Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert

Cratzmueller · 27.04.2012, 21:07

Hallo,
da es genauso wie bei meinen Vorgängern war macht es vielleicht keinen Sinn alles nochmal aufzuschreiben. Nach dem Hochfahren startet Windows und dann der Schwarze Bildschirm mit dem Weisen Feld: Sie haben sich... Dies passiert seitdem ich gestern blöderweise auf einen email-Anhang geklickt hatte.

Den infizierten Rechner kann ich nur noch im gesicherten modus starten komme dann aber nichts ins Internet und nirgendwo hin. Der infizierte Rechner hat das Betriebssystem Windows 7.

Ich habe mir bereits wie in den andern Fällen beschrieben, mittels isoburner die CD OTLPENet.exe gebrannt. Dazu verwendete ich einen anderen Rechner (Betriebssystem Windows XP).

Das Booten von der CD auf dem infizierten Rechner (Windows 7) funktionierte. Es kam dann auf schwarzem Bildschirm mit Balken "Starting Reatogot-X-PE...". Als der Balken fertig nach rechts gelaufen war, lief das CD Laufwerk für einige Minuten geräuschvoll weiter. Nach einer Weile kam ganz der Windows-Start-Bildschirm und danach ein Blue screen, "A problem has been detected..."
Technical Information:
***STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

Es blieb dann nur noch den infizierten Rechner wieder auszuschalten.
Mir ist aufgefallen, die andern im Forum hatten Windows XP auf dem Rechner ich hingegen Windows 7. Liegt es daran?

Infizierter Rechner ist das Laptop Lenovo B570

Jetzt bin ich ratlos.

Danke im voraus

Gruß
Cratzmueller

kira · 28.04.2012, 09:47

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hast Du mit OTLPE alles richtig gemacht? ISO auf CD gebrannt? Sollte der PC von der CD starten, hast Du das im BIOS geändert?

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
gehe ins Internet über "Abgesicherter Modus mit Netzwerktreibern"
Drücke beim Hochfahren des rechners [F8] solange, bis Du 3 auswahlmöglichkeiten hast:

-> wähle hier:
Abgesicherter Modus mit Netzwerktreibern
Falls kein Erfolg damit hast, dann eben auf einem Zweitrechner installieren und per USB übertragen

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

Zitat:

Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
das Malwarebytes nochmal updaten-> erneut einen Vollscan machen-> Ergebnis posten

4.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Cratzmueller · 28.04.2012, 18:15

Hallo Kira,
vielen dank für die sehr freundliche Unterstützung.
Ich hoffe, ich habe alles einigermaßen richtig gemacht. Ich komme wieder im normalen modus in meinen Rechner.

Eines war vielleicht falsch bzw. nicht wie von dir beschrieben. Nach dem ersten Durchlauf von Malwarebytes kommte ich wieder normal starten. Dann meldete sich sofort AVIRA, dass es noch was "Böses" gäbe. Nachdem ich auf "Details" geklickt hatte, startete eine Art scan und AVIRA bot die Option das Böse in ein Quarantäne zu verschieben was ich dann auch freigegeben habe. Ich habe die AVIRA Meldung aufgeschrieben (siehe unten).

Nach den scan läufen der verschiedenen Programme habe ich nichts weiter gemacht. Weis also noch nicht ob dateien verschlüsselt oder unbrauchbar gemacht worden sind.

Nochmals vielen Dank für die Super Anleitung.

Gruß
Cratzmueller

Hier die Posts bzw. der Ablauf was passiert ist:

1)
Erster Malwarebytes Durchlauf (im gesicherten modus)

*

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Claus :: CLAUS-LAPTOP [Administrator]

28.04.2012 18:07:26
mbam-log-2012-04-28 (18-07-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349188
Laufzeit: 27 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|EA1CB92D (Trojan.Agent.SZ) -> Daten: C:\Users\Claus\AppData\Roaming\Yypmy\4C2A73A2EA1CB92D8DEA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Claus\AppData\Roaming\Yypmy\4C2A73A2EA1CB92D8DEA.exe (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Claus\AppData\Local\Temp\bsbrsbriln.pre (Trojan.Agent.SZ) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

*

2)
Nach Neustart dann im normalen modus hier der AVIRA Sicherheitshinweis:

In der Datei C:\Windows\SysWOW64\d3dyjvzlg.dll wurde ein Virus oder unerwünschtes Programm 'TR/ATRABPS.GEN' gefunden.
Der Zugriff auf diese Datei wurde verweigert.

Dies wurde nach Rückfrage in Quarantäne verschoben.

3)
Jetzt weiter im normalen modus (ohne neustart) der zweite Malwarebyte Durchgang.

