Bitte Hilfe - Windows Verschlüsselungs-Trojaner

emu2711 · 25.04.2012, 18:57

Hallo zusammen,

wie bei anderen auch kann ich Windows Vista nicht mehr hochfahren. "Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert."

An die E-Mail komme ich leider nicht mehr ran. Ein zweiter PC mit Internetverbindung steht mir zur Verfügung.

Hier das OTL-Logfile: (ohne Skript, wegen "Out of memory"-Meldung)

Zitat:

OTL logfile created on: 4/25/2012 8:22:38 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 429.23 Gb Total Space | 265.59 Gb Free Space | 61.88% Space Free | Partition Type: NTFS
Drive D: | 596.02 Gb Total Space | 427.00 Gb Free Space | 71.64% Space Free | Partition Type: FAT32
Drive E: | 19.99 Gb Total Space | 9.73 Gb Free Space | 48.66% Space Free | Partition Type: FAT32
Drive F: | 149.04 Gb Total Space | 73.69 Gb Free Space | 49.44% Space Free | Partition Type: NTFS
Drive J: | 146.93 Gb Total Space | 109.05 Gb Free Space | 74.22% Space Free | Partition Type: NTFS
Drive K: | 3.77 Gb Total Space | 0.86 Gb Free Space | 22.85% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2012/04/14 11:47:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 03:42:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 03:42:26 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/01/31 03:42:22 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/01/31 03:42:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/31 03:42:21 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 14:30:27 | 003,446,736 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/12/14 07:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 07:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/08/31 21:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/20 20:00:44 | 005,738,096 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/08/20 19:59:52 | 000,809,224 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/12 06:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/06/07 12:39:10 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/10/13 03:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/27 11:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Disabled] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/03/06 16:26:24 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009/01/28 03:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/08/07 04:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 08:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/12/14 12:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/04/25 11:01:01 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/01/31 03:43:04 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 03:43:04 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/01/31 03:43:03 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012/01/31 03:43:02 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2011/12/18 14:34:44 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2011/12/18 14:30:30 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/12/18 14:30:23 | 000,766,208 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/12/18 14:30:21 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/18 14:29:01 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2011/12/18 14:28:58 | 000,170,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/18 14:28:56 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/09/22 12:10:46 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/09/16 10:36:13 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/23 04:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/17 09:22:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/24 06:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2009/03/25 13:47:17 | 000,834,944 | ---- | M] (Animation Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVHybrid.sys -- (LVHybrid)
DRV - [2009/03/18 12:34:12 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2008/12/01 18:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/11 13:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/10/03 12:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008/09/02 10:03:54 | 000,168,704 | ---- | M] (10moons Technologies Co.,Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tridvid.sys -- (TridVid)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/10/11 21:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2007/09/21 04:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/07/27 06:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 04:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006/11/10 10:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Hansemann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Hansemann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Hansemann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Hansemann_ON_C\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKU\Hansemann_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKU\Hansemann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Hansemann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.2.106
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B5fa223fc-d65d-4229-8d38-c03fbc5b3f1e%7D&mid=37a41e871bb547d1b629d16d67fd064a-7825aafef957056648c3dd8cebea9f34312ebc5c&ds=tt014&v=8.0.0.40&lang=de&pr=sa&d=2011-12-13%2018%3A21%3A43&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Hansemann\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hansemann\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hansemann\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/27 11:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/15 04:21:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/21 10:08:23 | 000,000,000 | ---D | M]

