend, C:\ProgramData\nakfxw.dat, , [e4622d26245794a2eef73ad0a65b649c], 
Trojan.Ransom.Gend, C:\ProgramData\dybfld.dat, , [0640ef64413a5adc21c4d33709f83dc3], 
Trojan.Ransom.Gend, C:\ProgramData\qiudzu.dat, , [ce785cf7314abd79e401050525dc4db3], 
Trojan.Ransom.Gend, C:\ProgramData\augkjmhx.dat, , [3f071c37c9b296a0de0799719c65f20e], 
Trojan.Ransom.Gend, C:\ProgramData\wvlgfya.dat, , [fe4854ffd6a5231337aed9310ef3ff01], 
Trojan.Ransom.Gend, C:\ProgramData\zfsgiz.dat, , [1036d47f93e8be7808dd5fab29d87090], 
Trojan.Ransom.Gend, C:\ProgramData\wxzstt.dat, , [a5a199ba413a4fe7885d50ba000136ca], 
Trojan.Ransom.Gend, C:\ProgramData\fxhexose.dat, , [c4821b380774a4925a8b6f9b0100f40c], 
Trojan.Ransom.Gend, C:\ProgramData\kbrahtb.dat, , [b78f371c6219360062838486e31eb050], 
Trojan.Ransom.Gend, C:\ProgramData\xcvuiwc.dat, , [0442322135460a2c33b27b8f9071a25e], 
Trojan.Ransom.Gend, C:\ProgramData\cxohfsbs.dat, , [172fdc7777042e084c99c34791702ed2], 
Trojan.Ransom.Gend, C:\ProgramData\unyfcs.dat, , [0f375af94239c67000e55ab0e021817f], 
Trojan.Ransom.Gend, C:\ProgramData\dkngshje.dat, , [004674df671488aeb431ef1bac55758b], 
Trojan.Ransom.Gend, C:\ProgramData\wpuohqtl.dat, , [01450c47cfac0e280ed765a5837e847c], 
Trojan.Ransom.Gend, C:\ProgramData\zglrtzrh.dat, , [c77fe27190ebf2448065878354adc13f], 
Trojan.Ransom.Gend, C:\ProgramData\zmjuaans.dat, , [3f07d47fa7d4ea4c915403070001eb15], 
Trojan.Ransom.Gend, C:\ProgramData\kekoowoq.dat, , [271f94bfe497a49212d3c64437ca6898], 
Trojan.Ransom.Gend, C:\ProgramData\kibsfrj.dat, , [b98dc58e86f5ed4932b322e8679a43bd], 
Trojan.Ransom.Gend, C:\ProgramData\scqnznx.dat, , [80c6da795724da5c0bdae4262cd5ff01], 
Trojan.Ransom.Gend, C:\ProgramData\nwcoqat.dat, , [3016cd8677040b2be7fe7793ad54728e], 
Trojan.Ransom.Gend, C:\ProgramData\tmiwwy.dat, , [2e180a498bf084b2e4018e7c6d94dd23], 
Trojan.Ransom.Gend, C:\ProgramData\kduphzwp.dat, , [43031e35136804323ea76d9d8081fa06], 
Trojan.Ransom.Gend, C:\ProgramData\rotsbzl.dat, , [b6907fd492e99f9729bc63a7a06145bb], 
Trojan.Ransom.Gend, C:\ProgramData\chvsqih.dat, , [52f4b1a21f5c15219c492bdfb051a957], 
Trojan.Ransom.Gend, C:\ProgramData\pdwayvtf.dat, , [91b5163d5f1c221436afb05aea1704fc], 
Trojan.Ransom.Gend, C:\ProgramData\vvezpepa.dat, , [f3534a0935463bfb60857f8be61b8977], 
Trojan.Ransom.Gend, C:\ProgramData\vmsglua.dat, , [c284b59e1269db5b875e50ba8e73a060], 
Trojan.Ransom.Gend, C:\ProgramData\ldbrizde.dat, , [0d39de75c0bb65d1469f8f7bcc352ed2], 
Trojan.Ransom.Gend, C:\ProgramData\yrynwoq.dat, , [cd79361dfb80a88ec32268a22fd2e21e], 
Trojan.Ransom.Gend, C:\ProgramData\vvpmizwr.dat, , [83c3b2a11c5f55e1568fd23831d02cd4], 
Trojan.Ransom.Gend, C:\ProgramData\zfxqmbq.dat, , [e462c48f8eed53e38e57eb1f2cd5cc34], 
Trojan.Ransom.Gend, C:\ProgramData\kqyqbr.dat, , [4df9322190ebc07605e00dfd26db55ab], 
Trojan.Ransom.Gend, C:\ProgramData\xstxowvm.dat, , [e264c291314a320471748486cf3250b0], 
Trojan.Ransom.Gend, C:\ProgramData\jlfumjo.dat, , [c581be952f4c64d2c1246e9c659c748c], 
Trojan.Ransom.Gend, C:\ProgramData\sbtnaz.dat, , [bb8b470c8af1ac8a7d68f01a4ab7be42], 
Trojan.Ransom.Gend, C:\ProgramData\xgabaei.dat, , [3a0cc88ba0db50e6ad38b6542fd257a9], 
Trojan.Ransom.Gend, C:\ProgramData\jymvycl.dat, , [ef57ca893a41092d08dd8a80ce33a45c], 
Trojan.Ransom.Gend, C:\ProgramData\xipthfq.dat, , [ca7c69ea6c0f72c4b92c2edc5fa2bf41], 
Trojan.Ransom.Gend, C:\ProgramData\qumhbg.dat, , [c284242fd9a260d618cd59b1768b1be5], 
Trojan.Ransom.Gend, C:\ProgramData\xklrmbw.dat, , [71d5b49fb0cb2313a1446f9bed147a86], 
Trojan.Ransom.Gend, C:\ProgramData\wujwtt.dat, , [43039eb5bfbc62d4a73eee1c778a8a76], 
Trojan.Ransom.Gend, C:\ProgramData\nqisauz.dat, , [d373c48f0e6d53e373720a0018e906fa], 
Trojan.Ransom.Gend, C:\ProgramData\txvlfjft.dat, , [91b5d2811e5d0630d510e8227b860cf4], 
Trojan.Ransom.Gend, C:\ProgramData\sptrub.dat, , [a1a564ef4635360026bfd5359e63d030], 
Trojan.Ransom.Gend, C:\ProgramData\echlzrq.dat, , [ef575201c1baab8b727345c531d0748c], 
Trojan.Ransom.Gend, C:\ProgramData\yjtipmpf.dat, , [92b4054e621957df984d65a5da2739c7], 
Trojan.Ransom.Gend, C:\ProgramData\eslazdhm.dat, , [a5a1d182661579bd12d3ed1d1ee316ea], 
Trojan.Ransom.Gend, C:\ProgramData\xtxlqa.dat, , [9aaca3b0413a7bbbeff622e8dd248779], 
Trojan.Ransom.Gend, C:\ProgramData\xcvqnge.dat, , [de68b99a4734d85e22c3ea20dd2428d8], 
Trojan.Ransom.Gend, C:\ProgramData\ontimht.dat, , [ef575201e39847efebfaa8629c6560a0], 
Trojan.Ransom.Gend, C:\ProgramData\lralplxh.dat, , [8db9f45fa6d52e08b3328882e31ea35d], 
Trojan.Ransom.Gend, C:\ProgramData\qnpvlx.dat, , [96b0ee654932d95d13d2c24878894db3], 
Trojan.Ransom.Gend, C:\ProgramData\yojgvmdf.dat, , [bf873320fe7dbc7a7273b45602ffd52b], 
Trojan.Ransom.Gend, C:\ProgramData\odkixd.dat, , [ac9af75c5229fc3ab62f000aa45d8d73], 
Trojan.Ransom.Gend, C:\ProgramData\ozkvvh.dat, , [6bdb9eb5dba078bef0f5a5655da414ec], 
Trojan.Ransom.Gend, C:\ProgramData\cvcpio.dat, , [e95d8fc484f788ae994cfc0e6f929d63], 
Trojan.Ransom.Gend, C:\ProgramData\lefpnu.dat, , [232330236b10c96d568f56b46a97be42], 
Trojan.Ransom.Gend, C:\ProgramData\ftghazg.dat, , [65e197bcc2b950e645a0f218d52c966a], 
Trojan.Ransom.Gend, C:\ProgramData\qkibmruv.dat, , [5ee81c370774082e677e759530d1cf31], 
Trojan.Ransom.Gend, C:\ProgramData\fpgofrm.dat, , [3d0969ea2e4dd3636e77f515e02138c8], 
Trojan.Ransom.Gend, C:\ProgramData\oeqrpt.dat, , [5aec183b0a71e353a243e822cb36a858], 
Trojan.Ransom.Gend, C:\ProgramData\egchjwb.dat, , [d76f6ae9a2d961d520c5739750b1758b], 
Trojan.Ransom.Gend, C:\ProgramData\sioksamm.dat, , [72d450030f6ce155b1345cae2ed302fe], 
Trojan.Ransom.Gend, C:\ProgramData\kiskitj.dat, , [82c4b1a2215a9d99ecf9b05a9c659769], 
Trojan.Ransom.Gend, C:\ProgramData\qxhoydtq.dat, , [d96d4b089ddec47202e34bbf7e83b848], 
Trojan.Ransom.Gend, C:\ProgramData\wxxcbpfg.dat, , [fc4afc57483359ddca1b7d8d7d8402fe], 
Trojan.Ransom.Gend, C:\ProgramData\bowflvd.dat, , [a0a623306d0eaa8c70752bdfe61b9b65], 
Trojan.Ransom.Gend, C:\ProgramData\lzxebdq.dat, , [00466ee51d5e61d59550ae5c44bdbf41], 