*

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Claus :: CLAUS-LAPTOP [Administrator]

28.04.2012 19:05:37
mbam-log-2012-04-28 (19-05-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350039
Laufzeit: 59 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

*

4)
Jetzt der Durchlauf von OTL die beiden Log Dateien:

1. otl.txt

*OTL Logfile:
OTL EXTRAS Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 28.04.2012 21:20:13 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Claus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,93% Memory free
7,83 Gb Paging File | 5,99 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 362,44 Gb Free Space | 85,93% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-LAPTOP | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\WebCam\S6000\S6000Mnt.exe (Alcor)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (EgisTec Service Help) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (EgisTecFF) -- C:\Windows\SysNative\drivers\EgisTecFF.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (S6000KNT) -- C:\Windows\SysNative\drivers\S6000KNT.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
 
 
========== Standard Registry (SafeList) ==========

*

jetzt das andere Log von otl (Extras.txt)

*

Code:

ATTFilter

OTL Extras logfile created on: 28.04.2012 21:20:13 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Claus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,93% Memory free
7,83 Gb Paging File | 5,99 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 362,44 Gb Free Space | 85,93% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-LAPTOP | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03405566-0BE6-4EB7-805F-E865B23E77EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{078079D4-7A96-441F-B8F7-30083E88DF0F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{251C1FFC-0092-4E98-A057-0CEC2C7788A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32DC0E2E-1623-4501-9D95-F2DBF0A9C5B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{37CB765E-4014-432A-80CF-F4125B20B4DC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3D84B58C-1779-42D6-BC7C-FA47997C71CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{529E5CC9-FADD-4A1A-A0AF-D9D9D1EA90A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{595066E3-ECA3-465C-A564-28B273934B9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6599C1F4-571F-4248-943F-74B01293ED7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74995629-08D3-4B03-A244-269AB505EF5B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7DDC1541-F199-42DF-98B6-7DC61C5064BE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{80692AEB-F51E-4856-A0E7-355E36E568E5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0C86C60-815D-4953-B067-8C23F574E17B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF1E18AA-4817-4539-93F9-1E89F02C3C45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B09744E0-E149-4CE2-AF52-41168F493CB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6580F66-15B9-4BC5-9C5A-3A4B10DE6440}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C9EDB455-4249-4820-AF10-1C506B8FC042}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D44F66D6-96BD-4751-BF81-C2B1C350F64D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D591646D-28FD-461F-AE05-32DCF5141AAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DCC88700-D4AB-4D93-890D-6DCEAF412A4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0DC44D5-9643-4D59-8DE9-19CD28EC02D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E523946E-672F-4A28-A52C-83673CE4BF7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E90599B5-A04B-42A6-8E7F-5E22F4FB1210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F12DCBAB-06ED-4038-B998-3673D6FAB529}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F8A52307-97DB-4C8A-B3F4-A57F21CF887D}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E1DA456-8665-4C05-8B10-021EC7610A1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{269DEE18-E333-4C1C-8778-9E46206E4E88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3B269CCC-E22D-4EE2-A86A-1E6E3A414A04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3EFA41D9-2C3C-4FE0-9CA9-AF53BA37BDB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{466B1B92-E57A-4B73-AD93-E432ED78418B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59290895-E423-4C3A-B696-4373297EE6E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5EE5E768-7A92-452D-997F-654B8813D3A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AE6A9DC-35F9-4A4A-AE4D-898D72E404ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6C905B47-72CB-418A-BBF9-4539BB1E1065}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E4BACE4-76EA-4261-A9E5-491705E6C7D0}" = protocol=6 | dir=out | app=system | 
"{7146EA60-FE55-48E0-B6E6-446E2498E861}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78C224DA-E4EF-40FB-98E6-1073686CF4B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{87898AEE-AB57-4AA6-8EE4-E58CCB9E4805}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{901874EB-8EF8-4932-AC28-8B8719095530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91FC0150-7FDD-46EF-A4B1-6C22758BDCD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9891FD24-B20B-4818-A52D-E1224726603C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B0DD4A55-8E65-417F-9263-7FC6BA43F534}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC76096F-0425-4ADF-A54B-F0192B87515B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C04C8BA5-E1A0-4B54-998D-EA5D4EF5634A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2BDE116-E46D-4CCB-BEEE-EEB2A1F3BD36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C854783E-2341-475E-9D3A-99B86654B81A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{DF2BB6D1-A9BD-4CFA-AF4E-4175DE6C29CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E09C7971-8406-4FE7-A06B-1ED385641925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68AFE8E-4A04-4430-AE2C-4A39311EECDF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EAEB9145-A91F-42A7-B59C-795D5A806680}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"TCP Query User{2A22C681-A946-4C7C-97C4-BE68042A15B5}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{40BAFDDF-241D-4334-9471-EDE3BE5F13AD}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{FF8A887E-E0D2-4154-B025-8D944E279F4E}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
"UDP Query User{26212561-A51F-440E-91FB-397A0918FBB7}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{68680EE4-BFBD-475D-AE6C-736372E5D1C7}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{F3D5BA24-DA39-4BB2-AAB5-B93542806D8E}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = Lenovo EasyCamera
"Avira AntiVir Desktop" = Avira Free Antivirus
"BASIC++_is1" = BASIC++ 1.0
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"FileZilla Client" = FileZilla Client 3.5.3
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MeshLab" = MeshLab 1.3.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"netfabb" = netfabb Studio
"OpenVPN" = OpenVPN 2.2.2
"Scratch" = Scratch
"SiSy3 AVR" = SiSy3 AVR
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2012 04:03:30 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.04.2012 11:29:35 | Computer Name = Claus-laptop | Source = RasClient | ID = 20227
Description = 
 
Error - 07.04.2012 11:30:29 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.04.2012 14:46:55 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2012 11:48:52 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2012 02:49:54 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2012 11:25:48 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.04.2012 03:24:56 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2012 04:53:00 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.04.2012 11:12:16 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:23:51 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.04.2012 15:24:22 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 27.04.2012 15:13:26 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
 
