Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner - Dateien sind verschlüsselt

Trojaner - Dateien sind verschlüsselt


Plagegeister aller Art und deren Bekämpfung: Trojaner - Dateien sind verschlüsselt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.05.2012, 19:37   #1
I3egga
 
Trojaner - Dateien sind verschlüsselt - Standard

Trojaner - Dateien sind verschlüsselt


Hallo
meine Frau hat heute Nachmittag eine Email mit einer Rechnung geöffnet und sind die verschiedene Dateien verschlüsset. Startet man Windows ganz normal erscheint ein Bildschirm auf dem folgender Text steht:

Zitat:
"ACHTUNG aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Durch das Besuchen von Seiten mit infizierten und pronografischen Seiten ist das Computerssystem an eine kritische Grenze angekommen, nach der das System zusammenbrechen und die ganzen Dateien verloren gehen können. Um dieses System wiederherstellen zu können, müssen Sie ein zusätzliches Sicherheitsupdate herunterladen."
Die meisten Bilddateien lassen sich nicht mehr öffnen, haben aber noch den originalen Dateinamen. In anderen Ordnern befinden sich nur noch Dateien mit zufälligen Dateinamen. Z.B. jxpepAoXsEJeAvQjoQsXs

Im abgesicherten Modus startet der Rechner "normal". Dort habe ich dann wichtige Ordner erstmal auf einer externen HDD gesichert.

Ich habe dann mit OTL einen Scan gemacht und hier sind die Logs dazu:

Code:
ATTFilter
OTL logfile created on: 22.05.2012 20:16:09 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\otl
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 85,30% Memory free
7,73 Gb Paging File | 7,18 Gb Available in Paging File | 92,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,49 Gb Total Space | 25,17 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive D: | 141,50 Gb Total Space | 54,75 Gb Free Space | 38,69% Space Free | Partition Type: NTFS
Drive E: | 222,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DOROTHEE-PC | User Name: Dorothee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\otl\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (DOSMEMIO) -- C:\Windows\SysWOW64\MEMIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B 07 F2 30 59 96 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60001
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dorothee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dorothee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.27 08:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.18 21:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 09:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.07.18 21:08:46 | 000,000,000 | ---D | M]
 