[2009/04/16 09:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Extensions
[2009/07/30 03:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/04/15 04:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\extensions
[2009/09/02 06:54:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/28 05:41:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/03 14:26:02 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/03/17 08:08:52 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\extensions\toolbar@ask.com
[2011/12/13 13:21:25 | 000,003,741 | ---- | M] () -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\searchplugins\avg-secure-search.xml
[2011/07/11 14:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Hansemann\AppData\Roaming\Mozilla\Firefox\Profiles\qv7nyr5g.default\searchplugins\startsear.xml
[2012/04/15 04:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 09:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/06 12:35:01 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
File not found (No name found) --
() (No name found) -- C:\USERS\HANSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QV7NYR5G.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\HANSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QV7NYR5G.DEFAULT\EXTENSIONS\FIREPHPEXTENSION-BUILD@FIREPHP.ORG.XPI
() (No name found) -- C:\USERS\HANSEMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QV7NYR5G.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012/03/13 00:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 13:32:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 06:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/03/13 01:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/06 16:24:34 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/13 01:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 01:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 01:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 01:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKU\Hansemann_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Hansemann_ON_C\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKU\Hansemann_ON_C\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DTVRemote] C:\Program Files\LifeView DTV\RemoteControl.exe ()
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartSoft PDF Printer Agent] C:\Program Files\Smart PDF Converter Pro\sspdfagent.exe ()
O4 - HKLM..\Run: [SmartSoft PDF Printer virtual printer agent] C:\Program Files\Smart PDF Converter Pro\sspdfagent.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] File not found
O4 - HKU\Hansemann_ON_C..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\Hansemann_ON_C..\Run: [CE8AA895] C:\Users\Hansemann\AppData\Roaming\Tpooppppp\17CE0B8DCE8AA895D6CC.exe (THHiq)
O4 - HKU\Hansemann_ON_C..\Run: [Realtecdriver] C:\Users\Hansemann\AppData\Roaming\Realtec\Realtecdriver.exe (THHiq)
O4 - HKU\Hansemann_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Hansemann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\Hansemann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\coverdes.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\fotomaker.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\googleearth.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\idriver2.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\lifeviewdvb.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4af184b5-af65-11de-9eb9-00242119efb9}\Shell - "" = AutoRun
O33 - MountPoints2\{4af184b5-af65-11de-9eb9-00242119efb9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 11:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/04/25 11:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/25 10:22:13 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Users\Hansemann\Desktop\IsoBurner-Setup.exe
[2012/04/25 10:18:41 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Hansemann\Desktop\OTLPENet.exe
[2012/04/25 02:44:32 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\AppData\Roaming\Tpooppppp
[2012/04/25 02:44:24 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\AppData\Roaming\Realtec
[2012/04/21 09:12:16 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\Documents\Eigene Projekte
[2012/04/21 06:37:29 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\AppData\Roaming\CD-DVD Druckerei 7
[2012/04/15 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/04/15 12:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/04/15 12:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2012/04/15 04:09:08 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\Documents\Downloads
[2012/04/14 03:59:06 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2012/04/12 11:55:39 | 000,636,104 | ---- | C] (WPCubed GmbH) -- C:\Windows\System32\wPDF_X01.ocx
[2012/04/12 11:55:38 | 000,905,216 | ---- | C] (Fath Software ( www.fathsoft.com )) -- C:\Windows\System32\barcodex.ocx
[2012/04/12 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\Documents\Eigene Etiketten
[2012/04/12 11:29:59 | 000,135,168 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.inet.dll
[2012/04/12 11:29:58 | 001,798,144 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui.dll
[2012/04/12 11:29:58 | 001,146,880 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.edit.dll
[2012/04/12 11:29:58 | 001,032,192 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.dll
[2012/04/12 11:29:58 | 000,790,528 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.dll
[2012/04/12 11:29:58 | 000,663,552 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.dll
[2012/04/12 11:29:58 | 000,651,264 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.prn.dll
[2012/04/12 11:29:58 | 000,499,712 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui2.dll
[2012/04/12 11:29:58 | 000,339,968 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.ass.dll