Trojan.Ransom.Gend, C:\ProgramData\hcpter.dat, , [59edc291d2a9ef47ebfab05ab9487c84], 
Trojan.Ransom.Gend, C:\ProgramData\thqvrw.dat, , [301688cbc1ba7bbb21c40604e120ab55], 
Trojan.Ransom.Gend, C:\ProgramData\ctbtzh.dat, , [68deaea50279a78f11d4050549b80cf4], 
Trojan.Ransom.Gend, C:\ProgramData\wguzsgs.dat, , [58ee22312b504ee8c61f62a850b1e31d], 
Trojan.Ransom.Gend, C:\ProgramData\nwjcis.dat, , [a0a6f360e992ee48994cf911cd347c84], 
Trojan.Ransom.Gend, C:\ProgramData\xrclurq.dat, , [d6707fd4e6959a9cbe27d03a09f8fd03], 
Trojan.Ransom.Gend, C:\ProgramData\zzqkwk.dat, , [0c3aef643942310501e412f8df2250b0], 
Trojan.Ransom.Gend, C:\ProgramData\qbkkdyd.dat, , [31150152215a94a2e203ab5fa45daf51], 
Trojan.Ransom.Gend, C:\ProgramData\tzfzdm.dat, , [15317bd8a1daa1953aabd53560a14bb5], 
Trojan.Ransom.Gend, C:\ProgramData\fyjcruhg.dat, , [370f282b215a62d42abbe327c63ba759], 
Trojan.Ransom.Gend, C:\ProgramData\czmsejka.dat, , [26201d3679026fc7faebe5259071a060], 
Trojan.Ransom.Gend, C:\ProgramData\ofpuzzbl.dat, , [7dc9054e4c2f85b1f9ec20eade23c838], 
Trojan.Ransom.Gend, C:\ProgramData\alqeve.dat, , [de68322118635ed8a63fde2c05fced13], 
Trojan.Ransom.Gend, C:\ProgramData\mnfosn.dat, , [6fd7ce85e09bea4ca243fd0d0ff247b9], 
Trojan.Ransom.Gend, C:\ProgramData\dnjdhfk.dat, , [58ee1d367407a195c61f2fdb25dc6b95], 
Trojan.Ransom.Gend, C:\ProgramData\crbijv.dat, , [2d190b48d4a7e94d07dea06ac23fae52], 
Trojan.Ransom.Gend, C:\ProgramData\nesoygi.dat, , [59edc68d661575c106df9674b948649c], 
Trojan.Ransom.Gend, C:\ProgramData\ztxgjbe.dat, , [0442b2a1443789add80d7c8eaa57b34d], 
Trojan.Ransom.Gend, C:\ProgramData\yrgelpur.dat, , [db6b7ad906750333d01529e149b8fb05], 
Trojan.Ransom.Gend, C:\ProgramData\ikfttudu.dat, , [242294bf32496dc945a029e1b8491ae6], 
Trojan.Ransom.Gend, C:\ProgramData\ocxmdlec.dat, , [72d4084baad12f079352808a01003dc3], 
Trojan.Ransom.Gend, C:\ProgramData\frxille.dat, , [81c5e76c5d1e56e07d6842c810f16997], 
Trojan.Ransom.Gend, C:\ProgramData\zydnsex.dat, , [b78ff063b2c980b6cd18a26830d13dc3], 
Trojan.Ransom.Gend, C:\ProgramData\rdaeygu.dat, , [7acc4c07ef8cf14520c5907a5ea3f40c], 
Trojan.Ransom.Gend, C:\ProgramData\lcpuvgr.dat, , [c581391a44373bfbb134ae5cc33e41bf], 
Trojan.Ransom.Gend, C:\ProgramData\lsobjw.dat, , [2c1a72e189f275c1a93c51b9d42d7a86], 
Trojan.Ransom.Gend, C:\ProgramData\acdjwcld.dat, , [7ec8c78c1566ad890ed718f2d82939c7], 
Trojan.Ransom.Gend, C:\ProgramData\hottri.dat, , [59ed41129fdc2e08cc197f8bc63b04fc], 
Trojan.Ransom.Gend, C:\ProgramData\fsnfye.dat, , [0343bf94a9d251e5a93c55b5e41d17e9], 
Trojan.Ransom.Gend, C:\ProgramData\nbegcw.dat, , [84c264ef146745f15e87080241c09b65], 
Trojan.Ransom.Gend, C:\ProgramData\owoizvw.dat, , [93b395bed6a591a55a8ba169a45d55ab], 
Trojan.Ransom.Gend, C:\ProgramData\uccfuha.dat, , [f650b49f413a1422d80d0406ba47966a], 
Trojan.Ransom.Gend, C:\ProgramData\zpnbop.dat, , [6bdbc093582357df35b064a6f50c2dd3], 
Trojan.Ransom.Gend, C:\ProgramData\hgkmpn.dat, , [a5a17bd894e7e353727311f9699837c9], 
Trojan.Ransom.Gend, C:\ProgramData\lpxnfzff.dat, , [1a2cb69d4b30a2945a8bae5c0bf69f61], 
Trojan.Ransom.Gend, C:\ProgramData\wggbaep.dat, , [cf77b79c09724beb776edf2b1be6ec14], 
Trojan.Ransom.Gend, C:\ProgramData\lrbbjx.dat, , [a6a060f31c5f3df9f4f18288639e639d], 
Trojan.Ransom.Gend, C:\ProgramData\fmodhpc.dat, , [57ef084b7ffc77bf875e48c2a75a50b0], 
Trojan.Ransom.Gend, C:\ProgramData\xzeisgli.dat, , [212599ba6912d95d15d0ba50b44dae52], 
Trojan.Ransom.Gend, C:\ProgramData\efqiij.dat, , [46000f4482f9fd3905e056b4e71a649c], 
Trojan.Ransom.Gend, C:\ProgramData\mbrdjg.dat, , [ad99cc87b1cafb3bcb1a26e436cb19e7], 
Trojan.Ransom.Gend, C:\ProgramData\fnrlsb.dat, , [c87e7dd69fdc9a9c02e3a26830d1eb15], 
Trojan.Ransom.Gend, C:\ProgramData\ahdlkoko.dat, , [ff4711424c2ff2442db87b8ff110d030], 
Trojan.Ransom.Gend, C:\ProgramData\vqeaan.dat, , [0b3bbe95681384b2af36bc4e5da40ff1], 
Trojan.Ransom.Gend, C:\ProgramData\onvgsca.dat, , [f056e46fc2b9b6805f8664a6cb36b050], 
Trojan.Ransom.Gend, C:\ProgramData\mwsnmu.dat, , [b492fb58354620160adb3bcf39c833cd], 
Trojan.Ransom.Gend, C:\ProgramData\vqwrgk.dat, , [3016ce853f3c0432766f38d25fa232ce], 
Trojan.Ransom.Gend, C:\ProgramData\uqsoqxe.dat, , [0d3979da95e6989e766fc5459b668977], 
Trojan.Ransom.Gend, C:\ProgramData\vegxji.dat, , [a1a55003c3b8a6902fb6f812659c7c84], 
Trojan.Ransom.Gend, C:\ProgramData\abmdlo.dat, , [4ff74a09ef8c71c5a0450a00629f867a], 
Trojan.Ransom.Gend, C:\ProgramData\yiynci.dat, , [8db9153e23585fd72eb7f218e12028d8], 
Trojan.Ransom.Gend, C:\ProgramData\sfnfvxyl.dat, , [5fe74013f38861d55b8ac3473fc2a759], 
Trojan.Ransom.Gend, C:\ProgramData\ivfcxwrf.dat, , [192d5af98bf0b6808a5b3dcd37ca13ed], 
Trojan.Ransom.Gend, C:\ProgramData\crpwykl.dat, , [76d0064dd6a5a690d312c64459a86a96], 
Trojan.Ransom.Gend, C:\ProgramData\wlbwyx.dat, , [23239db60a7158defde8f21856abd32d], 
Trojan.Ransom.Gend, C:\ProgramData\damihrh.dat, , [3c0a381ba1da57dfe40130da010045bb], 
Trojan.Ransom.Gend, C:\ProgramData\wrocbqvu.dat, , [92b4b49fccaf83b3b92c4fbb31d0837d], 
Trojan.Ransom.Gend, C:\ProgramData\tldzyol.dat, , [192da3b0fd7e82b41fc67f8b728f49b7], 
Trojan.Ransom.Gend, C:\ProgramData\lkkdre.dat, , [5ee8c68dd7a46ccae9fc63a7d22f669a], 
Trojan.Ransom.Gend, C:\ProgramData\oigsjr.dat, , [51f5e3701863053122c3d139867bb54b], 
Trojan.Ransom.Gend, C:\ProgramData\vujohlcg.dat, , [4501cb88552665d14e97b8521ee347b9], 
Trojan.Ransom.Gend, C:\ProgramData\aypljo.dat, , [f155d47f8af14ee88d586b9f44bd16ea], 
Trojan.Ransom.Gend, C:\ProgramData\khfpqx.dat, , [6adc76dd2853f541f3f24ebc09f8817f], 
Trojan.Ransom.Gend, C:\ProgramData\rfctrv.dat, , [7acc93c02952290d0ed7f31729d8629e], 
Trojan.Ransom.Gend, C:\ProgramData\qkupvsjd.dat, , [25214d065427c1758b5afe0ca75a0df3], 
Trojan.Ransom.Gend, C:\ProgramData\hotqrnlp.dat, , [1f27c88b116abf77d80d0406c0419b65], 
Trojan.Ransom.Gend, C:\ProgramData\nqldnkkp.dat, , [182e2e259ae14beb0cd930da976ab749], 
Trojan.Ransom.Gend, C:\ProgramData\kdoymazc.dat, , [182e59fa92e99f97e401c446e71a51af], 
Trojan.Ransom.Gend, C:\ProgramData\itaidt.dat, , [f84e0b4895e687af796c3cce11f0af51], 