< End of report >

--- --- ---

--- --- ---

--- --- ---
*
--- --- ---
*[code]

5)
jetzt die Liste der Programme von CCleaner

Code:

ATTFilter

Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	17.01.2012	6,00MB	11.1.102.55
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	14.12.2011	6,00MB	11.1.102.55
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	14.02.2012	121,1MB	10.1.2
Atheros Client Installation Program	Atheros	29.11.2011		7.0
Avira Free Antivirus	Avira	14.02.2012	109,0MB	12.0.0.898
BASIC++ 1.0		29.12.2011		
BioExcess	Egis Technology Inc.	29.11.2011	34,2MB	7.0.67.0
CCleaner	Piriform	27.04.2012		3.18
CyberLink YouCam	CyberLink Corp.	29.11.2011	93,1MB	3.1.3623
EgisTec ES603 WDM Driver	Egis Technology Inc.	29.11.2011	1,36MB	3.0.10.4
ElsterFormular	Landesfinanzdirektion Thüringen	24.12.2011	138,4MB	12.4.1.7699p
Energy Management	Lenovo	29.11.2011	16,9MB	6.0.2.1
Fiesta Online DE 1.04.053	Gamigo Games	14.04.2012		1.04.053
FileZilla Client 3.5.3	FileZilla Project	06.03.2012	16,6MB	3.5.3
Freecom Network Storage Assistant 1.65	Freecom	10.02.2012		
FreePDF (Remove only)		15.12.2011		
Google Chrome	Google Inc.	29.11.2011		18.0.1025.162
Google Earth Plug-in	Google	27.12.2011	40,9MB	6.1.0.5001
Google SketchUp 8	Google, Inc.	15.12.2011	73,3MB	3.0.11762
GPL Ghostscript	Artifex Software Inc.	15.12.2011		9.04
Intel(R) Control Center	Intel Corporation	30.11.2011		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	30.11.2011		7.0.0.1144
Intel(R) Processor Graphics	Intel Corporation	30.11.2011		8.15.10.2342
Intel(R) Rapid Storage Technology	Intel Corporation	28.04.2012		10.1.5.1001
Java(TM) 6 Update 30	Oracle	15.12.2011	97,1MB	6.0.300
Lenovo Bluetooth with Enhanced Data Rate Software	Broadcom Corporation	29.11.2011	184,3MB	6.3.0.8000
Lenovo EasyCamera	Alcor	29.11.2011		2.16.23.3
Lenovo EE Boot Optimizer	Lenovo	29.11.2011		0.0.1.6
Lenovo OneKey Recovery	CyberLink Corp.	29.11.2011		7.0.1628
Lenovo Security Suite	Lenovo	29.11.2011	3,58MB	2.0.11.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	27.04.2012	18,0MB	1.61.0.1400
MeshLab 1.3.1	Paolo Cignoni VCG - ISTI - CNR	27.01.2012		1.3.1
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	17.12.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	17.12.2011	2,94MB	4.0.30319
Microsoft IntelliPoint 8.2	Microsoft Corporation	15.12.2011		8.20.468.0
Microsoft Office 2010	Microsoft Corporation	29.11.2011	6,31MB	14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	16.02.2012	60,3MB	4.1.10111.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	29.11.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	31.12.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	15.12.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	31.12.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.12.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	24.12.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	31.12.2011	12,3MB	10.0.40219
Mozilla Firefox 9.0.1 (x86 de)	Mozilla	30.12.2011	36,5MB	9.0.1
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	28.03.2012	37,5MB	11.0.1
netfabb Studio		28.01.2012		
OneKey Recovery	CyberLink Corp.	30.11.2011		7.0.1628
OpenOffice.org 3.3	OpenOffice.org	15.12.2011	415MB	3.3.9567
OpenVPN 2.2.2		07.02.2012		2.2.2
Port Locker	Egis Technology Inc.	29.11.2011	5,11MB	1.0.5.24
Power2Go	CyberLink Corp.	29.11.2011		5.6.0.7303
Realtek Ethernet Controller Driver For Windows 7	Realtek	29.11.2011		7.21.531.2010
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	29.11.2011		6.0.1.6282
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	29.11.2011		6.1.7600.10008
RedMon - Redirection Port Monitor		15.12.2011		
Scratch	MIT Media Lab Lifelong Kindergarten Group	10.02.2012		1.4.0.0
SiSy3 AVR	Laser & Co. Solutions GmbH	14.12.2011		3.0
Skype™ 5.8	Skype Technologies S.A.	23.04.2012	19,0MB	5.8.158
Synaptics Pointing Device Driver	Synaptics Incorporated	29.11.2011	46,4MB	15.2.7.0
Visitenkarten in 2 Minuten		30.12.2011		
Windows Live Essentials	Microsoft Corporation	30.11.2011		15.4.3508.1109
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	29.11.2011	5,58MB	15.4.5722.2
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)	Lenovo	29.11.2011		12/02/2010 6.1.0.1
XSManager	XSManager	08.02.2012		3.0

*

kira · 28.04.2012, 23:32

1.
folgende Prüfung durchführen :-> LanmanworkstationChecker

2.
OTL.txt - nicht vollständig gepostet, bitte versuche es nochmal!

3.
Die verschlüsselten Dateien mit unserem DecryptHelper von Matthias entschlüsseln. (Java wird benötigt)
alternativ: Avira Ransom File Unlocker (bitte postet uns Eure Ergebnisse! Danke)

Cratzmueller · 29.04.2012, 08:26

Danke für die Antwort.