[2010.12.12 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Extensions
[2010.12.09 10:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.11 18:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.12.12 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2010.12.11 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Extensions\Transmedia
[2012.05.02 10:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Firefox\Profiles\35r9245k.default\extensions
[2011.04.10 17:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dorothee\AppData\Roaming\mozilla\Firefox\Profiles\35r9245k.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2012.04.27 08:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 08:36:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.01 11:54:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 12:39:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.01 12:39:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.01 12:39:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 12:39:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 12:39:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 12:39:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [42CAD5FE] C:\Users\Dorothee\AppData\Roaming\Mrlpmrnyy\5F20311442CAD5FE96C8.exe (We bello comè?)
O4 - HKCU..\Run: [AVMUSBFernanschluss] "C:\Users\Dorothee\AppData\Local\Apps\2.0\ZCRXRR9K.B2E\EG6B49Z4.G9Y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: solibro-solar.com ([partners] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonicwall.com ([sslvpn] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://partners.solibro-solar.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E69D3F-7DF7-4AF5-B8AC-6C52CF527891}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CC3EB4-7B59-4C4C-A640-0A415DC2BFB8}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{87761cc0-57a5-11e0-a29e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87761cc0-57a5-11e0-a29e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Launcher\LAUNCHER.EXE
O33 - MountPoints2\{97a55156-da05-11e0-b38d-002454a01f22}\Shell - "" = AutoRun
O33 - MountPoints2\{97a55156-da05-11e0-b38d-002454a01f22}\Shell\AutoRun\command - "" = DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.22 20:12:02 | 000,000,000 | ---D | C] -- C:\otl
[2012.05.22 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\Dorothee\AppData\Roaming\Mrlpmrnyy
[2012.05.13 16:20:46 | 000,000,000 | ---D | C] -- C:\Users\Dorothee\eTeks
[2012.05.13 16:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
[2012.05.13 16:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Home 3D
[2012.05.12 08:56:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.11 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\Dorothee\AppData\Roaming\FastStone
[2012.05.11 10:35:47 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 10:35:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 10:35:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.11 10:35:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2012.05.09 15:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2012.04.27 19:33:40 | 000,000,000 | ---D | C] -- C:\Users\Dorothee\Documents\OneNote-Notizbücher
[2012.04.27 08:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.27 08:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.26 11:08:17 | 000,000,000 | --SD | C] -- C:\Users\Dorothee\Documents\Meine Shapes
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.22 20:14:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 20:14:36 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 19:42:51 | 001,506,942 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.22 19:42:51 | 000,656,730 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.22 19:42:51 | 000,618,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.22 19:42:51 | 000,131,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.22 19:42:51 | 000,107,634 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 15:57:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814355115-792584071-1517513843-1000UA.job
[2012.05.22 08:57:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-814355115-792584071-1517513843-1000Core.job
[2012.05.22 07:17:26 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 07:17:26 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 19:19:44 | 000,001,554 | ---- | M] () -- C:\Users\Dorothee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.05.12 09:14:34 | 000,309,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 15:19:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2012.04.27 21:32:30 | 000,017,416 | ---- | M] () -- C:\Users\Dorothee\Documents\Zeichnung1.pdf
[2012.04.25 22:36:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.25 22:36:12 | 001,529,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.09 15:19:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk
[2012.04.27 21:32:29 | 000,017,416 | ---- | C] () -- C:\Users\Dorothee\Documents\Zeichnung1.pdf
[2012.04.27 19:33:45 | 000,001,554 | ---- | C] () -- C:\Users\Dorothee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2011.07.18 21:07:28 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.02 19:58:35 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.07.02 19:58:35 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.03.02 18:32:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.01.28 20:16:23 | 000,004,300 | ---- | C] () -- C:\Windows\SysWow64\MEMIO.SYS
[2011.01.28 20:16:21 | 000,003,425 | ---- | C] () -- C:\Windows\SysWow64\KBDR.INI
[2011.01.28 20:16:21 | 000,002,741 | ---- | C] () -- C:\Windows\SysWow64\KBDD.INI
[2011.01.28 20:16:21 | 000,002,699 | ---- | C] () -- C:\Windows\SysWow64\KBDO.INI
[2011.01.28 20:16:21 | 000,002,699 | ---- | C] () -- C:\Windows\SysWow64\KBDC.INI
[2011.01.28 20:16:21 | 000,002,606 | ---- | C] () -- C:\Windows\SysWow64\KBDB.INI
[2011.01.28 20:16:21 | 000,002,236 | ---- | C] () -- C:\Windows\SysWow64\KBDQ.INI
[2011.01.28 20:16:21 | 000,001,956 | ---- | C] () -- C:\Windows\SysWow64\KBDE.INI
[2011.01.28 20:16:21 | 000,001,885 | ---- | C] () -- C:\Windows\SysWow64\KBDP.INI
[2011.01.28 20:16:21 | 000,001,857 | ---- | C] () -- C:\Windows\SysWow64\KBDUU.INI
[2011.01.28 20:16:21 | 000,001,835 | ---- | C] () -- C:\Windows\SysWow64\KBDG.INI
[2011.01.28 20:16:21 | 000,001,835 | ---- | C] () -- C:\Windows\SysWow64\KBDA.INI
[2011.01.28 20:16:21 | 000,001,834 | ---- | C] () -- C:\Windows\SysWow64\KBDU.INI
[2011.01.28 20:16:21 | 000,001,819 | ---- | C] () -- C:\Windows\SysWow64\KBDN.INI
[2011.01.28 20:16:21 | 000,001,699 | ---- | C] () -- C:\Windows\SysWow64\KBDT.INI
[2011.01.28 20:16:21 | 000,001,697 | ---- | C] () -- C:\Windows\SysWow64\KBDV.INI
[2011.01.28 20:16:21 | 000,001,522 | ---- | C] () -- C:\Windows\SysWow64\KBDS.INI
[2011.01.28 20:16:21 | 000,001,476 | ---- | C] () -- C:\Windows\SysWow64\KBDF.INI
[2010.12.11 19:38:57 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.11 19:38:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.11 19:38:56 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.11 19:38:56 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.11 19:38:56 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.11 18:24:32 | 000,017,408 | ---- | C] () -- C:\Users\Dorothee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.08 19:25:30 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2010.12.08 19:25:29 | 000,000,521 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.08 19:25:29 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.12.08 19:02:55 | 001,529,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:AECF4772