Trojan.Ransom.Gend, C:\ProgramData\rhxkvs.dat, , [b98da7acf08b6acce9fc57b34eb3e11f], 
Trojan.Ransom.Gend, C:\ProgramData\beplkprz.dat, , [68dec48fdba00f2763826e9c0cf55da3], 
Trojan.Ransom.Gend, C:\ProgramData\tdacip.dat, , [73d350039dde7cba61840efc54ad46ba], 
Trojan.Ransom.Gend, C:\ProgramData\wobbxfzr.dat, , [4501b89bbebd57df974e57b35aa72fd1], 
Trojan.Ransom.Gend, C:\ProgramData\wnrdft.dat, , [a3a391c276056dc95f86779378898e72], 
Trojan.Ransom.Gend, C:\ProgramData\mdjesz.dat, , [2f17c19232490036faebdc2e24dd26da], 
Trojan.Ransom.Gend, C:\ProgramData\rshbmrj.dat, , [ec5acb88accfd660a144df2b49b83ec2], 
Trojan.Ransom.Gend, C:\ProgramData\uvtcoo.dat, , [b39378db6516d5618d586b9fc33efc04], 
Trojan.Ransom.Gend, C:\ProgramData\cdtsjrv.dat, , [63e382d11e5ddd59af3632d8b54c49b7], 
Trojan.Ransom.Gend, C:\ProgramData\lihmub.dat, , [4501c58ec2b99c9a6a7b9377c041629e], 
Trojan.Ransom.Gend, C:\ProgramData\tkygcpd.dat, , [6fd723309edd3cfa5590799125dc926e], 
Trojan.Ransom.Gend, C:\ProgramData\vyzlvpzl.dat, , [73d3183b6714cc6ab72e7892aa5750b0], 
Trojan.Ransom.Gend, C:\ProgramData\qokmcg.dat, , [69ddc48fd2a9e74f0ed7898159a87789], 
Trojan.Ransom.Gend, C:\ProgramData\vedcseu.dat, , [df67b79c007bde58af362ae0a0617e82], 
Trojan.Ransom.Gend, C:\ProgramData\siutfih.dat, , [bb8bc390314ab87e9a4b7e8cda2704fc], 
Trojan.Ransom.Gend, C:\ProgramData\ydmgbey.dat, , [c482c68d314ac0767d6846c4c140ad53], 
Trojan.Ransom.Gend, C:\ProgramData\cegxzj.dat, , [49fdaaa96c0f60d6c124060445bc966a], 
Trojan.Ransom.Gend, C:\ProgramData\njfcrq.dat, , [7bcbc39015660531a44101094db4936d], 
Trojan.Ransom.Gend, C:\ProgramData\xufmenec.dat, , [e85eed661269aa8c28bdab5f34cdab55], 
Trojan.Ransom.Gend, C:\ProgramData\hwfanw.dat, , [82c47fd4037858de1ec719f18c753ec2], 
Trojan.Ransom.Gend, C:\ProgramData\adhhpn.dat, , [d5710c4784f7f541ca1bb8527c85748c], 
Trojan.Ransom.Gend, C:\ProgramData\uyocwu.dat, , [024469eab7c460d6776e2ddd41c08080], 
Trojan.Ransom.Gend, C:\ProgramData\mryuukk.dat, , [370fb49fdc9f1026b233bc4efc0513ed], 
Trojan.Ransom.Gend, C:\ProgramData\uvnzqhj.dat, , [2323361d98e3b87e588d0505936e52ae], 
Trojan.Ransom.Gend, C:\ProgramData\nnbbxspl.dat, , [96b0a4af17641e18db0ab05a699807f9], 
Trojan.Ransom.Gend, C:\ProgramData\qkxuhdp.dat, , [b19569ea2c4f2a0cd70e84866b96fa06], 
Trojan.Ransom.Gend, C:\ProgramData\lypmlqh.dat, , [c185e46fbdbec3737d6883875ca560a0], 
Trojan.Ransom.Gend, C:\ProgramData\sicvzq.dat, , [0e380d461b6082b4da0b0505778ae21e], 
Trojan.Ransom.Gend, C:\ProgramData\kmeewmr.dat, , [70d6ff546b104de9eff623e75fa2f20e], 
Trojan.Ransom.Gend, C:\ProgramData\zcnrhfuo.dat, , [f74f5af9b4c7bf77f9ec38d208f917e9], 
Trojan.Ransom.Gend, C:\ProgramData\qaqxvc.dat, , [6dd96ce71d5e5dd98d5834d6ca37c23e], 
Trojan.Ransom.Gend, C:\ProgramData\xgabzp.dat, , [db6b292aa0db78be0adbd7330100b947], 
Trojan.Ransom.Gend, C:\ProgramData\tihwmlqv.dat, , [c482ba9942391f17f0f5fd0de8192ed2], 
Trojan.Ransom.Gend, C:\ProgramData\gvfodygv.dat, , [af9721325f1ce551786dfe0c45bc1ce4], 
Trojan.Ransom.Gend, C:\ProgramData\imbmwp.dat, , [7ccaf360611abd79974e7892699860a0], 
Trojan.Ransom.Gend, C:\ProgramData\rlsnho.dat, , [69dd4a0924575adcf1f4f31712eff60a], 
Trojan.Ransom.Gend, C:\ProgramData\ezcftb.dat, , [bf87ed66de9dfe3894515cae9e63728e], 
Trojan.Ransom.Gend, C:\ProgramData\dylurqaj.dat, , [d86e252ebbc0a88e766ff416aa5712ee], 
Trojan.Ransom.Gend, C:\ProgramData\kqxdfq.dat, , [93b38fc480fb082ee00536d417eacf31], 
Trojan.Ransom.Gend, C:\ProgramData\fwqvrc.dat, , [1e282231d1aa6dc9e6ff79914ab7a45c], 
Trojan.Ransom.Gend, C:\ProgramData\fiowwzr.dat, , [1d2900530378280e776e3bcf639e07f9], 
Trojan.Ransom.Gend, C:\ProgramData\mfvufevu.dat, , [0046e56eb2c9fb3bc91c19f1fa074eb2], 
Trojan.Ransom.Gend, C:\ProgramData\omdvxdb.dat, , [5fe7d1821665a88e5d88fa108a7729d7], 
Trojan.Ransom.Gend, C:\ProgramData\qtytqd.dat, , [222477dcf18a64d28e57c446b34ea957], 
Trojan.Ransom.Gend, C:\ProgramData\amlxnde.dat, , [4204c48f96e51f170cd90efc18e949b7], 
Trojan.Ransom.Gend, C:\ProgramData\pcclyvzp.dat, , [321463f081fa132304e1c04a20e1d030], 
Trojan.Ransom.Gend, C:\ProgramData\fawvfpyv.dat, , [82c460f3c3b83bfb6a7bb95152afd52b], 
Trojan.Ransom.Gend, C:\ProgramData\uqnbqis.dat, , [7ccafd564b309d9972733dcdc839a25e], 
Trojan.Ransom.Gend, C:\ProgramData\zlvmzy.dat, , [fe489cb79fdc3afc42a346c4d42d936d], 
Trojan.Ransom.Gend, C:\ProgramData\ihmhyrpv.dat, , [50f6f45fceadf244b82d17f32ed3e917], 
Trojan.Ransom.Gend, C:\ProgramData\uzhvesu.dat, , [84c29cb71e5dcf6703e220eaa65b22de], 
Trojan.Ransom.Gend, C:\ProgramData\zhiwpw.dat, , [0541252eef8c33037e67fa10758cce32], 
Trojan.Ransom.Gend, C:\ProgramData\fahaxi.dat, , [49fdcc87bdbe8fa7cc1917f3cd3429d7], 
Trojan.Ransom.Gend, C:\ProgramData\bxkslz.dat, , [d472371c84f787af598cef1b5ba656aa], 
Trojan.Ransom.Gend, C:\ProgramData\aufbvo.dat, , [e85e7ad9314aa6900fd615f50ef38878], 
Trojan.Ransom.Gend, C:\ProgramData\mgpdlkzh.dat, , [5ee8ca890e6d88aefde8f61446bb10f0], 
Trojan.Ransom.Gend, C:\ProgramData\dekjgi.dat, , [86c079dae992de586d785dadc0418c74], 
Trojan.Ransom.Gend, C:\ProgramData\putmaj.dat, , [c482f85b5b20f442b035e228ff02a35d], 
Trojan.Ransom.Gend, C:\ProgramData\tlvfwu.dat, , [b096193a86f5142203e28d7d748de020], 
Trojan.Ransom.Gend, C:\ProgramData\uazvct.dat, , [b690064da0dba98df0f5a2684ab71fe1], 
Trojan.Ransom.Gend, C:\ProgramData\rqdvqkh.dat, , [aa9c95be3d3e0c2a5b8a17f3639ec23e], 
Trojan.Ransom.Gend, C:\ProgramData\hbxpxsoo.dat, , [c97d9cb7f982e254b92c1ded50b1da26], 
Trojan.Ransom.Gend, C:\ProgramData\subcvsbm.dat, , [a2a45cf72457a2949f46a06aa85903fd], 
Trojan.Ransom.Gend, C:\ProgramData\yxeyupk.dat, , [9aac2f2409728babfde87f8b23de4cb4], 
Trojan.Ransom.Gend, C:\ProgramData\bfzejg.dat, , [a6a064ef9be0bd7943a2cc3ea958bc44], 
Trojan.Ransom.Gend, C:\ProgramData\owdkboi.dat, , [4bfb7ad97efdd36301e487839071a957], 
Trojan.Ransom.Gend, C:\ProgramData\vmmxmh.dat, , [87bf76dd354668ce7d68709aa859c23e], 
Trojan.Ransom.Gend, C:\ProgramData\ogfxnm.dat, , [093dc093d1aa989e17cea9613cc5669a], 