[2012/04/12 11:29:58 | 000,303,104 | ---- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.ikw.dll
[2012/04/12 10:36:16 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2012/04/12 10:36:16 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2012/04/12 10:36:16 | 000,255,656 | ---- | C] (MIIK Ltd) -- C:\Windows\System32\CDTextReader.dll
[2012/04/12 10:36:16 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx
[2012/04/12 10:36:16 | 000,172,032 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7VectCom.dll
[2012/04/12 10:36:16 | 000,094,208 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Wmf.dll
[2012/04/12 10:36:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdlgde.dll
[2012/04/12 10:36:15 | 001,142,784 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfP21.dll
[2012/04/12 10:36:15 | 000,516,096 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfSfc.dll
[2012/04/12 10:36:15 | 000,249,856 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Effect.dll
[2012/04/12 10:36:15 | 000,229,376 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7J2k.dll
[2012/04/12 10:36:15 | 000,200,704 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Tiff.dll
[2012/04/12 10:36:15 | 000,200,704 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Png.dll
[2012/04/12 10:36:15 | 000,159,744 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Jpeg.dll
[2012/04/12 10:36:15 | 000,151,552 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Fpx.dll
[2012/04/12 10:36:15 | 000,126,976 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Com.dll
[2012/04/12 10:36:15 | 000,122,880 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Print.dll
[2012/04/12 10:36:15 | 000,118,784 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Svg.dll
[2012/04/12 10:36:15 | 000,118,784 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Dxf.dll
[2012/04/12 10:36:15 | 000,102,400 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7File.dll
[2012/04/12 10:36:15 | 000,102,400 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Emf.dll
[2012/04/12 10:36:15 | 000,098,304 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Scan.dll
[2012/04/12 10:36:15 | 000,061,440 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Bmp.dll
[2012/04/12 10:36:15 | 000,057,344 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Gif.dll
[2012/04/12 10:36:15 | 000,053,248 | ---- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Pcx.dll
[2012/04/12 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\AppData\Roaming\ProtectDisc
[2012/04/12 09:50:46 | 000,000,000 | ---D | C] -- C:\Users\Hansemann\Documents\DATA BECKER Druckereien
[2012/04/12 05:01:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 05:01:25 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 05:01:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/12 05:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 05:01:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 05:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 05:01:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 04:59:24 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/12 04:59:23 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/02 03:54:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 11:35:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 11:00:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/25 10:53:21 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Hansemann\Desktop\OTLPENet.exe
[2012/04/25 10:24:30 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Users\Hansemann\Desktop\IsoBurner-Setup.exe
[2012/04/25 10:04:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2012/04/25 10:04:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 10:04:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 09:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 09:22:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 09:10:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 03:02:42 | 000,001,858 | ---- | M] () -- C:\mod_jsudoku[1]
[2012/04/25 02:35:53 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/25 02:35:53 | 000,637,344 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/25 02:35:53 | 000,147,276 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/25 02:35:53 | 000,120,848 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/23 10:44:10 | 000,000,600 | ---- | M] () -- C:\Users\Hansemann\AppData\Roaming\winscp.rnd
[2012/04/22 14:08:18 | 000,005,812 | ---- | M] () -- C:\Users\Hansemann\Desktop\KV 549 Piu non si.odt
[2012/04/22 04:47:44 | 000,004,941 | ---- | M] () -- C:\Users\Hansemann\Desktop\KV 346 Luci care.odt
[2012/04/21 12:48:31 | 000,838,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/21 10:17:59 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000ED4.LCS
[2012/04/21 09:14:10 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\CD-DVD Druckerei 7.lnk
[2012/04/20 08:46:19 | 000,497,792 | ---- | M] () -- C:\Windows\System32\SSPDF
[2012/04/19 03:33:28 | 000,004,894 | ---- | M] () -- C:\Users\Hansemann\Desktop\Festkonzert Philippe Jaroussky Und Marie.odt
[2012/04/15 12:08:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2012/04/15 12:07:58 | 000,000,792 | ---- | M] () -- C:\Users\Hansemann\Desktop\SopCast.lnk
[2012/04/15 09:42:12 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000018EB.LCS
[2012/04/15 04:21:39 | 000,000,874 | ---- | M] () -- C:\Users\Hansemann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/15 04:21:39 | 000,000,862 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/15 04:21:39 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/14 11:47:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 11:47:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/14 03:59:31 | 000,002,449 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/04/14 03:58:44 | 000,002,437 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/04/13 06:04:38 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/12 18:51:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Cinema