< End of report >
Und hier die Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 22.05.2012 20:16:09 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\otl
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 85,30% Memory free
7,73 Gb Paging File | 7,18 Gb Available in Paging File | 92,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141,49 Gb Total Space | 25,17 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive D: | 141,50 Gb Total Space | 54,75 Gb Free Space | 38,69% Space Free | Partition Type: NTFS
Drive E: | 222,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DOROTHEE-PC | User Name: Dorothee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AD3B00-735E-4B5A-A2CD-B44875F81A4A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{04C57D4C-0659-4215-886D-95F170FF806E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0BBECCBE-35DE-45FB-A4B5-0A71685FEDBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0CE4A909-9187-4221-B526-7FD7A23F2F00}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0CFAC4C4-FB04-41A4-AC12-33DC76F09766}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18F1D4CF-549F-4DA7-AE8A-A2FD7ABD6581}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1F6F4683-4893-4032-9B90-0BB9985F2B5A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{23E253DF-7A96-42F5-9469-E3FE8AA861B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E11642A-D50F-4893-BC3F-70533AA93CFC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{358A571C-3BBA-45C8-A4EB-A950A1C3F66E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3C7FBFF8-6BFC-4838-9AD4-6887BBE1CA4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4A00E960-ECC3-438B-95BB-617D6AB35A5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{76B5EA4B-DEC8-4377-8FD8-4F6FD8762185}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77234571-51D0-4DD0-9069-0F5018E1D67A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7A0F9583-9C8D-4FB4-8909-A6CCA455BC2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7BEBB05A-CEE6-47F9-921F-95000493FF07}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7EFC2DE7-EC1C-4B44-9109-292D24EFDE6D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94908ACD-AE56-41AF-9E20-D52BC60CEB18}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A9D3510A-23CE-48A8-8F4A-D3759CF8D11C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B50E8812-937A-46CF-B46B-27C8363192DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF0C3AC7-0D73-4E3F-B7FB-981A3C7A57F2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{F3763454-F5CE-47B8-8FC0-D9C31A69E483}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{F78F971D-39B5-4893-9852-07AFB000D0E1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0950ACB3-FB66-4D68-834C-D21B210E3689}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0A3EE41D-BC5C-48A5-9676-946B633DAB9F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{112674FD-4D60-483A-9425-B199D61B59DA}" = protocol=17 | dir=in | app=c:\users\dorothee\appdata\local\apps\2.0\zcrxrr9k.b2e\eg6b49z4.g9y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{15734273-7759-45EA-8A79-2340AC259455}" = protocol=17 | dir=in | app=c:\users\dorothee\appdata\local\apps\2.0\zcrxrr9k.b2e\eg6b49z4.g9y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{1833B826-564C-49B0-99D0-E6C39DC040D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{21CED270-AB8E-442F-84F8-1FC1227965C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4BB71E45-07D7-40F2-A917-10465E6CD265}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4D1B3EF9-2D1B-4237-A884-74AAEEF0D8E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{55D92213-C7AE-491D-B00D-19B296AE205E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5D58DF75-1D81-49D2-A654-504481B3A3FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6192AEA5-78C5-48B2-B3E6-ACBD16C5A6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{68845DFC-3C92-4A02-9067-7312238F0B70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68E40257-B568-4A96-8FFE-3BAFC17F2C9B}" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{7049C18D-0CF2-4DDC-95CE-338A2931FDA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{80BE33ED-EEC4-467E-B276-F7873E1D0416}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A3C3198-EAA6-451E-AA48-E97DE1FB5A25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CD97C42-E7C8-4C65-B41E-592979FFAF4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93C5CD5B-EEA1-4095-A0C0-43420F25A33C}" = protocol=6 | dir=in | app=c:\users\dorothee\appdata\local\apps\2.0\zcrxrr9k.b2e\eg6b49z4.g9y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{96990677-50DA-42B0-97EA-7C0547DE42D3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9F14FD2E-CFED-4CEE-8AFD-C95DB67EE459}" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe | 