Der LamanworkstationChecker hat nicht funktioniert. Es kam nach download und start des Programms die Meldung:

Code:

ATTFilter

DLL im Lanmanworkstation Schlüssel: 
Geladene DLL: 
Signatur der DLL: 
Rückgabe der Signaturermittlung: Das System kann die angegebene Datei nicht finden.

MD5 der DLL: 

Der Lanmanworkstation Schlüssel konnte nicht ausgelesen werden oder ist nicht vorhanden!

Verschlüsselte Dateien sind mir bisher noch nicht aufgefallen.

Unten nochmal der OTL.txt.

Ich gehe jetzt bis Dienstagabend auf einen Wander-Ausflug und der Rechner ist nicht mit. Wenn also jetzt einer schneller Hilfe braucht, diesen gerne vorziehen.

Gruß, schönen Sonn- & Feiertag
Cratzmueller

Hier nochmal der OTL.TXT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.04.2012 21:20:13 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\Claus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 53,93% Memory free
7,83 Gb Paging File | 5,99 Gb Available in Paging File | 76,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 362,44 Gb Free Space | 85,93% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-LAPTOP | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\WebCam\S6000\S6000Mnt.exe (Alcor)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
PRC - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LanmanWorkstation) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Service) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (Egis Technology Inc. )
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (EgisTec Service Help) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (Egis Technology Inc. )
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (EgisTecFF) -- C:\Windows\SysNative\drivers\EgisTecFF.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (S6000KNT) -- C:\Windows\SysNative\drivers\S6000KNT.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egis Technology Inc.)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cmnsusbser) -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys (Mobile Connector)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.11.30 07:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.31 11:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.23 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.12.15 21:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Extensions
[2012.03.07 22:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions
[2011.12.23 21:42:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.23 21:42:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.03.07 22:29:28 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.12.23 21:42:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.12.23 21:42:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\engine@conduit.com
[2011.12.23 21:42:43 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.12.23 21:42:46 | 000,000,000 | ---D | M] (DicionÃ¡rio para Ortografia pt-BR) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011.12.23 21:42:47 | 000,000,000 | ---D | M] (Speedtest Checker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\speedtestchecker@oliver.schlbe
[2011.12.23 21:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions
[2011.12.23 21:38:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.23 21:38:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.12.23 21:38:29 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.12.23 21:38:20 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.12.23 21:38:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com
[2011.12.23 21:38:20 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.12.23 21:38:22 | 000,000,000 | ---D | M] (DicionÃ¡rio para Ortografia pt-BR) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011.12.23 21:38:23 | 000,000,000 | ---D | M] (Speedtest Checker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\speedtestchecker@oliver.schlbe
[2010.07.24 20:06:56 | 000,000,894 | ---- | M] () -- C:\Users\Claus\AppData\Roaming\Mozilla\Firefox\Profiles\yd7921e9.default\searchplugins\conduit.xml
[2011.12.31 11:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.31 11:25:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.31 11:24:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 11:24:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.31 11:24:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.31 11:24:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.31 11:24:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.31 11:24:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\windows\system32\d3dyjvzlg.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{683ED6FD-EB71-4BC0-9091-A6FB7B41C1A7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7916030B-0D12-4803-91EA-0B1C6E49537A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\Shell - "" = AutoRun
O33 - MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.28 18:05:22 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Roaming\Malwarebytes
[2012.04.28 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.28 18:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:05:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.04.28 18:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.26 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Local\ElevatedDiagnostics
[2012.04.26 20:05:44 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Roaming\Yypmy
[2012.04.24 21:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.24 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.15 20:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.04.15 19:16:39 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo
[2012.04.15 19:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo
[2012.04.15 19:16:38 | 000,000,000 | ---D | C] -- C:\gamigo
[2012.04.11 23:32:40 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012.04.11 23:32:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012.04.11 23:32:39 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012.04.11 23:32:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012.04.11 23:32:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012.04.11 23:32:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012.04.11 23:32:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012.04.11 23:32:38 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012.04.11 23:32:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012.04.11 23:32:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.04.11 23:32:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.04.11 23:32:25 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.04.11 23:32:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.04.11 23:32:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012.04.11 23:30:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012.04.11 23:30:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012.04.11 23:30:58 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.28 21:15:54 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.28 21:15:54 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.28 21:15:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.28 19:02:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 19:02:41 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.28 18:59:39 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.04.28 18:59:39 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.04.28 18:59:39 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.04.28 18:59:39 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.04.28 18:59:39 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.04.28 18:55:58 | 000,107,511 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.04.28 18:55:04 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.28 18:05:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.24 21:02:30 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.15 20:43:02 | 000,001,122 | ---- | M] () -- C:\Users\Claus\Desktop\Cyberlink Power2Go.lnk
[2012.04.12 21:35:55 | 000,002,255 | ---- | M] () -- C:\Users\Claus\Desktop\OneKey Recovery.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.28 18:05:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.19 14:02:54 | 000,000,138 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\avr_tool.cfg
[2011.12.19 13:55:16 | 000,000,038 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\ProgTool.cfg
[2011.12.15 21:26:37 | 000,000,182 | ---- | C] () -- C:\ProgramData\sisymain.cfg
[2011.12.15 21:26:37 | 000,000,019 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\sisymain.cfg
[2011.12.15 21:24:46 | 000,000,081 | ---- | C] () -- C:\windows\SysWow64\fsk.ini
[2011.12.15 21:18:37 | 000,000,064 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\CDStart.cfg
[2011.11.30 16:11:01 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011.11.30 16:11:00 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011.11.30 16:11:00 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011.11.30 16:11:00 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011.11.30 16:11:00 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011.11.30 16:11:00 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011.11.30 16:11:00 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011.11.30 16:10:59 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011.11.30 16:10:59 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011.11.30 16:10:59 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011.11.30 16:10:59 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011.11.30 16:10:59 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011.11.30 07:14:58 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini
[2011.04.15 07:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.04.15 07:28:23 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.04.15 07:28:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.04.15 07:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