Trojan.Ransom.Gend, C:\ProgramData\wvdlfa.dat, , [02446fe445360432707518f2ab5654ac], 
Trojan.Ransom.Gend, C:\ProgramData\gwwasg.dat, , [43036be84f2c15215f8665a5f809bb45], 
Trojan.Ransom.Gend, C:\ProgramData\ykjanwa.dat, , [ec5a510280fbd5616481a664e9186898], 
Trojan.Ransom.Gend, C:\ProgramData\sdicwmzy.dat, , [1e283d16d2a9fc3a747152b826db738d], 
Trojan.Ransom.Gend, C:\ProgramData\nohorih.dat, , [69dd9cb78bf0072fb5306d9db34e39c7], 
Trojan.Ransom.Gend, C:\ProgramData\umfrrpv.dat, , [72d455fe7efdb2840cd932d804fd30d0], 
Trojan.Ransom.Gend, C:\ProgramData\hfsgxg.dat, , [65e156fd9dde072fa243e9217f82cf31], 
Trojan.Ransom.Gend, C:\ProgramData\ubzrgwxy.dat, , [8abcfb588feca591e30274962cd5d729], 
Trojan.Ransom.Gend, C:\ProgramData\gprzsewn.dat, , [53f364ef2c4fff374b9a0a005da417e9], 
Trojan.Ransom.Gend, C:\ProgramData\jmvwldv.dat, , [2521ef645f1c20165a8b66a48081e917], 
Trojan.Ransom.Gend, C:\ProgramData\zinvsfpm.dat, , [ae98f55eaecdcc6a667faa6022df1be5], 
Trojan.Ransom.Gend, C:\ProgramData\hnvkpzi.dat, , [ca7cd47ff38888ae994c5caec839fd03], 
Trojan.Ransom.Gend, C:\ProgramData\hbjtbs.dat, , [ac9a62f11c5ffd39de0701094cb5af51], 
Trojan.Ransom.Gend, C:\ProgramData\wdgjsggl.dat, , [a79faaa9abd0ef47f0f5c941c83910f0], 
Trojan.Ransom.Gend, C:\ProgramData\scbjlmic.dat, , [85c189ca651650e6489d5ab0cb36ad53], 
Trojan.Ransom.Gend, C:\ProgramData\rhercavv.dat, , [a0a665eeb6c55ed83ea760aaaf5210f0], 
Trojan.Ransom.Gend, C:\ProgramData\vkoconvv.dat, , [91b5ed66374464d2cc191bef60a13ac6], 
Trojan.Ransom.Gend, C:\ProgramData\gsvfqcro.dat, , [c482afa425563303bb2ac24844bdf40c], 
Trojan.Ransom.Gend, C:\ProgramData\harfsd.dat, , [9caa22315f1cca6c757029e104fd40c0], 
Trojan.Ransom.Gend, C:\ProgramData\hbsoex.dat, , [a4a2b49f2b5082b414d14dbd53aedd23], 
Trojan.Ransom.Gend, C:\ProgramData\hrrrhc.dat, , [3511b2a1710a3501d312d8320ff2d12f], 
Trojan.Ransom.Gend, C:\ProgramData\hyulrhk.dat, , [083eb99aee8dcb6bb233f119926f6898], 
Trojan.Ransom.Gend, C:\ProgramData\iceswu.dat, , [e66088cba2d91d19bd28ff0b010057a9], 
Trojan.Ransom.Gend, C:\ProgramData\igpblyrm.dat, , [50f6c291accf10265095a66478895ba5], 
Trojan.Ransom.Gend, C:\ProgramData\spwcdqp.dat, , [e85e72e16219dd597f668a802ad717e9], 
Trojan.Ransom.Gend, C:\ProgramData\szwukrff.dat, , [62e4f1621a6121153baabc4e41c0966a], 
Trojan.Ransom.Gend, C:\ProgramData\tbfvazv.dat, , [50f6a7ac2259dd59e104d1391ee30ef2], 
Trojan.Ransom.Gend, C:\ProgramData\tgilkdn.dat, , [0c3a4112700ba294b82dfd0d4bb6e11f], 
Trojan.Ransom.Gend, C:\ProgramData\thdnnqcq.dat, , [73d399ba8deeed49f3f2a6649d64f30d], 
Trojan.Ransom.Gend, C:\ProgramData\thwobxy.dat, , [4303094a0972a69030b5e5250cf5d32d], 
Trojan.Ransom.Gend, C:\ProgramData\tydakf.dat, , [2a1c7ed5e893af87e6ff1bef21e022de], 
Trojan.Ransom.Gend, C:\ProgramData\tzozhbfz.dat, , [8abc2231d9a2aa8c7c69e22834cd25db], 
Trojan.Ransom.Gend, C:\ProgramData\dfeqnw.dat, , [e3634f04691248ee687d2ae0f30efb05], 
Trojan.Ransom.Gend, C:\ProgramData\dleresaj.dat, , [9da92132c5b6f83ed114a7637f822dd3], 
Trojan.Ransom.Gend, C:\ProgramData\dremjjk.dat, , [66e063f0c4b79b9be1042fdbb15032ce], 
Trojan.Ransom.Gend, C:\ProgramData\drzzal.dat, , [7dc97fd4bebd3600ab3a060441c04bb5], 
Trojan.Ransom.Gend, C:\ProgramData\dzxphpl.dat, , [ea5cc98a9cdfef47d114898115ec6f91], 
Trojan.Ransom.Gend, C:\ProgramData\egszwoh.dat, , [bd8995be2a510c2a4a9bd634b64b49b7], 
Trojan.Ransom.Gend, C:\ProgramData\ejbiwesq.dat, , [b294193ab1ca072f875e34d6a160e917], 
Trojan.Ransom.Gend, C:\ProgramData\ertepuan.dat, , [d47259fac8b3a4928e577199887941bf], 
Trojan.Ransom.Gend, C:\ProgramData\euzlke.dat, , [a4a2b49fd7a49a9c5392d53519e81be5], 
Trojan.Ransom.Gend, C:\ProgramData\wenzsbju.dat, , [7bcbdd76afccda5cedf8a1696b96e020], 
Trojan.Ransom.Gend, C:\ProgramData\wfrrtdsr.dat, , [b195bd96ed8ebc7a3baacf3b7c85966a], 
Trojan.Ransom.Gend, C:\ProgramData\wiwisxrt.dat, , [0b3b3e1577041d198164818981808779], 
Trojan.Ransom.Gend, C:\ProgramData\wiypvyb.dat, , [e85e7cd7c2b9112544a16b9fa55c916f], 
Trojan.Ransom.Gend, C:\ProgramData\wsgzncg.dat, , [b88ee0734d2e61d53baa8f7b22dfc33d], 
Trojan.Ransom.Gend, C:\ProgramData\xmchpl.dat, , [90b6cf8426555bdbc520040641c0ac54], 
Trojan.Ransom.Gend, C:\ProgramData\nhwnofcq.dat, , [3c0a7fd4552689adfbea39d157aa7b85], 
Trojan.Ransom.Gend, C:\ProgramData\nmphbyr.dat, , [71d582d1bdbeda5c4e970cfea9586d93], 
Trojan.Ransom.Gend, C:\ProgramData\nvfxio.dat, , [6adc73e082f964d2e8fdbc4e649daa56], 
Trojan.Ransom.Gend, C:\ProgramData\nzflsf.dat, , [6fd7044fd1aa44f29d485cae768b57a9], 
Trojan.Ransom.Gend, C:\ProgramData\obziksr.dat, , [71d510430f6c88ae707562a8ce337789], 
Trojan.Ransom.Gend, C:\ProgramData\qkpopckk.dat, , [a2a43f142754b383df061ceea75ab24e], 
Trojan.Ransom.Gend, C:\ProgramData\quhzafn.dat, , [96b084cfdba0ae880ed713f73fc2f010], 
Trojan.Ransom.Gend, C:\ProgramData\yfvhfm.dat, , [390df360532892a44b9a7c8ec14021df], 
Trojan.Ransom.Gend, C:\ProgramData\yrzvxr.dat, , [2026460d4f2c44f26085b75360a1b947], 
Trojan.Ransom.Gend, C:\ProgramData\ywnkheo.dat, , [163096bdc7b450e6796c080268998e72], 
Trojan.Ransom.Gend, C:\ProgramData\zgfegdqg.dat, , [281e60f398e3340222c3e426ce33b947], 
Trojan.Ransom.Gend, C:\ProgramData\zrejjm.dat, , [93b3ee65e19a90a67a6bf119e31e7987], 
Trojan.Ransom.Gend, C:\ProgramData\zuzfyi.dat, , [2c1a43106912b383a63f6f9bc53c07f9], 
Trojan.Ransom.Gend, C:\ProgramData\zxefrk.dat, , [2125064d017a73c36481af5b857c8d73], 
Trojan.Ransom.Gend, C:\ProgramData\zxtvtwty.dat, , [e363e370b8c38babf0f547c3fc05ec14], 
Trojan.Ransom.Gend, C:\ProgramData\zzbzyul.dat, , [192def64ec8f94a250959872926fb44c], 
Trojan.Ransom.Gend, C:\ProgramData\klvuob.dat, , [034332210b70ff37a540a466c73a8878], 
Trojan.Ransom.Gend, C:\ProgramData\kpwvutu.dat, , [1b2bd67d65162214568f5baf50b1946c], 
Trojan.Ransom.Gend, C:\ProgramData\kpyraqb.dat, , [5fe7eb6884f733038f5659b12bd6c937], 
Trojan.Ransom.Gend, C:\ProgramData\ktflifov.dat, , [62e461f2abd048ee0cd9907a857c926e], 
Trojan.Ransom.Gend, C:\ProgramData\laqkgx.dat, , [3610391a4734c175d90ca2689f620df3], 
Trojan.Ransom.Gend, C:\ProgramData\ldfasox.dat, , [5fe785cebbc087af8b5ad832679ab14f], 