"{A01355D4-ACAB-4E20-B8DF-7211731BD44E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A7D8D0C2-8DA1-4506-940A-991621A7AEAC}" = protocol=6 | dir=in | app=c:\users\dorothee\appdata\local\apps\2.0\zcrxrr9k.b2e\eg6b49z4.g9y\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe | 
"{AD1FBF77-8000-402F-A9FB-A6E5BC6FBBE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C61C8A47-0348-4697-8BB2-81FFBF3DF0BE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C8B33DBA-9C82-4F9E-A7E0-8906DBBABED7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D4DD9811-FB19-4406-AEA7-A0765FFC420C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E41DF6EC-D148-40B6-8677-5A6D40F32BB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F06C4BA5-B09A-45D9-A9A6-11669D79FAD4}" = protocol=6 | dir=out | app=system | 
"{F9626359-D5FB-4C12-9CEE-3916C9B1227D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FAC1176D-39D7-4662-BFA7-FC0BEC3BDDB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{29404FE9-2520-4A5F-B37E-F37999DB8EC6}D:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"TCP Query User{6A395F61-E95C-4F6B-89AA-97BA032AB5A4}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"TCP Query User{77B6CD9E-75B8-43F5-AEA7-6F1725352123}D:\steamless left4dead pack\left4dead.exe" = protocol=6 | dir=in | app=d:\steamless left4dead pack\left4dead.exe | 
"TCP Query User{95DA86D8-F0DD-4AFB-9199-687E80792044}D:\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\blizzard downloader.exe | 
"TCP Query User{9E0BE476-A629-4F18-8B4A-2C31D04F123E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A1CD5890-7A0B-470D-B28F-403D57A59CD2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B5D532C5-61FA-4498-A2A0-24C5045D3A44}D:\spiele\simcity 3000 deutschland\apps\updater\updater.exe" = protocol=6 | dir=in | app=d:\spiele\simcity 3000 deutschland\apps\updater\updater.exe | 
"TCP Query User{D90DF4FE-A78E-4483-ADAC-1C632070BE0C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{11678744-6EA9-419D-B8A0-9F3D16259F14}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{201D3755-4E2A-46BB-B89E-6A55A84CCAD4}D:\steamless left4dead pack\left4dead.exe" = protocol=17 | dir=in | app=d:\steamless left4dead pack\left4dead.exe | 
"UDP Query User{3C99C836-BF13-41BE-ABBC-21B5BE995485}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{627AA5F2-ACAF-43F7-907D-BC88818C79F0}D:\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\blizzard downloader.exe | 
"UDP Query User{6D0935DB-6C75-4B2B-B330-F1CDACF06FF1}D:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.patch.exe | 
"UDP Query User{7F1DD77A-343A-44CA-AE0D-6430AADC7A80}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{AEE352A7-4AB4-4CEF-A583-EEFCA576BD56}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{E9FBFCA2-4E19-47ED-9B73-646FB1874842}D:\spiele\simcity 3000 deutschland\apps\updater\updater.exe" = protocol=17 | dir=in | app=d:\spiele\simcity 3000 deutschland\apps\updater\updater.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{161B0795-090D-4462-A5DC-FED13B8A05FC}" = DruckShop Weihnachten 35
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
"{32A3A4F4-B792-11D6-A78A-00B0D0160290}" = Java(TM) SE Development Kit 6 Update 29
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alamandi" = Alamandi
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Echoes of the Past - Das Schloss der Schatten" = Echoes of the Past: Das Schloss der Schatten
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"DAEMON Tools Lite" = DAEMON Tools Lite
"Der Blutschwur" = Der Blutschwur
"Der Exorzist" = Der Exorzist
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"dm-Fotowelt" = dm-Fotowelt
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaCoder x64" = MediaCoder x64 0.7.5.4797
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"S4Uninst" = Die Siedler IV
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"Steamless Left4Dead Pack" = Steamless Left4Dead Pack
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Winter Wonderland 3D Screensaver and Animated Wallpaper_is1" = Winter Wonderland 3D Screensaver and Animated Wallpaper 1.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Schonmal vielen Dank für eure Hilfe!