[2012/04/12 12:35:42 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001030.LCS
[2012/04/12 12:33:41 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Etiketten-Druckerei 7.lnk
[2012/04/12 12:33:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER
[2012/04/12 10:03:25 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Glückwunsch-Druckerei 12.lnk
[2012/04/12 05:11:12 | 000,000,940 | ---- | M] () -- C:\Users\Hansemann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/04/11 04:21:35 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000B56.LCS
[2012/04/10 11:48:54 | 000,000,836 | ---- | M] () -- C:\Windows\wiso.ini
[2012/04/03 05:34:28 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000182.LCS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/22 14:08:16 | 000,005,812 | ---- | C] () -- C:\Users\Hansemann\Desktop\KV 549 Piu non si.odt
[2012/04/22 04:38:27 | 000,004,941 | ---- | C] () -- C:\Users\Hansemann\Desktop\KV 346 Luci care.odt
[2012/04/21 09:14:10 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\CD-DVD Druckerei 7.lnk
[2012/04/19 03:33:25 | 000,004,894 | ---- | C] () -- C:\Users\Hansemann\Desktop\Festkonzert Philippe Jaroussky Und Marie.odt
[2012/04/15 12:07:58 | 000,000,792 | ---- | C] () -- C:\Users\Hansemann\Desktop\SopCast.lnk
[2012/04/12 12:35:34 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001030.LCS
[2012/04/12 12:33:41 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Etiketten-Druckerei 7.lnk
[2012/04/12 11:55:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\pdf417enc.dll
[2012/04/12 11:30:20 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000ED4.LCS
[2012/04/12 10:07:13 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000018EB.LCS
[2012/04/12 10:03:25 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Glückwunsch-Druckerei 12.lnk
[2012/04/02 03:54:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/30 10:17:43 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/04/04 13:57:35 | 000,000,117 | ---- | C] () -- C:\Users\Hansemann\AppData\Roaming\default.rss
[2010/12/21 10:58:49 | 000,000,138 | ---- | C] () -- C:\Windows\Readiris.ini
[2010/11/09 12:46:18 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/09/13 08:42:01 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010/07/27 12:06:45 | 000,004,096 | -H-- | C] () -- C:\Users\Hansemann\AppData\Local\keyfile3.drm
[2010/05/26 05:16:51 | 000,000,836 | ---- | C] () -- C:\Windows\wiso.ini
[2010/04/15 10:31:02 | 003,783,168 | ---- | C] () -- C:\Program Files\capella_reader.exe
[2010/04/12 13:23:49 | 000,038,430 | ---- | C] () -- C:\Users\Hansemann\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009/12/30 07:48:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VendorCmdRW.dll
[2009/12/03 04:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 02:00:37 | 000,000,234 | ---- | C] () -- C:\Users\Hansemann\AppData\Roaming\wklnhst.dat
[2009/10/06 12:06:37 | 000,000,600 | ---- | C] () -- C:\Users\Hansemann\AppData\Roaming\winscp.rnd
[2009/09/11 03:35:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 03:35:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/06 12:40:25 | 000,000,097 | ---- | C] () -- C:\Users\Hansemann\AppData\Local\fusioncache.dat
[2009/05/04 14:15:12 | 000,028,160 | ---- | C] () -- C:\Windows\System32\sspdfpm.dll
[2009/04/16 09:54:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/03/25 13:47:17 | 000,003,072 | ---- | C] () -- C:\Windows\System32\LV34CoInst.dll
[2009/03/25 13:06:12 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2009/03/07 07:07:12 | 000,001,494 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/03/07 07:01:34 | 000,000,488 | ---- | C] () -- C:\Windows\WINLABEL.INI
[2009/03/06 16:01:40 | 000,012,184 | ---- | C] () -- C:\Windows\German.ini
[2009/03/06 12:05:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/03/06 12:04:07 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/03/06 11:44:29 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2009/03/05 12:41:14 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/03/04 06:48:25 | 000,098,816 | ---- | C] () -- C:\Users\Hansemann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 17:02:01 | 000,049,152 | ---- | C] () -- C:\Windows\AutoSet.dll
[2009/03/03 17:02:01 | 000,000,097 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2008/12/18 07:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/10 10:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008/12/10 09:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/12/01 16:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/01 16:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/11/24 13:37:33 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/11/24 13:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/11/24 13:37:33 | 000,147,276 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/11/24 13:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/11/24 05:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/30 10:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/21 13:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/10/21 13:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2007/06/05 08:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/24 07:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,838,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,637,344 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,848 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/01/26 18:00:00 | 000,114,816 | ---- | C] () -- C:\Windows\System32\MSMT4232.DLL