Trojan.Ransom.Gend, C:\ProgramData\letpsj.dat, , [fa4c0b48cdae37ffebfa4fbb7c856997], 
Trojan.Ransom.Gend, C:\ProgramData\fagydlc.dat, , [c28471e2047722148e57df2be61b8080], 
Trojan.Ransom.Gend, C:\ProgramData\fakorh.dat, , [88be1d36c7b448ee3ca97b8f12ef32ce], 
Trojan.Ransom.Gend, C:\ProgramData\fdhuwn.dat, , [94b28ec5a4d75dd95b8aee1cd1301ce4], 
Trojan.Ransom.Gend, C:\ProgramData\fkjgwj.dat, , [af970350adcea09644a18d7d827f946c], 
Trojan.Ransom.Gend, C:\ProgramData\flxght.dat, , [054157fc48339b9b786dc9413dc4956b], 
Trojan.Ransom.Gend, C:\ProgramData\fnkjwxbo.dat, , [c086ca895c1fd165d60fa961867b18e8], 
Trojan.Ransom.Gend, C:\ProgramData\gckltq.dat, , [0f377ed562193402588d26e4ca37ce32], 
Trojan.Ransom.Gend, C:\ProgramData\gijtfje.dat, , [a1a5a5ae2c4fd462c223a36710f125db], 
Trojan.Ransom.Gend, C:\ProgramData\gnjjqeb.dat, , [420442111764a88e36afb6540bf657a9], 
Trojan.Ransom.Gend, C:\ProgramData\uqiudqd.dat, , [5bebf85be7942412c61f43c7c33e39c7], 
Trojan.Ransom.Gend, C:\ProgramData\urvckye.dat, , [5aecf95a6c0fcf6713d27793b34ee41c], 
Trojan.Ransom.Gend, C:\ProgramData\uvapvvk.dat, , [71d58dc6661594a2d80d42c825dcba46], 
Trojan.Ransom.Gend, C:\ProgramData\uzttmgz.dat, , [fc4a7bd8a4d7c076578ed7339b66a060], 
Trojan.Ransom.Gend, C:\ProgramData\vddfnuws.dat, , [65e169ea37444cea17cebd4d48b99967], 
Trojan.Ransom.Gend, C:\ProgramData\vfgbpojp.dat, , [cb7be46f1764033339aca06a6a9755ab], 
Trojan.Ransom.Gend, C:\ProgramData\vklvwoo.dat, , [7dc956fd1d5e65d194519179a75a19e7], 
Trojan.Ransom.Gend, C:\ProgramData\vmlhait.dat, , [d3738bc8374455e1f5f017f34fb228d8], 
Trojan.Ransom.Gend, C:\ProgramData\aqenejnu.dat, , [3d09ea690b70a096f7ee8288956c6a96], 
Trojan.Ransom.Gend, C:\ProgramData\awdjro.dat, , [ad99fe550a71df5730b50dfd857c619f], 
Trojan.Ransom.Gend, C:\ProgramData\bhpfdds.dat, , [cb7b7fd433487abceef7ef1b91709769], 
Trojan.Ransom.Gend, C:\ProgramData\bidrdk.dat, , [5fe7b99afa81999dca1bda30d130f709], 
Trojan.Ransom.Gend, C:\ProgramData\bijfzyt.dat, , [68deafa4a7d487af21c40703ad54f907], 
Trojan.Ransom.Gend, C:\ProgramData\bmhzfgk.dat, , [ad99ec679eddd85e04e1bf4b0bf67b85], 
Trojan.Ransom.Gend, C:\ProgramData\buwuwp.dat, , [192db69db8c38aacebfafd0d10f1b050], 
Trojan.Ransom.Gend, C:\ProgramData\bxqmnsk.dat, , [1a2c8fc41c5f37ffc025c54507fac53b], 
Trojan.Ransom.Gend, C:\ProgramData\bytkom.dat, , [1e2854ffa9d29b9b796c7496768bc23e], 
Trojan.Ransom.Gend, C:\ProgramData\cikwew.dat, , [e85e7ed52556af8707de63a726db13ed], 
Trojan.Ransom.Gend, C:\ProgramData\ciypnbnr.dat, , [3e0879dabcbfbd79b530a96130d14ab6], 
Trojan.Ransom.Gend, C:\ProgramData\czcokulv.dat, , [fc4afb5842395ed864812fdb669b1de3], 
Trojan.Ransom.Gend, C:\ProgramData\rpscie.dat, , [fe48ec672952d85e2db8cc3ef70a39c7], 
Trojan.Ransom.Gend, C:\ProgramData\sehdkaz.dat, , [e165c58ef6854ee8f8edcc3e9968c739], 
Trojan.Ransom.Gend, C:\ProgramData\sgghov.dat, , [2125044f5625bb7b2abbd2388879d52b], 
Trojan.Ransom.Gend, C:\ProgramData\shtchp.dat, , [f05687cc6f0c16207a6be5250af717e9], 
Trojan.Ransom.Gend, C:\ProgramData\shzjpp.dat, , [62e460f395e60f27697c7d8da1606f91], 
Trojan.Ransom.Gend, C:\ProgramData\skmhxcgj.dat, , [47ff8ac95f1cc2744a9b36d446bb48b8], 
Trojan.Ransom.Gend, C:\ProgramData\ikgqfuqv.dat, , [e85eb1a2fb80b185dd08fc0e8a77b54b], 
Trojan.Ransom.Gend, C:\ProgramData\ikpihhw.dat, , [f35384cf4239979f489d030731d046ba], 
Trojan.Ransom.Gend, C:\ProgramData\ixsjsq.dat, , [3610262d98e36bcb5b8a32d853aeb947], 
Trojan.Ransom.Gend, C:\ProgramData\jeztmmy.dat, , [f55190c3c1baa0966a7b57b304fd1ae6], 
Trojan.Ransom.Gend, C:\ProgramData\jmsoiz.dat, , [8eb8262d413af14511d4ec1e09f8b050], 
Trojan.Ransom.Gend, C:\ProgramData\jycrgzh.dat, , [87bf69eac9b24ee8ad38c347cc3545bb], 
Trojan.Ransom.Gend, C:\ProgramData\jznjvvfl.dat, , [ff47b49f0f6c8da9766f6f9bec156799], 
Trojan.Ransom.Gend, C:\ProgramData\kbxetf.dat, , [e165fd5632493afc697c6f9b7190bf41], 
Trojan.Ransom.Gend, C:\ProgramData\kfhjzis.dat, , [4afcb2a14a315ed8ac3979919e63b848], 
Trojan.Ransom.Gend, C:\ProgramData\kgaueqy.dat, , [d175df74700bba7cd5107397b0511de3], 
Trojan.Ransom.Gend, C:\ProgramData\owauzawo.dat, , [d76fd97ae3989f9771747496f809a060], 
Trojan.Ransom.Gend, C:\ProgramData\paleews.dat, , [92b48ac96b10be7812d3e22813eeab55], 
Trojan.Ransom.Gend, C:\ProgramData\pjbvzuh.dat, , [84c2a5ae8cefa1959154f614629fe818], 
Trojan.Ransom.Gend, C:\ProgramData\pjcuks.dat, , [94b21d36c2b962d414d16c9e9e639a66], 
Trojan.Ransom.Gend, C:\ProgramData\poefwvt.dat, , [5cea2d263546df571ec731d9639eb947], 
Trojan.Ransom.Gend, C:\ProgramData\psdxeirg.dat, , [172fc291f9826dc9598ca26830d18d73], 
Trojan.Ransom.Gend, C:\ProgramData\ptbrolsf.dat, , [03430e45324993a37f66d3370df427d9], 
Trojan.Ransom.Gend, C:\ProgramData\pviovjn.dat, , [02442b2898e390a6c5200a007d84a15f], 
Trojan.Ransom.Gend, C:\ProgramData\pwaopgqf.dat, , [2a1cb49f4c2f47ef28bdc842659cb54b], 
Trojan.Ransom.Gend, C:\ProgramData\pwnxvmz.dat, , [2f177fd4c3b84fe71bca8a8033cee818], 
Trojan.Ransom.Gend, C:\ProgramData\vmqmzqac.dat, , [2e18b2a1f18a89adc61fcc3e768bf709], 
Trojan.Ransom.Gend, C:\ProgramData\vnectpj.dat, , [ad99d67d2754b77f8a5bc24841c007f9], 
Trojan.Ransom.Gend, C:\ProgramData\vpclmcem.dat, , [c581490a4239300639ac4ebc25dc52ae], 
Trojan.Ransom.Gend, C:\ProgramData\vrakzya.dat, , [4ef8f95aceadd561d31276940ef3b848], 
Trojan.Ransom.Gend, C:\ProgramData\vuuvpydi.dat, , [94b27fd40f6cf73fc71ea96132cffe02], 
Trojan.Ransom.Gend, C:\ProgramData\vwavabdp.dat, , [cb7b4b0895e6f0469055709a6e93ee12], 
Trojan.Ransom.Gend, C:\ProgramData\wbayytsv.dat, , [ae985ef5d5a6ad8928bdc04af80936ca], 
Trojan.Ransom.Gend, C:\ProgramData\wcihob.dat, , [7accf75c1d5e0b2b3ea7eb1f6998bd43], 
Trojan.Ransom.Gend, C:\ProgramData\mdnrphw.dat, , [b492c68dc8b3cb6bcc195cae26dbab55], 
Trojan.Ransom.Gend, C:\ProgramData\mivcfum.dat, , [4ef80a4978039d99e7fe4bbf689956aa], 
Trojan.Ransom.Gend, C:\ProgramData\mlnvognl.dat, , [b39385ce8bf074c2d015a169f70ada26], 
Trojan.Ransom.Gend, C:\ProgramData\myqiyyc.dat, , [a0a6094ae695f343766fa565bf42ef11], 