So ich habe jetzt den Rechner mit Malwarebytes gescannt und alle Infektionen entfernt. Der Rechner startet jetzt wieder. Hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Dorothee :: DOROTHEE-PC [Administrator]

Schutz: Deaktiviert

23.05.2012 08:15:19
mbam-log-2012-05-23 (08-15-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 198348
Laufzeit: 3 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|42CAD5FE (Trojan.Agent) -> Daten: C:\Users\Dorothee\AppData\Roaming\Mrlpmrnyy\5F20311442CAD5FE96C8.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Dorothee\AppData\Roaming\Mrlpmrnyy\5F20311442CAD5FE96C8.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dorothee\AppData\Local\Temp\zbzissblhz.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
So dann bleibt nur noch das Problem mit den verschlüsselten Daten...hoffentlich findet sich da auch noch eine Lösung.

 

Themen zu Trojaner - Dateien sind verschlüsselt
7-zip, alternate, autorun, bho, bildschirm, dateisystem, email, error, explorer, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, home, infizierte, install.exe, langs, logfile, microsoft security, nicht mehr öffnen, object, office 2007, plug-in, registry, rundll, scan, searchscopes, security, services.exe, svchost.exe, teamspeak, trojaner, udp, version=1.0, windows


« Fremdzugriff auf meinen PC | Datenwiederherstellung nach Windows Verschlüsselungstrojaner? »


Ähnliche Themen: Trojaner - Dateien sind verschlüsselt


  1. All Programmen und Dateien sind verschlüsselt in einer Datie von 62 Gb mit mail adresse prosschiff@gmail.com_.crypt
    Log-Analyse und Auswertung - 13.09.2015 (3)
  2. Trojaner hat Dateien verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (2)
  3. Computer startet nach Virusinfektion nicht mehr, Dateien auch auf Netzlaufwerk sind verschlüsselt
    Log-Analyse und Auswertung - 02.06.2014 (9)
  4. Dateien nach Trojaner verschlüsselt enc.rft
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (1)
  5. Trojaner eingefangen Dateien sind Locked verschlüsselt! Wie entschlüsseln? Hilfe!!
    Log-Analyse und Auswertung - 30.01.2014 (3)
  6. Windows Verschlüsselungs Trojaner entfernt aber die Dateien sind verschlüsselt!
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (25)
  7. BKA Trojaner - alle Dateien verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  8. ransom.ez entfernt, Einige Dateien sind verschlüsselt, Tools haben nicht geholfen.
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (2)
  9. Dateien aller Art sind komplett verschlüsselt ohne irgend eine Dateiendung..
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  10. Dateien sind verschlüsselt, aber nicht umbenannt.
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  11. Trojaner -- Dateien verschlüsselt
    Log-Analyse und Auswertung - 10.06.2012 (4)
  12. Sind meine Dateien verschlüsselt ?
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  13. Trojaner Alle Dateien verschlüsselt
    Log-Analyse und Auswertung - 06.06.2012 (4)
  14. Dateien sind verschlüsselt und lassen sich nicht mehr öffnen!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (5)
  15. Nach einer Rechnungsmail sind alle jpq Dateien umbenannt und verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (2)
  16. Trojaner Dateien verschlüsselt
    Log-Analyse und Auswertung - 15.05.2012 (12)
  17. Windows-Verschlüsselungs-Trojaner entfernt - Daten sind verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner - Dateien sind verschlüsselt - Hallo meine Frau hat heute Nachmittag eine Email mit einer Rechnung geöffnet und sind die verschiedene Dateien verschlüsset. Startet man Windows ganz normal erscheint ein Bildschirm auf dem folgender Text - Trojaner - Dateien sind verschlüsselt...
Archiv
Du betrachtest: Trojaner - Dateien sind verschlüsselt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131