========== LOP Check ==========

[2009/03/04 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Acronis
[2012/01/29 12:08:29 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Babylon
[2010/05/26 05:16:55 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Buhl Data Service
[2009/05/08 13:36:28 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\capella-software
[2012/04/21 09:12:21 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\CD-DVD Druckerei 7
[2009/03/06 10:52:33 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\CD-LabelPrint
[2011/11/28 18:33:17 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/12 06:02:53 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2010/03/17 08:10:14 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\eXPert PDF 6
[2009/08/17 03:26:59 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\eXPert PDF Editor
[2011/04/29 10:02:00 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\FDRLab
[2011/11/30 10:28:50 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Fujitsu
[2012/03/04 13:48:41 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\gtk-2.0
[2010/11/24 10:40:05 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\iSpring Solutions
[2010/03/17 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\KeePass
[2012/02/24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\MAGIX
[2009/03/06 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\MAGIX Fotobuch
[2009/03/04 14:56:39 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\MatchWare
[2011/12/11 11:26:30 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\PFU
[2012/04/21 07:40:41 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\ProtectDisc
[2011/03/07 14:09:09 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\PTV AG
[2010/03/17 08:08:38 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\saveTV
[2011/12/07 03:10:47 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Systweak
[2009/03/03 18:01:07 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\TeamViewer
[2009/11/04 09:36:04 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Template
[2009/07/30 03:19:44 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\TomTom
[2012/04/25 02:44:32 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Tpooppppp
[2011/10/16 12:45:41 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\TuneUp Software
[2009/03/29 09:17:32 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Ulead Systems
[2010/05/02 13:03:07 | 000,000,000 | ---D | M] -- C:\Users\Hansemann\AppData\Roaming\Uniblue
[2012/04/25 10:06:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/25 10:04:59 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========

< End of report >

Kann hier jemand helfen bitte?

markusg · 25.04.2012, 19:18

hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O4 - HKU\Hansemann_ON_C..\Run: [Realtecdriver] C:\Users\Hansemann\AppData\Roaming\Realtec\Realtecdriver.exe (THHiq)
O4 - HKU\Hansemann_ON_C..\Run: [CE8AA895] C:\Users\Hansemann\AppData\Roaming\Tpooppppp\17CE0B8DCE8AA895D6CC.exe (THHiq)
:Files
C:\Users\Hansemann\AppData\Roaming\Realtec
C:\Users\Hansemann\AppData\Roaming\Tpooppppp
:Commands

[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

emu2711 · 26.04.2012, 13:55

Hi

konnte gestern Nacht den PC noch normal hochfahren. Antivir hat das Problem scheinbar erkannt.

Jetzt sind jedoch zahlreiche Dateien verschlüsselt.
Soll ich die von Dir oben angegebenen Schritte jetzt ausführen, oder was ist jetzt zu tun?

Danke für Deine Hilfe!

markusg · 26.04.2012, 16:33

kommst du jetzt wieder an die mail?
wenn du sie in nem mailprogramm gespeichert hast, dann mal markieren, datei speichern unter, und abspeichern
dann mail an:
http://markusg.trojaner-board.de
und die datei anhängen.
wenn du über nen webmailer gehst, sag mir welchen bitte

emu2711 · 26.04.2012, 16:49

Leider nein.
Mail wurde schon gelöscht. Papierkorb ist leider auch leer.

markusg · 26.04.2012, 17:08

bitte bekannte und verwannte warnen, wenn du solche mails noch mal erhältst, teile es mir mit.
wegen der entschlüsselung melde ich mich, nichts selber machen erst mal

markusg · 27.04.2012, 16:14

mache ein backup deiner dateien die verschlüsselt sind
dann entschlüsseln:
http://www.trojaner-board.de/114224-...-unlocker.html
teile mir mit obs geklappt hatt

emu2711 · 28.04.2012, 12:45

Hat geklappt. Konnte alle Dateien wiederherstellen.
Vielen Dank für die Hilfe!

markusg · 28.04.2012, 17:37

dafür sind wir hier.
bis du alle deine dateien auf funktion getestet hast, die verschlüsselten nicht löschen.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

26.04.2012, 17:08	#6
markusg /// Malware-holic	Bitte Hilfe - Windows Verschlüsselungs-Trojaner bitte bekannte und verwannte warnen, wenn du solche mails noch mal erhältst, teile es mir mit. wegen der entschlüsselung melde ich mich, nichts selber machen erst mal __________________ --> Bitte Hilfe - Windows Verschlüsselungs-Trojaner

Bitte Hilfe - Windows Verschlüsselungs-Trojaner

Log-Analyse und Auswertung: Bitte Hilfe - Windows Verschlüsselungs-Trojaner