Physical Sectors: 0
(No malicious items detected)


(end)
         
Ein weiterer Hinweis: Die CPU-Auslastung weist trotz keinerlei Arbeit am PC extreme Spikes auf, als ob irgendwelche (versteckte?) Programme im Hintergrund arbeiten würden.
__________________


Alt 20.05.2014, 15:19   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Hi und

Zitat:
Plattform : Windows 7 Professional
Microsoft Office Enterprise 2007
Wozu ein Windows 7 Professional und ein Enterprise Office?
Ist das ein gewerblich genutztes System, wenn nicht warum dann bitte ein Enterprise Office?

Zitat:
127.0.0.1 activate.adobe.com
Na, hat da einer mit Cracks gespielt?

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
__________________

Alt 20.05.2014, 15:26   #4
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Hallo Cosinus,

besten Dank für Dein Feedback!

Ich hab den Laptop vorinstallliert bekommen und gebe zu, die Quellen der Software nicht zu kennen.

Was muss ich tun?

Beste Grüße

Alt 20.05.2014, 15:31   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Wer hat dir das vorinstalliert?
Welche Windows-Edition steht auf dem Lizenzkey? Den findest du auf der Unterseite deines Notebooks. U.U. auch nur im Akku-Fach, also am besten Gerät ausschalten und Akku rausnahmen und im Akku-Fach nachsehen solltest du den Windows-Lizenzkey auf der Unterseite so nicht finden können.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 15:38   #6
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Das war ein Kumpel von mir, der sich mit Computern zumindest deutlich besser auskennt als ich. Ich möchte ja nur darauf arbeiten.

Unten aufm Laptop steht: Windows Vista Bus to Win 7 Pro UPG Media auf einem Aufkleber. Und auf einem anderen Aufkleber steht: Windows Vista Business OEMAct.

Alt 20.05.2014, 15:47   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Zitat:
Zitat von Munich089 Beitrag anzeigen
Das war ein Kumpel von mir, der sich mit Computern zumindest deutlich besser auskennt als ich. Ich möchte ja nur darauf arbeiten.
Na, dann hat er dir zumindest was Illegales von Adobe raufgespielt. Das kannste runterschmeißen sonst geht es hier nicht weiter mit der Bereinigung. Hab ich jab eben schon drauf hin verwiesen.
Zitat:
Unten aufm Laptop steht: Windows Vista Bus to Win 7 Pro UPG Media auf einem Aufkleber. Und auf einem anderen Aufkleber steht: Windows Vista Business OEMAct.
Ok, das scheint ne Upgrade-Lizenz zu sein, also okay.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 15:49   #8
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Ok, mache ich gerne, denn das brauche ich eigentlich eh nicht. Einfach deinstallieren? Bzw. was deinstallieren? Da sind Flashplayer, Reader, Media Player, Captivate Reviewer etc. drauf!

Alt 20.05.2014, 15:51   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Alles deinstallieren was du nicht mehr brauchst und v.a. muss alles runter was illegal ist. Das dürfte sehr wahrscheinlich auch das Enterprise Office sein.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 16:31   #10
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Ok, ich habe via Windows Software -Tool alle Adobe-Produkte (bis auf den Reader) deinstalliert. Das Office-Paket ist laut Aussage meiner Freundin eine Corporate Version im Rahmen einer "Volumenlizenz" (oder so ähnlich?!) ihres Arbeitgebers. Da sie den Laptop auch nutzt, würde sie mich killen, wenn ich das Office Paket auch löschen würde ;-)

Nachtrag: den Adobe Flash Player habe ich auch noch draufgelassen!

Alt 20.05.2014, 22:19   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 23:48   #12
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Voila!


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by ***** (administrator) on ***** on 21-05-2014 00:36:33
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\AtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-08] (Lenovo.)
HKLM\...\Run: [PWMTRV] => C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL [709920 2009-08-23] (Lenovo Group Limited)
HKLM\...\Run: [cssauth] => C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3089720 2009-08-26] (Lenovo Group Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-23] (Google Inc.)
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Run: [sydausa] => regsvr32.exe "C:\ProgramData\sydausa.dat"
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1732376492-3782921457-3814634441-1000\...\MountPoints2: {0d585298-0de9-11e0-a07b-806e6f6e6963} - Q:\LenovoQDrive.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-12-24]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124192 2009-09-04] (Lenovo)
S2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [242976 2009-09-04] (Lenovo)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-09-01] ()
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-09-01] ()
S2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2011-02-18] (Lenovo Group Limited)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S2 Winmgmt; C:\PROGRA~2\2992199F9A\0216.dll [X]