< End of report >

--- --- ---

Cratzmueller · 18.05.2012, 21:04

Hallo,
mit dem Dialog ama 29.4.12 umd 9:26 h hat der Dialog abgerissen.
Der "LamanworkstationChecker" ist nicht mehr zum Einsatz gekommen.

Der Laptop funktioniert aber wieder. Ich habe zumindest keine Problem mehr bemerkt.

Recht schönen Dank für die Unterstützung.

Gruß
Cratzmueller

kira · 19.05.2012, 10:43

Systemreinigung und Prüfung:

1.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.12.23 21:42:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\engine@conduit.com
[2011.12.23 21:38:29 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.12.23 21:38:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com
[2010.07.24 20:06:56 | 000,000,894 | ---- | M] () -- C:\Users\Claus\AppData\Roaming\Mozilla\Firefox\Profiles\yd7921e9.default\searchplugins\conduit.xml
[2011.12.31 11:24:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 11:24:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.31 11:24:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.31 11:24:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.31 11:24:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [S6000Mnt] C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\Shell - "" = AutoRun
O33 - MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\Shell\AutoRun\command - "" = E:\autorun.exe
[2012.04.28 21:15:54 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.28 21:15:54 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Claus\AppData\Roaming\Yypmy
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

5.
Aktualisieren:
-> Mozilla Firefox[/COLOR][/B] Hilfe -> über Menü Hilfe -> "Über Fitefox"

-> Mozilla Thunderbird
gehe auf "Hilfe"-> "Über Thunderbird"

6.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Cratzmueller · 19.05.2012, 13:47

Hier der Inhalt des log files von aswMBR.log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-19 14:14:04
-----------------------------
14:14:04.676    OS Version: Windows x64 6.1.7601 Service Pack 1
14:14:04.676    Number of processors: 4 586 0x2A07
14:14:04.676    ComputerName: CLAUS-LAPTOP  UserName: Claus
14:14:06.002    Initialize success
14:15:42.541    AVAST engine defs: 12051900
14:15:59.670    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:15:59.685    Disk 0 Vendor: HITACHI_ JE3Z Size: 476940MB BusType: 3
14:15:59.685    Disk 0 MBR read successfully
14:15:59.701    Disk 0 MBR scan
14:15:59.717    Disk 0 Windows 7 default MBR code
14:15:59.732    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
14:15:59.748    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       431938 MB offset 411648
14:15:59.763    Disk 0 Partition - 00     0F Extended LBA             29692 MB offset 885020672
14:15:59.795    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 945829888
14:15:59.826    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29691 MB offset 885022720
14:15:59.888    Disk 0 scanning C:\windows\system32\drivers
14:16:11.557    Service scanning
14:16:39.965    Modules scanning
14:16:39.980    Disk 0 trace - called modules:
14:16:39.996    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:16:40.011    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006614060]
14:16:40.011    3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004860050]
14:16:41.244    AVAST engine scan C:\windows
14:16:44.925    AVAST engine scan C:\windows\system32
14:20:03.907    AVAST engine scan C:\windows\system32\drivers
14:20:16.730    AVAST engine scan C:\Users\Claus
14:31:08.499    AVAST engine scan C:\ProgramData
14:31:59.511    Scan finished successfully
14:38:54.192    Disk 0 MBR has been saved successfully to "C:\Users\Claus\Desktop\MBR.dat"
14:38:54.192    The log file has been saved successfully to "C:\Users\Claus\Desktop\aswMBR.txt"

der Rest folgt

Gruß
Cratzmueller

Hier jetzt die Text-Datei von OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Prefs.js: "Softonic_Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q=" removed from browser.search.defaulturl
Prefs.js: "Softonic_Deutsch Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Folder C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\engine@conduit.com\ not found.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Claus\AppData\Roaming\Mozilla\Firefox\Profiles\yd7921e9.default\searchplugins\conduit.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\S6000Mnt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{086bd3a1-52e8-11e1-8e9c-e4d53de18bdf}\ not found.
File E:\autorun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
C:\Users\Claus\AppData\Roaming\Yypmy folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Claus\Downloads\cmd.bat deleted successfully.
C:\Users\Claus\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Claus
->Temp folder emptied: 244772305 bytes
->Temporary Internet Files folder emptied: 119295092 bytes
->Java cache emptied: 9231352 bytes
->FireFox cache emptied: 76111260 bytes
->Google Chrome cache emptied: 474307891 bytes
->Flash cache emptied: 12292 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178360372 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1637612167 bytes
 
Total Files Cleaned = 2.613,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05192012_173410

Files\Folders moved on Reboot...
C:\Users\Claus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Gruß
Cratzmueller

Jetzt habe ich alles gemacht bis zum Punkt "Start CCleaner"
Dort werde ich gefragt, ob ich diverse Dateien löschen möchte auch Anwendungen zum Beispiel "Filezilla" oder "skype".