==================== Drivers (Whitelisted) ====================

R3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5073920 2009-08-24] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [5924864 2009-08-24] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 12:22 - 2014-05-20 12:22 - 00001024 _____ () C:\.rnd
2014-05-20 10:16 - 2014-05-20 10:16 - 00201727 _____ () C:\Users\*****\Desktop\Trojaner-Board.txt
2014-05-20 09:21 - 2014-05-20 09:25 - 00022595 _____ () C:\Users\*****\Desktop\GMER.log
2014-05-20 08:53 - 2014-05-20 08:53 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-05-20 08:49 - 2014-05-21 00:21 - 00031660 _____ () C:\Users\*****\Desktop\Addition.txt
2014-05-20 08:48 - 2014-05-21 00:36 - 00018188 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-20 08:48 - 2014-05-21 00:36 - 00000000 ____D () C:\FRST
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 09:25 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:27 - 2014-05-20 09:28 - 00024246 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:36 - 2014-05-20 12:22 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HiJackThis.exe
2014-05-19 22:45 - 2014-05-19 23:15 - 00000000 ____D () C:\Windows\pss
2014-05-19 21:29 - 2014-05-20 00:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 21:29 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 21:29 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:46 - 2014-05-19 15:51 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:29 - 2014-05-19 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-16 17:20 - 2014-05-19 14:00 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-16 15:32 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 10:24 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:24 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:24 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 08:51 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:51 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:51 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:51 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:51 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:51 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:51 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 08:51 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:51 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:51 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 17:49 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 17:49 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 17:49 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 17:49 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 17:49 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 17:49 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 17:49 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 17:49 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 17:49 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 17:49 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 17:49 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 17:49 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 17:49 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 17:49 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 17:49 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 17:49 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 17:49 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 17:49 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 17:49 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 17:49 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 17:49 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 17:49 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-24 09:07 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 09:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 09:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-21 00:36 - 2014-05-20 08:48 - 00018188 _____ () C:\Users\*****\Desktop\FRST.txt
2014-05-21 00:36 - 2014-05-20 08:48 - 00000000 ____D () C:\FRST
2014-05-21 00:35 - 2010-12-25 18:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 00:35 - 2010-12-22 18:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-21 00:33 - 2010-12-25 18:10 - 00000000 ____D () C:\Program Files\Adobe
2014-05-21 00:31 - 2012-04-07 20:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 00:27 - 2010-12-23 13:39 - 00124272 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-21 00:21 - 2014-05-20 08:49 - 00031660 _____ () C:\Users\*****\Desktop\Addition.txt
2014-05-21 00:20 - 2013-07-23 20:41 - 00001156 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
2014-05-20 23:41 - 2010-12-24 17:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 14:18 - 2010-12-22 18:47 - 01120342 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 12:29 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 12:29 - 2009-07-14 06:34 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 12:23 - 2012-08-04 15:32 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-05-20 12:23 - 2012-08-04 15:24 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-05-20 12:22 - 2014-05-20 12:22 - 00001024 _____ () C:\.rnd
2014-05-20 12:22 - 2014-05-20 00:36 - 00001024 _____ () C:\Users\*****\.rnd
2014-05-20 12:22 - 2013-09-17 12:49 - 00020529 _____ () C:\Windows\setupact.log
2014-05-20 12:22 - 2010-12-24 17:51 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 12:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 10:47 - 2013-07-09 10:34 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-20 10:47 - 2013-07-09 10:34 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-20 10:16 - 2014-05-20 10:16 - 00201727 _____ () C:\Users\*****\Desktop\Trojaner-Board.txt
2014-05-20 09:28 - 2014-05-20 08:27 - 00024246 _____ () C:\Users\*****\Desktop\AVSCAN-20140520-015400-125F951F.LOG
2014-05-20 09:25 - 2014-05-20 09:21 - 00022595 _____ () C:\Users\*****\Desktop\GMER.log
2014-05-20 09:25 - 2014-05-20 08:45 - 00000474 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-05-20 09:20 - 2013-07-23 20:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
2014-05-20 08:53 - 2014-05-20 08:53 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-05-20 08:47 - 2014-05-20 08:47 - 01056768 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-05-20 08:45 - 2014-05-20 08:45 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-05-20 08:45 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****
2014-05-20 08:27 - 2010-12-24 18:44 - 00000000 ____D () C:\Users\*****\Salomon
2014-05-20 04:09 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-20 00:45 - 2014-05-20 00:45 - 00001976 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-05-20 00:45 - 2014-05-20 00:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-20 00:04 - 2014-05-19 21:29 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:30 - 2014-05-19 23:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\*****\Desktop\HiJackThis.exe
2014-05-19 23:15 - 2014-05-19 22:45 - 00000000 ____D () C:\Windows\pss
2014-05-19 22:09 - 2010-12-22 18:42 - 00094430 _____ () C:\Windows\PFRO.log
2014-05-19 22:09 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 21:29 - 2014-05-19 21:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-19 16:01 - 2014-05-16 15:32 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-19 15:51 - 2014-05-19 15:51 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00061440 _____ () C:\Windows\system32\config\SAM.rhk
2014-05-19 15:51 - 2014-05-19 15:51 - 00028672 _____ () C:\Windows\system32\config\SECURITY.rhk
2014-05-19 15:51 - 2014-05-19 15:46 - 56680448 _____ () C:\Windows\system32\config\SOFTWARE.rhk
2014-05-19 15:34 - 2014-05-19 15:29 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-05-19 15:29 - 2014-05-19 15:29 - 00000000 ____D () C:\Program Files\Wise
2014-05-19 14:26 - 2010-12-23 13:32 - 00000000 ____D () C:\Users\*****\AppData\Local\VirtualStore
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth-Exchange-Ordner
2014-05-19 14:09 - 2014-05-19 14:09 - 00000000 ____D () C:\Users\*****\AppData\Local\Broadcom
2014-05-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-05-19 14:00 - 2014-05-16 17:20 - 00000000 ___HD () C:\Windows\AxInstSV
2014-05-19 14:00 - 2012-05-25 08:22 - 00000000 ____D () C:\Program Files\Tradesignal Online Chart
2014-05-19 14:00 - 2010-12-25 17:46 - 00000000 ____D () C:\Users\Test
2014-05-19 14:00 - 2010-12-23 03:04 - 00000000 ____D () C:\ProgramData\Lenovo
2014-05-19 14:00 - 2009-07-21 13:47 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-05-19 14:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\Documents\tradesignal
2014-05-16 17:23 - 2014-05-16 17:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\tradesignal
2014-05-15 20:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 19:31 - 2014-05-15 19:31 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DropboxMaster
2014-05-15 19:30 - 2012-08-04 15:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-15 19:19 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-15 10:28 - 2013-07-11 23:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 10:26 - 2010-12-24 12:20 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 14:28 - 2012-04-07 20:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 14:28 - 2011-05-16 07:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:28 - 2010-12-24 18:43 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-05-09 17:27 - 2009-07-21 07:30 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-05-07 17:05 - 2014-05-07 17:05 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-05-06 05:25 - 2014-05-15 10:24 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 10:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 10:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-24 09:08 - 2013-11-06 09:54 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-24 09:07 - 2014-04-24 09:07 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-04-24 09:07 - 2014-04-24 09:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 09:07 - 2012-02-23 09:27 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\avgnt.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0t4crx.dll
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\ose00000.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 08:51] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 12:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---







Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by ***** at 2014-05-21 00:36:59
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ActiveTrader 5.0.0_b15 (HKCU\...\ActiveTrader 5.0.0_b15) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.4.6 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A94000000001}) (Version: 9.4.6 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
ATI Catalyst Install Manager (HKLM\...\{10EBB6AD-673B-EE60-7D3D-7C438E5F9BE5}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.641.1-090825m-087782C-Lenovo - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0825.2146.37269 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0825.2146.37269 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0825.2146.37269 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Dutch (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help English (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help French (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help German (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Italian (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Japanese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Korean (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Spanish (Version: 2009.0825.2145.37269 - ATI) Hidden
CCC Help Swedish (Version: 2009.0825.2145.37269 - ATI) Hidden
ccc-core-static (Version: 2009.0825.2146.37269 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0825.2146.37269 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Client Security - Password Manager (HKLM\...\{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}) (Version: 8.30.0023.00 - Lenovo Group Limited)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Dienstprogramm "ThinkPad UltraNav" (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular-Upgrade (HKLM\...\ElsterFormular für Privatanwender 12.2.2.6665p) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Eraser 6.0.8.2273 (HKLM\...\{392A74D0-4DFE-49F7-87C3-8A61708F8856}) (Version: 6.0.2273 - The Eraser Project)
Free Fire Screensaver (HKLM\...\Free Fire Screensaver) (Version:  - Laconic Software)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Integrated Camera Driver Installer Package Ver.1.27.500.0 (HKLM\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.27.500.0 - RICOH)
Integrated Camera TWAIN (HKLM\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.7.331 - Chicony Electronics Co.,Ltd.)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Lenovo Fingerprint Software (HKLM\...\{2D440AF4-7330-43F0-A085-35DE1A90E703}) (Version: 3.3.0.50 - AuthenTec, Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.13 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Search Enhancement Pack (Version: 1.2.121.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0046 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.06 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.40 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Tradesignal Online Chart (HKLM\...\{2735AEFA-57A5-44AD-81B6-BE30CA07C066}) (Version: 6.3.7.117 - Tradesignal GmbH)
Verizon Wireless Mobile Broadband Self Activation (HKLM\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Anmelde-Assistent (HKLM\...\{B5BCBD49-202F-4238-8398-D83D423A48B4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Toolbar (Version: 14.0.8052.1208 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56) (HKLM\...\8E6CE26AD682E6D46DCCDD39CD93277A2EAF2449) (Version: 07/07/2009 8.1.2.56 - AuthenTec Inc.)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows-Treiberpaket - Ricoh (5U875UVC) Image  (07/08/2009 1.27.500.0) (HKLM\...\E59560E2F5B162D40255FCD327ACA5E989D995D2) (Version: 07/08/2009 1.27.500.0 - Ricoh)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03) (HKLM\...\D91056A9B3130B90EC1BB37F232FA5C4D61DF66F) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04) (HKLM\...\414685941AB074B2478B18498E0CCA85F81CCBE6) (Version: 06/25/2009 6.10.01.04 - Ricoh Company)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03) (HKLM\...\6F84AC23718E31DE66E2EBEDAE047257F4E785D0) (Version: 06/25/2009 6.10.01.03 - Ricoh Company)
Wise Registry Cleaner 8.11 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.11 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2011-06-05 13:28 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

Task: {0DEE7595-F069-449D-B9C9-FC3C78F2B6DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {36991A1E-6A6C-487A-8A5D-8B38DB72BB0D} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {3CFBA15D-48A7-4242-8658-D2779DA6F044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {5245162F-8F9D-42AD-A58A-C31EE8FEE18E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {6AF8D474-2932-4846-9749-69375C8508E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {6B4630C1-04C0-40E6-A068-29B93D900C94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-24] (Google Inc.)
Task: {96BA89CD-37E1-4951-8F32-BA6A465FE18F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {97901924-BA6B-4546-894C-D4FBDE36A724} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {97AC3792-9BD1-45B3-A57F-6EF4DB6B4447} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {B96F4CCE-CE64-4CAD-B9AE-269275568224} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {D5B4032B-7340-4B43-893C-B753E7A189F5} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {EF3D195A-B55E-4A5B-8E41-E27B949690AC} - System32\Tasks\{49C7F31D-7E66-4DDB-A4B5-F1BF4327AFC7} => C:\Program Files\Skype\\Phone\Skype.exe [2013-10-21] (Skype Technologies S.A.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2009-09-01 00:32 - 2009-09-01 00:32 - 00098304 ____N () C:\Windows\system32\DTS.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-22 18:42 - 2009-08-23 20:04 - 00037888 ____N () C:\Program Files\ThinkPad\Utilities\GR\PWMRT32V.DLL
2014-05-20 12:23 - 2014-05-20 12:23 - 00041984 _____ () C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0t4crx.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00065352 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00674632 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00093000 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 04081480 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 00390472 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 01647432 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-05-15 20:25 - 2014-05-08 01:29 - 13695816 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk => C:\Windows\pss\RCIMGDIR.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk => C:\Windows\pss\6120.lnk.Startup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk => C:\Windows\pss\aj7zfy.lnk.Startup
MSCONFIG\startupreg: FingerPrintSoftware => "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2014 01:46:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/20/2014 01:44:17 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/19/2014 03:54:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1440

Startzeit: 01cf7369906005d8

Endzeit: 5

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:28:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5e98

Startzeit: 01cf73660a83ef3b

Endzeit: 0

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:05:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1370

Startzeit: 01cf7362956681bb

Endzeit: 16

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 03:01:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ca0

Startzeit: 01cf736206978372

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2c14

Startzeit: 01cf736124bfad37

Endzeit: 16

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:51:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2610

Startzeit: 01cf736090a0f84c

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1064

Startzeit: 01cf73601f47ebad

Endzeit: 15

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:

Error: (05/19/2014 02:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm hijackthis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1c88

Startzeit: 01cf735f2656b684

Endzeit: 32

Anwendungspfad: C:\Users\*****\Desktop\hijackthis.exe

Berichts-ID:


System errors:
=============
Error: (05/21/2014 00:39:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:38:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:37:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:36:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:28:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:26:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:23:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:04:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126

Error: (05/21/2014 00:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================
Error: (12/10/2013 10:04:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:35:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 138 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:32:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/30/2013 03:30:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21691 seconds with 2880 seconds of active time.  This session ended with a crash.