Sind die Anwendungen weg wenn ich "Start CCleaner" klicke?

Gruß
Cratzmueller

kira · 19.05.2012, 22:35

wie die Name schon sagt nur "temporär" gespeicherte Dateien-> http://de.wikipedia.org/wiki/Tempor%C3%A4re_Datei

Cratzmueller · 03.06.2012, 21:40

Also, ich war ein paar Tage weg. Jetzt gehts weiter.

Den ccleaner (Schritt 6) habe ich laufen lassen genauso auch"Super Anti Spyware" (Schritt 7). Hier das Protokoll:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/03/2012 at 12:25 PM

Application Version : 5.0.1150

Core Rules Database Version : 8675
Trace Rules Database Version: 6487

Scan type       : Complete Scan
Total Scan Time : 00:40:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 602
Memory threats detected   : 0
Registry items scanned    : 65815
Registry threats detected : 0
File items scanned        : 72643
File threats detected     : 24

Trojan.Agent/Gen-Koobface[Bonkers]
	C:\PROGRAM FILES (X86)\BASICPP\REFERENZ\REF.EXE
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BASIC++\ENTWICKLER REFERENZ.LNK
	C:\PROGRAM FILES (X86)\BASICPP\COMPILER\TK.EXE
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BASIC++\TOOLS\TOKEN DECOMPILER.LNK
	C:\PROGRAM FILES (X86)\BASICPP\COMPILER\CCASM.EXE

Adware.Tracking Cookie
	.apmebf.com [ C:\USERS\CLAUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\CLAUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	imagesrv.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X2U52GV2 ]
	eas.apm.emediate.eu [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\CLAUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YD7921E9.DEFAULT\COOKIES.SQLITE ]

Danach habe ich meinen USB Stick eingesteckt (habe nur diesen einen) und ESET Online scan laufen lassen (Schritte 8 und 9). Ergebnis:
No threats found
Scanned files: 150326
Total Scan time: 1:08:21

Jetzt noch Schritt 10 (otl.exe laufen lassen):

Hier das file otl.txt
[code]
dOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.06.2012 22:24:38 - Run 2
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Claus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,94% Memory free
7,83 Gb Paging File | 5,60 Gb Available in Paging File | 71,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 364,84 Gb Free Space | 86,49% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-LAPTOP | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 22:21:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Claus\Downloads\OTL (2).exe
PRC - [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.05.09 19:46:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 19:46:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:46:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.15 14:26:42 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.24 13:19:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.14 01:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010.12.14 01:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010.12.14 01:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010.11.05 20:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.11.05 20:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.10.22 16:37:42 | 000,364,400 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
PRC - [2010.10.22 16:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
PRC - [2010.02.25 13:04:56 | 000,160,528 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.02.25 13:03:40 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.06.22 17:13:48 | 000,304,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.23 03:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.23 03:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012.05.23 03:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012.05.23 03:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012.05.23 03:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012.05.23 03:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012.05.23 03:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012.05.23 03:06:23 | 008,743,584 | ---- | M] () -- C:\PROGRA~2\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.12.16 21:38:24 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.12.16 21:38:24 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.02 18:40:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\poualnjar.dll -- (Dnscache)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (LanmanWorkstation)
SRV - [2012.05.09 19:46:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 19:46:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.25 11:33:54 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.02.15 14:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.12.14 01:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010.12.14 01:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010.10.22 16:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)
SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 13:03:40 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.22 17:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 19:46:58 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 19:46:58 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 09:06:38 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.12.09 13:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.11.30 07:39:02 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.11.30 07:39:02 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.11.30 07:37:09 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.11.30 07:37:06 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.11.30 07:26:53 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)
DRV:64bit: - [2011.11.30 07:21:42 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.11.30 07:21:42 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.11.30 07:21:42 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.11.18 22:08:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.18 22:08:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.09.28 18:03:12 | 000,071,168 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.02.15 08:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.02.15 08:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.02.15 08:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.02.15 08:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.02.15 08:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.12.24 13:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.23 18:45:58 | 003,293,272 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010.12.22 14:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.31 12:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2010.10.22 17:37:54 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.10.31 17:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.11.30 07:21:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 17:51:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.23 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.12.15 21:14:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Extensions
[2012.06.03 11:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions
[2011.12.23 21:42:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.23 21:42:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.06.03 11:56:19 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.12.23 21:42:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.19 17:51:15 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.12.23 21:42:46 | 000,000,000 | ---D | M] (DicionÃ¡rio para Ortografia pt-BR) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011.12.23 21:42:47 | 000,000,000 | ---D | M] (Speedtest Checker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\yd7921e9.default\extensions\speedtestchecker@oliver.schlbe
[2012.05.19 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions
[2011.12.23 21:38:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.23 21:38:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.12.23 21:38:20 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.12.23 21:38:20 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.12.23 21:38:22 | 000,000,000 | ---D | M] (DicionÃ¡rio para Ortografia pt-BR) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\pt-BR@dictionaries.addons.mozilla.org
[2011.12.23 21:38:23 | 000,000,000 | ---D | M] (Speedtest Checker) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles_back\3i9b2ius.default\extensions\speedtestchecker@oliver.schlbe
[2011.12.31 11:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.19 17:51:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.19 17:51:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.19 17:51:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.19 17:51:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.19 17:51:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.19 17:51:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.19 17:51:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\nspu4sa8.dll (Zeroconf)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{683ED6FD-EB71-4BC0-9091-A6FB7B41C1A7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7916030B-0D12-4803-91EA-0B1C6E49537A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 11:43:10 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.03 11:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.03 11:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.03 11:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.03 11:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.02 18:40:51 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\windows\SysNative\poualnjar.dll
[2012.05.19 17:50:18 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.05.19 17:50:17 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.05.19 17:50:17 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.05.19 17:50:05 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.05.19 17:50:05 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.05.19 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.19 17:34:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.13 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Local\Windows Live
[2012.05.13 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Local\{B950535B-5FB4-4B08-958E-576E59DDF0EA}
[2012.05.13 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Local\{A3948BFF-A7D8-49F2-AE02-F64949890A78}
[2012.05.11 20:38:10 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012.05.11 20:38:06 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012.05.11 20:38:05 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012.05.11 20:38:05 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 21:51:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.06.03 21:01:08 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.06.03 21:01:08 | 000,654,340 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.06.03 21:01:08 | 000,616,182 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.06.03 21:01:08 | 000,130,180 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.06.03 21:01:08 | 000,106,562 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.06.03 20:00:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 20:00:16 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 19:53:34 | 000,135,573 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.06.03 19:52:39 | 3153,702,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 11:42:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.03 11:36:56 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.02 18:40:51 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\windows\SysNative\poualnjar.dll
[2012.05.19 17:49:57 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2012.05.19 17:49:57 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2012.05.19 17:49:57 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2012.05.19 17:49:57 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2012.05.19 17:49:57 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2012.05.19 14:38:54 | 000,000,512 | ---- | M] () -- C:\Users\Claus\Desktop\MBR.dat
[2012.05.12 10:56:50 | 000,309,568 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.05.09 19:46:58 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.05.09 19:46:58 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.05.07 19:03:03 | 000,002,981 | ---- | M] () -- C:\Users\Claus\Desktop\Account validated at Philips - Support Forum!.eml
 