Error: (02/11/2013 11:50:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4233 seconds with 2520 seconds of active time.  This session ended with a crash.

Error: (05/24/2012 06:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1365 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 2520.03 MB
Available physical RAM: 1020.09 MB
Total Pagefile: 5038.34 MB
Available Pagefile: 3066.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:129.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.25 GB) (Free:5.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 504A2363)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Geändert von Munich089 (20.05.2014 um 23:58 Uhr)

Alt 21.05.2014, 00:28   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2014, 08:00   #14
Munich089
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



da ist das Ding! Auffälligkeit: das Avira-Logo erscheint nicht mehr rechts unten in der Icon-Leiste. Ich hatte den Dienst ja deaktiviert. Das Wartungscenter kommt mit der Meldung ich soll Avira wieder aktivieren. Wenn ich auf die Meldung clicke und Avira bestätige, tut sich allerdings nichts. Wenn ich jedoch über Start/Programme/Avira das Programm öffne, heißt es jedoch der Schutz (Echtzeit + Browser) ist aktiviert, obwohl ich diesen noch nicht wieder aktiviert hatte. Ist das so OK bzw. taucht das Icon irgendwann wieder auf?



Code:
ATTFilter
ComboFix 14-05-19.01 - Markus Schwarz 21.05.2014   8:24.1.2 - x86
ausgeführt von:: c:\users\Markus Schwarz\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\windows\Readme.txt
c:\windows\ru.exe
c:\windows\system32\SET903D.tmp
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-21 bis 2014-05-21  ))))))))))))))))))))))))))))))
.
.
2014-05-21 06:35 . 2014-05-21 06:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-21 05:25 . 2014-04-17 03:32	8050496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{624F5FB2-45AD-4393-8F48-AF120457FF95}\mpengine.dll
2014-05-20 06:48 . 2014-05-20 22:40	--------	d-----w-	C:\FRST
2014-05-19 22:45 . 2014-05-19 22:45	--------	d-----w-	c:\users\Markus Schwarz\AppData\Roaming\SUPERAntiSpyware.com
2014-05-19 22:45 . 2014-05-19 22:45	--------	d-----w-	c:\program files\SUPERAntiSpyware
2014-05-19 22:45 . 2014-05-19 22:45	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2014-05-19 19:29 . 2014-05-19 22:04	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 19:29 . 2014-04-03 07:51	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-19 19:29 . 2014-04-03 07:51	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-19 19:29 . 2014-04-03 07:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-19 19:29 . 2014-05-19 19:29	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-19 19:29 . 2014-05-19 19:29	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-19 13:29 . 2014-05-19 13:34	--------	d-----w-	c:\users\Markus Schwarz\AppData\Roaming\Wise Registry Cleaner
2014-05-19 13:29 . 2014-05-19 13:29	--------	d-----w-	c:\program files\Wise
2014-05-19 12:09 . 2014-05-19 12:09	--------	d-----w-	c:\users\Markus Schwarz\AppData\Local\Broadcom
2014-05-16 15:23 . 2014-05-16 15:23	--------	d-----w-	c:\users\Markus Schwarz\AppData\Roaming\tradesignal
2014-05-16 15:20 . 2014-05-19 12:00	--------	d--h--w-	c:\windows\AxInstSV
2014-05-16 13:32 . 2014-05-19 14:01	--------	d-----w-	c:\programdata\2992199F9A
2014-05-15 17:31 . 2014-05-15 17:31	--------	d-----w-	c:\users\Markus Schwarz\AppData\Roaming\DropboxMaster
2014-05-15 08:24 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-07 15:05 . 2014-05-07 15:05	--------	d-sh--w-	c:\users\Markus Schwarz\AppData\Local\EmieUserList
2014-05-07 15:05 . 2014-05-07 15:05	--------	d-sh--w-	c:\users\Markus Schwarz\AppData\Local\EmieSiteList
2014-04-24 07:07 . 2014-04-14 18:13	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 08:47 . 2013-07-09 08:34	93528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-20 08:47 . 2013-07-09 08:34	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-14 12:28 . 2012-04-07 18:18	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-14 12:28 . 2011-05-16 05:48	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 07:35 . 2010-12-23 19:25	231584	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-20 737872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
.
c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Markus Schwarz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-8 32668056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Markus Schwarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^6120.lnk]
path=c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6120.lnk
backup=c:\windows\pss\6120.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Markus Schwarz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^aj7zfy.lnk]
path=c:\users\Markus Schwarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aj7zfy.lnk
backup=c:\windows\pss\aj7zfy.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-27 21:09	49976	------w-	c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-08-31 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-05-20 430160]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2014-05-20 1039440]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-08-31 1692920]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-08-31 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-08-24 5924864]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:28]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 15:51]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 15:51]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000Core.job
- c:\users\Markus Schwarz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23 18:41]
.
2014-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1732376492-3782921457-3814634441-1000UA.job
- c:\users\Markus Schwarz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-23 18:41]
.
2014-03-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-sydausa - c:\programdata\sydausa.dat
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4064)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-21  08:44:01 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-21 06:44
.
Vor Suchlauf: 13 Verzeichnis(se), 141.769.973.760 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 142.865.412.096 Bytes frei
.
- - End Of File - - A1D8E72054BB7E6AC6D80AB7655A6563
FB04B46BFD351D0484624D390F1BA191
         

Geändert von Munich089 (21.05.2014 um 08:08 Uhr)

Alt 21.05.2014, 11:39   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Standard

Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten



Mach dir mal wegen Avira nicht ins Hemd, das Teil ist eh fast unbrauchbar und wird von uns schon lange nicht mehr empfohlen. Deinstalliere Avira einfach, wenn wir hier durch sind kannst du dich um einen Ersatz kümmern. Wenn Avira weg ist machst du so weiter:

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten
association, ausgelastet, bonjour, branding, dringend, fehler beim laden des moduls, festplatte, flash player, hdd0(c:, highjackthis, hijack, hijackthis, homepage, pup.optional.1clickdownload.a, pup.optional.softonic.a, server, super, svchost.exe, trojan.ransom.gend, vista, windows



Ähnliche Themen: Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten


  1. Windows 7 Bluescreen beim hochfahren
    Alles rund um Windows - 19.07.2015 (16)
  2. Windows 7: Nach Windows-Update schwarzer Bildschirm beim Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (3)
  3. beim Hochfahren von Vista kommt immer diese Fehlermeldung c:\program files(x86)\hometab\tbupdater.dll
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (9)
  4. Fehlermeldung rundll - c:\program beim Start von Windows + extrem langsamer Laptop
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (15)
  5. Windows 7 - Probleme beim Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 20.07.2014 (21)
  6. Problem beim Starten von windows Vista C:\Program files (X86)\Hometab\TBUpdater.dll kommt nach hochfahren des PC
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (10)
  7. Problem beim Starten von C:\Program files (X86)\Hometab\TBUpdater.dll kommt nach hochfahren des PC
    Plagegeister aller Art und deren Bekämpfung - 31.05.2014 (13)
  8. Windows 7 meldet nach dem hochfahren "******App/Data/Local/Temp/b34btbztdb0vavaw.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 11.01.2014 (9)
  9. Kaspersky startet nicht beim hochfahren im Autostart
    Alles rund um Windows - 30.11.2013 (1)
  10. Windows 8: RunDLL - Problem beim Starten von C:\Program Files (86x)\Home Tab\TBUpdater.dll
    Log-Analyse und Auswertung - 27.10.2013 (5)
  11. Windows 7: Beim Hochfahren "Problem beim Starten von...Babsolution\shared enhancedNT.dll"
    Log-Analyse und Auswertung - 07.09.2013 (11)
  12. Problem beim Windows 7 Start program files\hometab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (13)
  13. Windows Fehler beim Hochfahren
    Alles rund um Windows - 07.02.2013 (14)
  14. Bluescreen beim Hochfahren von windows xp!
    Alles rund um Windows - 17.11.2011 (5)
  15. Bekomme beim Starten von Windows 7, 2 Fehlermeldungen! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2010 (4)
  16. Fehlermeldungen beim Windows-Update(XP)
    Alles rund um Windows - 15.08.2008 (11)
  17. Windows spinnt beim Hochfahren
    Alles rund um Windows - 17.03.2007 (4)

Zum Thema Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten - Hallo, erstmal vorab schon herzlichen Dank für eure Anleitung, ihr seid echt super! Seit gestern macht mich mein Computer fertig, den ich (leider) auch dringend zum Arbeiten benötige. Aufgetretene Probleme: - Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten...
Archiv
Du betrachtest: Windows 7: Haufenweise Autostart- und Program-Data-Fehlermeldungen beim Hochfahren + sonstige Abnormalitäten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.