========== Files Created - No Company Name ==========
 
[2012.06.03 11:42:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.19 14:38:54 | 000,000,512 | ---- | C] () -- C:\Users\Claus\Desktop\MBR.dat
[2012.05.07 19:03:03 | 000,002,981 | ---- | C] () -- C:\Users\Claus\Desktop\Account validated at Philips - Support Forum!.eml
[2011.12.19 14:02:54 | 000,000,138 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\avr_tool.cfg
[2011.12.19 13:55:16 | 000,000,038 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\ProgTool.cfg
[2011.12.15 21:26:37 | 000,000,182 | ---- | C] () -- C:\ProgramData\sisymain.cfg
[2011.12.15 21:26:37 | 000,000,019 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\sisymain.cfg
[2011.12.15 21:24:46 | 000,000,081 | ---- | C] () -- C:\windows\SysWow64\fsk.ini
[2011.12.15 21:18:37 | 000,000,064 | ---- | C] () -- C:\Users\Claus\AppData\Roaming\CDStart.cfg
[2011.11.30 16:11:01 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011.11.30 16:11:00 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011.11.30 16:11:00 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011.11.30 16:11:00 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011.11.30 16:11:00 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011.11.30 16:11:00 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011.11.30 16:11:00 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011.11.30 16:10:59 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011.11.30 16:10:59 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011.11.30 16:10:59 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011.11.30 16:10:59 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011.11.30 16:10:59 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011.11.30 07:14:58 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini
[2011.04.15 07:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2011.04.15 07:28:23 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.04.15 07:28:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.04.15 07:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2011.12.25 12:52:38 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Canon
[2011.12.25 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\elsterformular
[2012.06.03 11:38:38 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\FileZilla
[2011.12.16 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\FreePDF
[2012.01.29 11:07:39 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\netfabb
[2011.12.16 21:40:14 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\OpenOffice.org
[2012.04.12 09:55:33 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\PapDesigner
[2011.12.23 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Thunderbird
[2012.05.20 11:18:48 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\XSManager
[2012.06.02 18:40:51 | 000,032,628 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 993 bytes -> C:\Users\Claus\Desktop\Account validated at Philips - Support Forum!.eml:OECustomProperty

< End of report >

--- --- ---

und extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.06.2012 22:24:38 - Run 2
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Claus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 52,94% Memory free
7,83 Gb Paging File | 5,60 Gb Available in Paging File | 71,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 364,84 Gb Free Space | 86,49% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-LAPTOP | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03405566-0BE6-4EB7-805F-E865B23E77EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{078079D4-7A96-441F-B8F7-30083E88DF0F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{251C1FFC-0092-4E98-A057-0CEC2C7788A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32DC0E2E-1623-4501-9D95-F2DBF0A9C5B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{37CB765E-4014-432A-80CF-F4125B20B4DC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3D84B58C-1779-42D6-BC7C-FA47997C71CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{529E5CC9-FADD-4A1A-A0AF-D9D9D1EA90A0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{595066E3-ECA3-465C-A564-28B273934B9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6599C1F4-571F-4248-943F-74B01293ED7C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{74995629-08D3-4B03-A244-269AB505EF5B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7DDC1541-F199-42DF-98B6-7DC61C5064BE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{80692AEB-F51E-4856-A0E7-355E36E568E5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0C86C60-815D-4953-B067-8C23F574E17B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF1E18AA-4817-4539-93F9-1E89F02C3C45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B09744E0-E149-4CE2-AF52-41168F493CB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6580F66-15B9-4BC5-9C5A-3A4B10DE6440}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C9EDB455-4249-4820-AF10-1C506B8FC042}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D44F66D6-96BD-4751-BF81-C2B1C350F64D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D591646D-28FD-461F-AE05-32DCF5141AAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DCC88700-D4AB-4D93-890D-6DCEAF412A4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0DC44D5-9643-4D59-8DE9-19CD28EC02D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E523946E-672F-4A28-A52C-83673CE4BF7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E90599B5-A04B-42A6-8E7F-5E22F4FB1210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F12DCBAB-06ED-4038-B998-3673D6FAB529}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F8A52307-97DB-4C8A-B3F4-A57F21CF887D}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E1DA456-8665-4C05-8B10-021EC7610A1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{269DEE18-E333-4C1C-8778-9E46206E4E88}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3B269CCC-E22D-4EE2-A86A-1E6E3A414A04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3EFA41D9-2C3C-4FE0-9CA9-AF53BA37BDB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{466B1B92-E57A-4B73-AD93-E432ED78418B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59290895-E423-4C3A-B696-4373297EE6E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5EE5E768-7A92-452D-997F-654B8813D3A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AE6A9DC-35F9-4A4A-AE4D-898D72E404ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6C905B47-72CB-418A-BBF9-4539BB1E1065}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E4BACE4-76EA-4261-A9E5-491705E6C7D0}" = protocol=6 | dir=out | app=system | 
"{7146EA60-FE55-48E0-B6E6-446E2498E861}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78C224DA-E4EF-40FB-98E6-1073686CF4B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{87898AEE-AB57-4AA6-8EE4-E58CCB9E4805}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{901874EB-8EF8-4932-AC28-8B8719095530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{91FC0150-7FDD-46EF-A4B1-6C22758BDCD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9891FD24-B20B-4818-A52D-E1224726603C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B0DD4A55-8E65-417F-9263-7FC6BA43F534}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC76096F-0425-4ADF-A54B-F0192B87515B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C04C8BA5-E1A0-4B54-998D-EA5D4EF5634A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2BDE116-E46D-4CCB-BEEE-EEB2A1F3BD36}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C854783E-2341-475E-9D3A-99B86654B81A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{DF2BB6D1-A9BD-4CFA-AF4E-4175DE6C29CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E09C7971-8406-4FE7-A06B-1ED385641925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E68AFE8E-4A04-4430-AE2C-4A39311EECDF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EAEB9145-A91F-42A7-B59C-795D5A806680}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"TCP Query User{2A22C681-A946-4C7C-97C4-BE68042A15B5}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{40BAFDDF-241D-4334-9471-EDE3BE5F13AD}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{FF8A887E-E0D2-4154-B025-8D944E279F4E}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
"UDP Query User{26212561-A51F-440E-91FB-397A0918FBB7}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{68680EE4-BFBD-475D-AE6C-736372E5D1C7}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"UDP Query User{F3D5BA24-DA39-4BB2-AAB5-B93542806D8E}C:\program files (x86)\freecom network storage assistant\fnsa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freecom network storage assistant\fnsa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = Lenovo EasyCamera
"Avira AntiVir Desktop" = Avira Free Antivirus
"BASIC++_is1" = BASIC++ 1.0
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"Fiesta Online DE" = Fiesta Online DE 1.04.053
"FileZilla Client" = FileZilla Client 3.5.3
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MeshLab" = MeshLab 1.3.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"netfabb" = netfabb Studio
"OpenVPN" = OpenVPN 2.2.2
"Scratch" = Scratch
"SiSy3 AVR" = SiSy3 AVR
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2012 05:54:31 | Computer Name = Claus-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 07:09:39 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 12:40:38 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.05.2012 12:52:12 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 15:36:44 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 15:41:25 | Computer Name = Claus-laptop | Source = Application Hang | ID = 1002
Description = Programm avnotify.exe, Version 12.3.0.15 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e00    Startzeit: 
01cd3464ea557cdb    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir 
Desktop\avnotify.exe    Berichts-ID: 31f93e47-a058-11e1-b264-e4d53de18bdf  
 
Error - 19.05.2012 07:02:16 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2012 11:38:29 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2012 15:19:36 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.05.2012 02:51:11 | Computer Name = Claus-laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.05.2012 14:23:37 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 09.05.2012 14:25:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 09.05.2012 14:30:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 09.05.2012 14:30:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 09.05.2012 14:30:45 | Computer Name = Claus-laptop | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
 
< End of report >

--- --- ---

So jetzt wäre ich eigentlich mit den zehn Schritten durch. Danke für die Unterstützung. Falls noch Probleme auftauchen, berichte ich gerne.

Gruß
Cratzmueller

kira · 04.06.2012, 07:19

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert

Log-Analyse und Auswertung: Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert