Verschlüsselungstrojaner - Probleme beim Entfernen

Engel81 · 31.05.2012, 21:01

Hallo!

Ich habe hier einen Laptop stehen, der sich am 21. oder 22.05. den Verschlüsselungstrojaner eingefangen hatte. Durch booten im abgesicherten Modus konnte die "Startseite" des Trojaners entfernt werden. Die Dateien sind alle verschlüsselt, das stellt jedoch kein großes Problem dar, da sie aus den Schattenkopien wieder hergestellt werden konnten.

Erst heute ist jetzt aufgefallen, dass der Virenschutz (Microsoft Security Essentials) nicht mehr updated. Daraufhin wurden 2 Schritte nach euren Anleitungen ausgeführt:
- Malwarebytes
- ESET
beide drüberlaufen lassen. Die entsprechenden Logfiles:
[code]
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.31.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Barbara :: MC [Administrator]

31.05.2012 20:02:24
mbam-log-2012-05-31 (20-02-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433409
Laufzeit: 25 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Barbara\AppData\Local\Temp\1119556.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Barbara\AppData\Local\Temp\is1293846689\IWantThis_ADL_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
[code]
[code]
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6060b1fe53f5f0469f312ff3ef4bd71e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 07:35:05
# local_time=2012-05-31 09:35:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 7992188 90121923 0 0
# compatibility_mode=8192 67108863 100 0 89 89 0 0
# scanned=227471
# found=2
# cleaned=2
# scan_time=2173
C:\Users\Barbara\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Barbara\AppData\Local\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
[code]
Leider ist es trotzdem noch nicht möglich, den Virenschutz zu updaten. Wer kann mir weiterhelfen?

Danke schon mal
Barbara

kira · 01.06.2012, 06:39

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Engel81 · 01.06.2012, 08:19

Hallo Kira,

dann schaun wir mal, ob ich das alles richtig hinbekomme...
Log OTL:

Code:

ATTFilter

OTL logfile created on: 01.06.2012 09:15:12 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Barbara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 38,13% Memory free
6,33 Gb Paging File | 4,17 Gb Available in Paging File | 65,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 51,69 Gb Free Space | 43,39% Space Free | Partition Type: NTFS
 
Computer Name: MC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Barbara\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\1Password\Agile1pAgent.exe (AgileBits)
PRC - C:\Programme\1Password\Agile1pService.exe (AgileBits)
PRC - C:\Programme\1Password\Agile1pBroker.exe (AgileBits)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Programme\CounterPath\Bria 3\Bria3.exe (CounterPath)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
PRC - C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
PRC - C:\Programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe (Sierra Wireless, Inc.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
PRC - C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
PRC - C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programme\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Barbara\AppData\Local\assembly\dl3\VQ4B1Y0X.N8N\03VQW0OG.E6M\1aa1c72b\004bcda4_1fbfcb01\DYMO.Common.DLL ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ede3b9144bc31da0eaaf86c7b6a9eaaa\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\05787d96761cf20b76b927ace10ef1d3\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4b76c8d476ab52a28bbfa154c6f5ef07\Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5cdbdb1386f3060d12c31352910d59d3\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4bc310439d3df869c82d0064c3e1180a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cbaa2c3a4e91129440a784827d1d26bb\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\3d016be961a0f7e1941e0ceca394ed9d\Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0849dd848383994c63dc00278f64ddae\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\d74e5a924d753ca8bbf5068aaffecc25\Microsoft.Office.Tools.Common.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\27e74398e51ee1d9f333624a3718bb86\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d3d3ffda4ace48b6c4ed9a0faa84415f\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6c7ccf3f7fa572b45a31097585b9be71\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a3d7d37ccd26595b9858116ac8e78e42\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\443eceb48c4c76162ef874395f612590\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\783a4e24531ee190eb826509f8cc2a45\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1701cf92acbe16a9da38e2951929fd32\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.To#\ac10628d091eae96da114ea9b313bd6d\Microsoft.Office.Tools.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4d661ba2b6ac1a23427070f799fd540c\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9e572d1a5f468ae4226d9c74a54dbf5a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Programme\CounterPath\Bria 3\CPCLR.dll ()
MOD - C:\Programme\CounterPath\Bria 3\boost_thread-vc100-mt-1_42.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Excel\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\CounterPath\Bria 3\portaudio_x86.dll ()
MOD - C:\Programme\DYMO\DYMO Label Software\DYMO.Common.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\CounterPath\Bria 3\YLUSBTEL.dll ()
MOD - C:\Programme\CounterPath\Bria 3\AEC_PC_DLL.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Agile1Password) -- C:\Programme\1Password\Agile1pService.exe (AgileBits)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SwiCardDetectSvc) -- C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe (Sierra Wireless, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IconMan_R) -- C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (Sierra Wireless QDL Service) -- C:\Programme\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe (Sierra Wireless, Inc.)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DymoPnpService) -- C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (sesvc) -- C:\Programme\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) -- system32\DRIVERS\swumx20.sys File not found
DRV - (MotDev) -- system32\DRIVERS\motodrv.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (e1cexpress) Intel(R) -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (swg3kmbb00) -- C:\Windows\System32\drivers\swg3kmbb00.sys (Sierra Wireless Incorporated)
DRV - (swibusflt00) -- C:\Windows\System32\drivers\swibusflt00.sys (Sierra Wireless Inc.)
DRV - (swibus00) -- C:\Windows\System32\drivers\swibus00.sys (Sierra Wireless Inc.)
DRV - (swg3kflt00) -- C:\Windows\System32\drivers\swg3kflt00.sys (Sierra Wireless Incorporated)
DRV - (swg3kser00) -- C:\Windows\System32\drivers\swg3kser00.sys (Sierra Wireless Incorporated)
DRV - (swg3knmea00) -- C:\Windows\System32\drivers\swg3knmea00.sys (Sierra Wireless Incorporated)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (MEI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (FBIOSDRV) -- C:\Windows\System32\drivers\FBIOSDRV.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D4 D5 77 53 2F CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=cce9492b000000000000a088b4ded825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2012.05.30 15:03:13 | 000,000,861 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O4 - HKLM..\Run: [Agile1pAgent] C:\Programme\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DLSService] "C:\Program Files\DYMO\DYMO Label Software\DLSService.exe" File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [Bria 3] C:\Program Files\CounterPath\Bria 3\Bria3.exe (CounterPath)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: lordsandknights.com ([]http in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58450991-C868-41BB-8DBF-6AA3B1160C4D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\Shell\AutoRun\command - "" = F:\Enterprise_Launcher.exe
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 09:16:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Logs
[2012.06.01 09:12:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2012.05.31 20:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.31 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 20:01:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.31 20:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 15:02:56 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Abrechnung
[2012.05.22 10:31:55 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Crash
[2012.05.22 10:29:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Recovery
[2012.05.22 10:24:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 10:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Avira-RansomFileUnlocker-1.0.1
[2012.05.21 15:25:23 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Babylon
[2012.05.21 15:25:23 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Babylon
[2012.05.21 15:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.21 14:48:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
[2012.05.21 14:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 12:10:42 | 000,000,000 | ---D | C] -- C:\MSK-TEMP
[2012.05.16 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\ElevatedDiagnostics
[2012.05.15 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Sanford,_L.P
[2012.05.15 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\DYMO Label
[2012.05.15 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DYMO
[2012.05.15 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2012.05.15 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2012.05.15 11:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2012.05.14 13:50:07 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\KiTTY
[2012.05.14 13:49:49 | 000,513,024 | ---- | C] (Simon Tatham) -- C:\Users\Barbara\Desktop\kitty.exe
[2012.05.11 06:25:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.11 06:25:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.11 06:25:27 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.11 06:25:21 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.10 11:37:18 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Hardware
[2012.05.04 09:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.04 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.04 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.03 11:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
[2012.05.03 11:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2012.05.03 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\USBStick
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 09:12:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2012.05.31 21:33:48 | 000,015,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 21:33:48 | 000,015,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 20:52:28 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.31 20:52:28 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.31 20:52:28 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.31 20:52:28 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.31 20:48:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 20:47:54 | 2548,961,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.31 20:08:18 | 000,002,150 | -H-- | M] () -- C:\Users\Barbara\Documents\Default.rdp
[2012.05.31 20:01:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 15:37:03 | 000,001,951 | ---- | M] () -- C:\Users\Barbara\Desktop\CRM.lnk
[2012.05.22 10:23:59 | 000,001,843 | ---- | M] () -- C:\Users\Barbara\Desktop\ShadowExplorer.lnk
[2012.05.21 17:45:01 | 000,035,282 | ---- | M] () -- C:\Users\Barbara\Desktop\22923_0.jpg
[2012.05.21 15:25:30 | 000,001,491 | ---- | M] () -- C:\user.js
[2012.05.21 11:25:01 | 000,002,108 | ---- | M] () -- C:\Users\Barbara\Documents\XXeyfpftTDUegdr
[2012.05.17 06:51:58 | 000,000,600 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\xfssxATqsaVLDEsD
[2012.05.15 16:21:17 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.15 11:51:44 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2012.05.14 13:49:49 | 000,513,024 | ---- | M] (Simon Tatham) -- C:\Users\Barbara\Desktop\kitty.exe
[2012.05.11 07:01:29 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.11 07:01:29 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.09 16:05:18 | 000,001,310 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.05.04 19:45:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.04 19:45:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.04 09:38:17 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.03 11:48:03 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2012.05.03 11:48:03 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\WinImage.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.31 20:01:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 10:23:59 | 000,001,843 | ---- | C] () -- C:\Users\Barbara\Desktop\ShadowExplorer.lnk
[2012.05.21 17:50:52 | 000,035,282 | ---- | C] () -- C:\Users\Barbara\Desktop\22923_0.jpg
[2012.05.21 15:25:29 | 000,001,491 | ---- | C] () -- C:\user.js
[2012.05.21 13:37:37 | 000,002,150 | -H-- | C] () -- C:\Users\Barbara\Documents\Default.rdp
[2012.05.15 11:51:44 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2012.05.04 19:45:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.04 19:45:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.05.04 09:38:17 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.03 11:48:03 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2012.05.03 11:48:03 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\WinImage.lnk
[2012.04.19 22:39:01 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2012.02.20 20:58:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.06 12:48:32 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.02 13:29:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.02.02 13:25:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.08.31 20:46:18 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.08.31 20:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.08.31 20:14:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.08.31 20:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.04.15 04:59:56 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.04.15 04:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.04.15 04:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.04.15 04:22:32 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.17 09:51:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

< End of report >

Log Extras:

Code:

ATTFilter

OTL Extras logfile created on: 01.06.2012 09:15:12 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Barbara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 38,13% Memory free
6,33 Gb Paging File | 4,17 Gb Available in Paging File | 65,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 51,69 Gb Free Space | 43,39% Space Free | Partition Type: NTFS
 
Computer Name: MC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA90E7-8ED3-4846-90AA-6E0DAC16B9D6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{05A5AA82-ED21-4AB8-97F1-DBFBEFCB7CF2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0BE982F8-FB88-4EB5-AB07-25F6C9515911}" = rport=137 | protocol=17 | dir=out | app=system | 
"{10F8E82F-2307-490B-8C9D-1095888DBCD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2363C0A4-C903-4E60-BAEF-FA25451AD8C4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{296811DC-1BC9-4A52-9540-C30532811B21}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2EA6D097-51BF-4869-A3FC-6639F1F5572F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44C5D6AD-206C-4932-A774-C0570A0C38A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{461F5ADC-15CD-444F-B3C2-6B5784D21B67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4ACBC05D-AE2B-4A59-A0EE-D0240E3A4BBC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{51EEC2F9-90A4-4C75-A77B-E79D5EEECBE8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6AC7EC2B-C0EF-4781-ADC9-29B7FB84DE16}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6CD86D24-21DE-4F61-A97F-7131D9189F40}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7A74C94D-58E5-480D-9028-58E9E43065F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D22AE42-90C4-4FE1-8866-E9FF5A85DD2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83831AA6-0F51-413F-9626-74E9241C80DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8D0A8A8C-84C3-492F-B226-C94D92E07D02}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{91C9D5AE-BF99-4453-825E-D14EDF9AB8D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A3950146-3FD9-4208-8DCD-B31430CA6ADC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3253A57-103F-46EA-91AE-DCF156377F61}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9C67CB3-6099-45A0-90E4-041DD6196D12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAA0100C-73F0-43FB-86C9-56FC890D5B19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC6D6AB8-6E29-4DC8-83E9-7B14ECA8F7F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C786E4E1-5D2D-459D-A1E8-F0814CCB9D89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB8B3453-493B-4453-9C94-21D7D7FCFF0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CEBE1739-CA9B-4D55-A219-26977AB9A90A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D1B6715E-E380-4DDB-B8F0-13BD76C704FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E301BE66-8B56-4620-AEFB-8933F6D0071F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FAE9AF41-932E-45F8-AE1E-DEDE7AA80950}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FE9498F5-92CF-49A0-9281-1457A7505EA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5662F2-F769-4628-90FA-961AED573D45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0ED3F0CD-AB92-4DA2-A8B3-FE006A16E045}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{291F6A0A-3573-4260-9EF6-8DD1BFFC5796}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2D756DF1-98D0-4FDB-A8AB-FF7E9C5F00D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3750A2EB-E3CF-48D9-9FD2-190ABDE94F76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3E0F8567-3FFA-4F46-B314-3BC73E837C24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{410674B6-C2FB-496F-9B3A-1FB850B89B29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5190FFB0-7928-49AB-A351-D2389AA189C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60557F6C-3177-4938-8AB8-DB56E20E51C4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{627BBE1C-5A37-4AD2-B58B-4E4C394A96BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62CE39CB-F422-435F-8085-EAF8CC914C3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{66A035C8-7BA6-4255-8B47-CA26AF412D47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66FC774B-AD14-4420-B599-A17CDF4B644B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B6FF510-6334-4F0A-9164-D75EF4B42587}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{87E8DAF5-3E59-49E1-A29E-4FB8DA9F31F9}" = protocol=6 | dir=out | app=system | 
"{8A59A940-E01C-4F7E-9E89-23D2CB11B3D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C1BAA6E-CDBF-4B7B-A7F4-288526BB67D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{91979E1B-B652-4510-B177-2BB803D66176}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{9D7FF332-06F1-4EB0-8D94-CF8907F3FDFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7CBCD18-015B-4035-A99E-6B2D5E0C1707}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A8D7F748-BAF3-4447-A078-F7218D1C739D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{A8F94E06-3237-417F-9302-F096493D0E42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBC8AE5B-981E-411B-AB3D-80547D46EE6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C2471189-BDD7-4B77-8CD1-F60DB477E6B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D655F820-391C-4CBD-BDFE-EB5426FC6A40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E46AA1FC-B3EE-430B-AAFD-AB24FC679594}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E4B3A5BA-C75E-4625-AF16-8E167A88A551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E855ECB0-4429-4781-BC39-0054E7DE34D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E94C9FC6-A1EE-4284-A1F5-7F5B93BD0E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E977BC95-4D7B-4C84-828B-CD4431F3F8A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{3493E23D-D16F-4A16-8E01-6CB34CE4235F}C:\program files\counterpath\bria 3\bria3.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\bria 3\bria3.exe | 
"TCP Query User{F99FD28A-3F26-4BBD-BEC2-64BAB62F7F79}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{2EA30DDC-9D72-499E-A51F-6FD827D6D127}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{797F800A-37C5-45AC-9A04-BC1FEE59A9FA}C:\program files\counterpath\bria 3\bria3.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\bria 3\bria3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E863C38-CDA7-4575-859D-7D24AB608FCE}" = Bria 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{602276BD-9BC8-47E3-B07D-A2B2CF7FB2BD}" = Advanced IP Scanner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEADE01-81BF-4861-8682-D877DB656E3B}" = julitec
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}" = Intel(R) PROSet/Wireless WiFi-Software
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Minianwendung "Desktoplinks" für Windows Small Business Server 2008
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC5572BB-EE3B-477A-96C2-D401F5AFC492}" = Sierra Wireless AirCard Watcher
"1Password_is1" = 1Password 1.0.9.294
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DYMO Label v.8" = DYMO Label v.8
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RealVNC_is1" = VNC Free Edition 4.1.3
"ShadowExplorer_is1" = ShadowExplorer 0.8
"SWIQMIDrvInstaller" = Sierra Wireless QMI Driver Package
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"WinImage" = WinImage
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

CCleaner:

Code:

ATTFilter

1Password 1.0.9.294	AgileBits	02.05.2012	26,1MB	
7-Zip 9.20		12.02.2012		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	10.05.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	14.04.2012	121,2MB	10.1.3
Advanced IP Scanner	Famatech	22.02.2012	17,6MB	2.1.200
Apple Application Support	Apple Inc.	03.05.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	03.05.2012	24,4MB	5.1.1.4
Apple Software Update	Apple Inc.	09.02.2012	2,38MB	2.1.3.127
AuthenTec Fingerprint Software	AuthenTec, Inc.	01.02.2012	11,0MB	9.0.8.35
Bonjour	Apple Inc.	09.02.2012	0,98MB	3.0.0.10
Bria 3	CounterPath Corporation	17.04.2012	70,8MB	33.6.5843
CCleaner	Piriform	22.05.2012		3.19
DYMO Label v.8	Sanford, L.P.	14.05.2012		8.3.0.1242
ESET Online Scanner v3		30.05.2012		
Intel(R) Management Engine Components	Intel Corporation	01.02.2011		7.0.0.1144
Intel(R) Network Connections Drivers	Intel	01.02.2012	0,89MB	16.3
Intel(R) Processor Graphics	Intel Corporation	02.02.2012		8.15.10.2372
Intel(R) PROSet/Wireless WiFi-Software	Intel Corporation	01.02.2012	114,8MB	14.01.0000
Intel(R) Rapid Storage Technology	Intel Corporation	02.02.2012		10.1.5.1001
iTunes	Apple Inc.	03.05.2012	157,4MB	10.6.1.7
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	30.05.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	01.02.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	01.02.2012	2,94MB	4.0.30319
Microsoft Office Professional Plus 2010	Microsoft Corporation	01.02.2012		14.0.6029.1000
Microsoft Security Essentials	Microsoft Corporation	30.04.2012		4.0.1526.0
Microsoft Silverlight	Microsoft Corporation	10.05.2012	60,4MB	4.1.10329.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	10.02.2012	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	06.02.2012	0,57MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.02.2012	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	17.04.2012	9,90MB	10.0.30319
Microsoft Visual J# 2.0 Redistributable Package - SE	Microsoft Corporation	06.02.2012		
Minianwendung "Desktoplinks" für Windows Small Business Server 2008	Microsoft Corporation	05.02.2012	0,43MB	6.0.5601.6
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.02.2012	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	10.02.2012	1,33MB	4.20.9876.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	01.02.2012		6.0.1.6263
Realtek PCIE Card Reader	Realtek Semiconductor Corp.	01.02.2012		6.1.7601.81
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	01.02.2012	0,95MB	2.0.32.0
ShadowExplorer 0.8	ShadowExplorer.com	21.05.2012		0.8.430.0
Sierra Wireless AirCard Watcher	Sierra Wireless Inc.	01.02.2012	17,6MB	6.0.3191.6601
Sierra Wireless QMI Driver Package	Sierra Wireless Inc.	01.02.2012		1.0.0.9
Synaptics Pointing Device Driver	Synaptics Incorporated	01.02.2012		14.0.16.0
TeamViewer 7	TeamViewer	11.04.2012		7.0.12979
USB/DVD-Downloadtool für Windows 7	Microsoft Corporation	26.04.2012	2,96MB	1.0.30
Visual Studio Tools for the Office system 3.0 Runtime	Microsoft Corporation	14.05.2012		
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU	Microsoft Corporation	14.05.2012		
VMware vSphere Client 5.0	VMware, Inc.	06.02.2012	462MB	5.0.0.16964
VNC Free Edition 4.1.3	RealVNC Ltd.	11.04.2012		4.1.3
Windows Small Business Server 2008 ClientAgent	Microsoft Corporation	05.02.2012	67,00KB	6.0.5601.6
WinImage		02.05.2012

Ich hoffe, das hilft Dir weiter...

kira · 01.06.2012, 23:00

Systemreinigung und Prüfung:

1.
es handelt sich hier um durch Erpresser-Trojaner verschlüsselte Objekte?:

Zitat:

C:\Users\Barbara\Documents\XXeyfpftTDUegdr
C:\Users\Barbara\AppData\Roaming\xfssxATqsaVLDEsD

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109986&babsrc=SP_ss&mntrId=cce9492b000000000000a088b4ded825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\Shell\AutoRun\command - "" = F:\Enterprise_Launcher.exe
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

:Files
C:\Users\Barbara\AppData\Roaming\Babylon
C:\Users\Barbara\AppData\Local\Babylon
C:\ProgramData\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Engel81 · 02.06.2012, 07:23

Guten Morgen,

zu 1. Ja, das sind noch verschlüsselte Dateien davon
zu 2. Hab ich nicht
zu OTL-Fix. Bitte sehr:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869e64c7-5b89-11e1-b1b9-00a0c6000000}\ not found.
File move failed. F:\Enterprise_Launcher.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
========== FILES ==========
C:\Users\Barbara\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Barbara\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Barbara\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Barbara\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Barbara\Desktop\cmd.bat deleted successfully.
C:\Users\Barbara\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Barbara
->Temp folder emptied: 778876300 bytes
->Temporary Internet Files folder emptied: 262009128 bytes
->Flash cache emptied: 1528 bytes
 
User: blunkenheimer
->Temp folder emptied: 91673752 bytes
->Temporary Internet Files folder emptied: 341358492 bytes
->Flash cache emptied: 4607 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61342561 bytes
RecycleBin emptied: 7830852940 bytes
 
Total Files Cleaned = 8.932,00 mb
 
 
OTL by OldTimer - Version 3.2.45.0 log created on 06022012_081446

Files\Folders moved on Reboot...
File move failed. F:\Enterprise_Launcher.exe scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2608.log moved successfully.

Registry entries deleted on Reboot...

zu 3. Danke für die Links
zu 4. Erledigt
zu 5. Bitte sehr:

Code:

ATTFilter

Memory items scanned      : 765
Memory threats detected   : 0
Registry items scanned    : 34154
Registry threats detected : 0
File items scanned        : 76152
File threats detected     : 278

Adware.Tracking Cookie
	C:\USERS\BARBARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G716XP2D.txt [ Cookie:barbara@doubleclick.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZH5M0KV7.txt [ Cookie:blunkenheimer@www.xxxlmoebelhaeuser.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\E7TFYXQZ.txt [ Cookie:blunkenheimer@interclick.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EG8VYINX.txt [ Cookie:blunkenheimer@eyewonder.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WD5MTP9Q.txt [ Cookie:blunkenheimer@tracking.mobile.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\IORL0R4R.txt [ Cookie:blunkenheimer@zanox.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQG9XBAD.txt [ Cookie:blunkenheimer@microsoftsto.112.2o7.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\L541OYZ8.txt [ Cookie:blunkenheimer@webmasterplan.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TC11JMRA.txt [ Cookie:blunkenheimer@bs.serving-sys.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\IRB5FUN2.txt [ Cookie:blunkenheimer@questionmarket.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSGV2FTH.txt [ Cookie:blunkenheimer@ad2.adfarm1.adition.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\F2QGA87F.txt [ Cookie:blunkenheimer@ru4.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\887V6V2D.txt [ Cookie:blunkenheimer@fastclick.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6VJG156.txt [ Cookie:blunkenheimer@conrad.122.2o7.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\W2TL5AI0.txt [ Cookie:blunkenheimer@tradedoubler.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XSXX052H.txt [ Cookie:blunkenheimer@statse.webtrendslive.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHAJ6HYM.txt [ Cookie:blunkenheimer@unitymedia.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WNWVBF50.txt [ Cookie:blunkenheimer@ad.yieldmanager.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWIH5RFB.txt [ Cookie:blunkenheimer@lucidmedia.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\OCIARBY2.txt [ Cookie:blunkenheimer@adviva.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4D4TV63I.txt [ Cookie:blunkenheimer@adform.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\DULHBH0P.txt [ Cookie:blunkenheimer@traffictrack.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBZZ9EF5.txt [ Cookie:blunkenheimer@ad1.adfarm1.adition.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBDKNPPH.txt [ Cookie:blunkenheimer@collective-media.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZWCA3ZB5.txt [ Cookie:blunkenheimer@invitemedia.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\IIR99Z24.txt [ Cookie:blunkenheimer@clickandbuy.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KDQJ0Q1K.txt [ Cookie:blunkenheimer@ad.zanox.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\RPC3HIW4.txt [ Cookie:blunkenheimer@deutschepostag.112.2o7.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7Z6M6E1.txt [ Cookie:blunkenheimer@www.etracker.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\XHZ1ICK3.txt [ Cookie:blunkenheimer@tribalfusion.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\3G54AYJF.txt [ Cookie:blunkenheimer@im.banner.t-online.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\97BUDKAL.txt [ Cookie:blunkenheimer@stat.aldi.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\LW140NWN.txt [ Cookie:blunkenheimer@media.antenne-bayern.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\VBQ7JC30.txt [ Cookie:blunkenheimer@ad.dyntracker.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTT7WVHP.txt [ Cookie:blunkenheimer@ad.adnet.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QBSF9IYX.txt [ Cookie:blunkenheimer@track.adform.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\RX8UHI4P.txt [ Cookie:blunkenheimer@partners.webmasterplan.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\9R79A4N6.txt [ Cookie:blunkenheimer@c1.atdmt.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\DLN9T3MH.txt [ Cookie:blunkenheimer@ad4.adfarm1.adition.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\M8PKAP7B.txt [ Cookie:blunkenheimer@swsoft.122.2o7.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\2AOUZWJM.txt [ Cookie:blunkenheimer@serving-sys.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\HZ795Q46.txt [ Cookie:blunkenheimer@de.sitestat.com/is24/is24/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWXK8WYY.txt [ Cookie:blunkenheimer@smartadserver.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\blunkenheimer@imrworldwide[2].txt [ Cookie:blunkenheimer@imrworldwide.com/cgi-bin ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WV1AHV2I.txt [ Cookie:blunkenheimer@zanox-affiliate.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\5WMU7RXC.txt [ Cookie:blunkenheimer@adx.chip.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MFUTXUD.txt [ Cookie:blunkenheimer@mediaplex.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I6MIU3YT.txt [ Cookie:blunkenheimer@www.zanox-affiliate.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROVT3BFY.txt [ Cookie:blunkenheimer@www.googleadservices.com/pagead/conversion/1046790072/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1CWE936.txt [ Cookie:blunkenheimer@ad.dyntracker.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLRWYY5Z.txt [ Cookie:blunkenheimer@eas.apm.emediate.eu/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KS6R8K0R.txt [ Cookie:blunkenheimer@c.atdmt.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EJ64TCX1.txt [ Cookie:blunkenheimer@hightraffic.hugoboss.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\0OAVSZWU.txt [ Cookie:blunkenheimer@banners.spiceworks.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\GF90OJ1Z.txt [ Cookie:blunkenheimer@specificclick.net/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCQQCQ84.txt [ Cookie:blunkenheimer@banner.testberichte.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BKDX95A.txt [ Cookie:blunkenheimer@stat.onestat.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\V8JKBS50.txt [ Cookie:blunkenheimer@lfstmedia.com/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q5PLMADH.txt [ Cookie:blunkenheimer@www.active-tracking.de/ ]
	C:\USERS\BLUNKENHEIMER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TK533PZZ.txt [ Cookie:blunkenheimer@a.revenuemax.de/ ]

Bei 5. bittte nicht irritiert sein, ich musste ein Teil des Logs einfach rausschneiden (Firmeninterne Zip-Datei -> zu viele Daten, die nicht raus sollen) Solltest Du das aber benötigen, mache ich mir die Arbeit und mache jeden Namen unkenntlich...

6. erledigt

kira · 02.06.2012, 08:49

zu Punkt 8. gibt es Protokoll auch? Eset etwas gefunden?

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Engel81 · 02.06.2012, 09:06

8. Erledigt. 1 File gefunden und gelöscht

Oh, sehe gerade, dass du das Protokoll wolltest... hab ich jetzt nicht explizit gespeichert. Legt er das automatisch irgendwo ab?

zu 7. (HEY, falsche Reihenfolge! Vorher war 8.

)
OTL:

Code:

ATTFilter

OTL logfile created on: 02.06.2012 10:05:29 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Barbara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 37,86% Memory free
6,33 Gb Paging File | 4,42 Gb Available in Paging File | 69,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 60,50 Gb Free Space | 50,78% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,47 Gb Free Space | 78,84% Space Free | Partition Type: FAT
Drive F: | 9,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 297,44 Gb Total Space | 275,85 Gb Free Space | 92,74% Space Free | Partition Type: NTFS
 
Computer Name: MC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.01 09:12:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
PRC - [2012.05.21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.05.11 07:01:29 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.01 11:24:34 | 002,205,448 | ---- | M] (AgileBits) -- C:\Programme\1Password\Agile1pAgent.exe
PRC - [2012.05.01 11:24:20 | 000,768,776 | ---- | M] (AgileBits) -- C:\Programme\1Password\Agile1pService.exe
PRC - [2012.05.01 11:24:08 | 001,066,248 | ---- | M] (AgileBits) -- C:\Programme\1Password\Agile1pBroker.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.24 11:25:44 | 003,819,520 | ---- | M] (CounterPath) -- C:\Programme\CounterPath\Bria 3\Bria3.exe
PRC - [2012.02.02 12:59:00 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.02 02:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.08.05 19:21:50 | 000,234,864 | ---- | M] (Sierra Wireless, Inc.) -- C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011.08.04 15:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe
PRC - [2011.08.04 13:41:44 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.01 14:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.03.30 08:37:02 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.03.30 08:26:38 | 001,210,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2011.03.30 08:21:42 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.03.07 09:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.16 23:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) -- C:\Programme\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
PRC - [2011.02.01 23:25:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:25:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.01 23:25:36 | 001,923,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2011.01.28 21:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) -- C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe
PRC - [2011.01.28 21:32:40 | 001,825,360 | ---- | M] (Sanford, L.P.) -- C:\Programme\DYMO\DYMO Label Software\DymoQuickPrint.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- C:\Programme\ShadowExplorer\sesvc.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.06.02 19:05:56 | 000,145,728 | ---- | M] (AuthenTec, Inc.) -- C:\Programme\Fingerprint Sensor\ATSwpNav.exe
PRC - [2010.06.02 19:05:54 | 002,042,688 | ---- | M] (AuthenTec, Inc.) -- C:\Programme\Fingerprint Sensor\AtService.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Programme\RealVNC\VNC4\winvnc4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.02 08:30:38 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.02 08:30:37 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.06.02 08:30:37 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.02 08:30:37 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.05.11 12:01:10 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ede3b9144bc31da0eaaf86c7b6a9eaaa\WindowsFormsIntegration.ni.dll
MOD - [2012.05.11 11:59:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012.05.11 11:57:25 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 11:56:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 11:20:28 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012.05.11 11:20:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.11 11:20:11 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.11 11:20:10 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012.05.11 11:20:00 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 11:19:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 11:19:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 11:19:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 11:19:43 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.11 11:16:24 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
MOD - [2012.05.11 11:16:13 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
MOD - [2012.05.11 11:16:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
MOD - [2012.05.11 11:16:04 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 11:14:43 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012.05.11 11:14:37 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012.05.11 11:14:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012.05.11 11:14:31 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012.05.11 11:14:29 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012.05.11 11:14:28 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012.05.11 11:14:23 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.02.24 11:31:16 | 044,223,488 | ---- | M] () -- C:\Programme\CounterPath\Bria 3\CPCLR.dll
MOD - [2012.02.24 11:11:02 | 000,042,496 | ---- | M] () -- C:\Programme\CounterPath\Bria 3\boost_thread-vc100-mt-1_42.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.31 20:13:52 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.08.04 13:37:18 | 000,251,248 | ---- | M] () -- C:\Programme\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011.03.14 08:01:26 | 000,076,800 | ---- | M] () -- C:\Programme\CounterPath\Bria 3\portaudio_x86.dll
MOD - [2011.01.28 21:14:54 | 000,094,208 | ---- | M] () -- C:\Programme\DYMO\DYMO Label Software\DYMO.Common.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.29 14:00:44 | 001,992,192 | ---- | M] () -- C:\Programme\CounterPath\Bria 3\YLUSBTEL.dll
MOD - [2010.05.07 16:34:18 | 000,065,536 | ---- | M] () -- C:\Programme\CounterPath\Bria 3\AEC_PC_DLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.01 11:24:20 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- C:\Programme\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.08.05 19:21:50 | 000,234,864 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Programme\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.01 14:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.03.30 08:37:02 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011.03.30 08:24:30 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.03.30 08:21:42 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011.03.07 09:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Programme\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.02.16 23:26:16 | 000,308,592 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Programme\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (Sierra Wireless QDL Service)
SRV - [2011.02.01 23:25:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 23:25:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.28 21:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 03:52:39 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.06.02 19:05:54 | 002,042,688 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Programme\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.01 14:08:56 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2011.05.04 11:15:54 | 000,266,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R)
DRV - [2011.04.08 05:25:18 | 000,253,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2011.03.16 17:14:44 | 007,510,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011.02.04 01:55:32 | 000,354,816 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swg3kmbb00.sys -- (swg3kmbb00)
DRV - [2011.02.04 01:54:56 | 000,059,904 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swibusflt00.sys -- (swibusflt00)
DRV - [2011.02.04 01:54:56 | 000,059,904 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swibus00.sys -- (swibus00)
DRV - [2011.02.04 01:54:42 | 000,027,264 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swg3kflt00.sys -- (swg3kflt00)
DRV - [2011.02.04 01:54:32 | 000,213,504 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2011.02.04 01:54:32 | 000,213,504 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swg3knmea00.sys -- (swg3knmea00)
DRV - [2010.12.10 06:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.12.10 06:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.20 00:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.10.14 19:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010.06.02 19:27:04 | 000,677,960 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.24 08:33:18 | 000,017,008 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV - [2006.11.01 12:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2004.01.18 05:15:00 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 D4 D5 77 53 2F CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2012.05.30 15:03:13 | 000,000,861 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O4 - HKLM..\Run: [Agile1pAgent] C:\Programme\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKCU..\Run: [Bria 3] C:\Program Files\CounterPath\Bria 3\Bria3.exe (CounterPath)
O4 - HKCU..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: lordsandknights.com ([]http in Vertrauenswürdige Sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58450991-C868-41BB-8DBF-6AA3B1160C4D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.02.03 18:18:07 | 000,000,130 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ab97be-8dd0-11e1-b165-00a0c6000000}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- [2009.11.13 21:25:22 | 003,280,672 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.02 08:30:32 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.02 08:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.02 08:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.02 08:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.02 08:14:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.01 09:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.01 09:16:33 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Logs
[2012.06.01 09:12:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2012.05.31 20:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.31 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.31 20:01:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.31 20:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 15:02:56 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Abrechnung
[2012.05.22 10:31:55 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Crash
[2012.05.22 10:29:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Recovery
[2012.05.22 10:24:02 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\www.shadowexplorer.com
[2012.05.22 10:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.05.22 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.05.21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\Avira-RansomFileUnlocker-1.0.1
[2012.05.21 14:48:35 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
[2012.05.21 14:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 12:10:42 | 000,000,000 | ---D | C] -- C:\MSK-TEMP
[2012.05.16 11:16:00 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\ElevatedDiagnostics
[2012.05.15 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\Sanford,_L.P
[2012.05.15 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Documents\DYMO Label
[2012.05.15 11:59:57 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DYMO
[2012.05.15 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2012.05.15 11:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2012.05.15 11:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2012.05.14 13:50:07 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\KiTTY
[2012.05.14 13:49:49 | 000,513,024 | ---- | C] (Simon Tatham) -- C:\Users\Barbara\Desktop\kitty.exe
[2012.05.11 06:25:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.11 06:25:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.11 06:25:27 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.11 06:25:21 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.10 11:37:18 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\Hardware
[2012.05.04 09:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.04 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.04 09:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.03 11:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
[2012.05.03 11:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinImage
[2012.05.03 10:57:25 | 000,000,000 | ---D | C] -- C:\Users\Barbara\Desktop\USBStick
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 08:56:59 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.02 08:56:59 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.02 08:56:59 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.02 08:56:59 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.02 08:33:13 | 000,015,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 08:33:13 | 000,015,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 08:29:33 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.02 08:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 08:25:55 | 2548,961,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.01 17:46:56 | 000,002,150 | -H-- | M] () -- C:\Users\Barbara\Documents\Default.rdp
[2012.06.01 09:22:11 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.01 09:12:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2012.05.31 20:01:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 15:37:03 | 000,001,951 | ---- | M] () -- C:\Users\Barbara\Desktop\CRM.lnk
[2012.05.22 10:23:59 | 000,001,843 | ---- | M] () -- C:\Users\Barbara\Desktop\ShadowExplorer.lnk
[2012.05.21 17:45:01 | 000,035,282 | ---- | M] () -- C:\Users\Barbara\Desktop\22923_0.jpg
[2012.05.21 15:25:30 | 000,001,491 | ---- | M] () -- C:\user.js
[2012.05.21 11:25:01 | 000,002,108 | ---- | M] () -- C:\Users\Barbara\Documents\XXeyfpftTDUegdr
[2012.05.17 06:51:58 | 000,000,600 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\xfssxATqsaVLDEsD
[2012.05.15 16:21:17 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.15 11:51:44 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2012.05.14 13:49:49 | 000,513,024 | ---- | M] (Simon Tatham) -- C:\Users\Barbara\Desktop\kitty.exe
[2012.05.11 07:01:29 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.11 07:01:29 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.09 16:05:18 | 000,001,310 | ---- | M] () -- C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.05.04 19:45:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.05.04 19:45:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.05.04 09:38:17 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.03 11:48:03 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2012.05.03 11:48:03 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\WinImage.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.02 08:29:33 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.01 09:22:11 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.31 20:01:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 10:23:59 | 000,001,843 | ---- | C] () -- C:\Users\Barbara\Desktop\ShadowExplorer.lnk
[2012.05.21 17:50:52 | 000,035,282 | ---- | C] () -- C:\Users\Barbara\Desktop\22923_0.jpg
[2012.05.21 15:25:29 | 000,001,491 | ---- | C] () -- C:\user.js
[2012.05.21 13:37:37 | 000,002,150 | -H-- | C] () -- C:\Users\Barbara\Documents\Default.rdp
[2012.05.15 11:51:44 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\DYMO Label v.8.lnk
[2012.05.04 19:45:51 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.05.04 19:45:51 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.05.04 09:38:17 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.03 11:48:03 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\WinImage (administrator).lnk
[2012.05.03 11:48:03 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\WinImage.lnk
[2012.04.19 22:39:01 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2012.02.20 20:58:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.06 12:48:32 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.02 13:29:32 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.02.02 13:25:51 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011.08.31 20:46:18 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.08.31 20:46:10 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.08.31 20:14:12 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.08.31 20:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.04.15 04:59:56 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.04.15 04:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2011.04.15 04:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011.04.15 04:22:32 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.17 09:51:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
 
========== LOP Check ==========
 
[2012.04.25 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Agile Web Solutions
[2012.04.18 15:21:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\CounterPath Corporation
[2012.05.21 14:30:48 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\julitec
[2012.05.14 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\KiTTY
[2012.02.02 13:44:37 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sierra Wireless
[2012.05.22 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\TeamViewer
[2012.05.22 10:24:02 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\www.shadowexplorer.com
[2009.07.14 06:53:46 | 000,026,332 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 02.06.2012 10:05:29 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Barbara\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,17 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 37,86% Memory free
6,33 Gb Paging File | 4,42 Gb Available in Paging File | 69,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 60,50 Gb Free Space | 50,78% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 1,47 Gb Free Space | 78,84% Space Free | Partition Type: FAT
Drive F: | 9,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 297,44 Gb Total Space | 275,85 Gb Free Space | 92,74% Space Free | Partition Type: NTFS
 
Computer Name: MC | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DA90E7-8ED3-4846-90AA-6E0DAC16B9D6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{05A5AA82-ED21-4AB8-97F1-DBFBEFCB7CF2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0BE982F8-FB88-4EB5-AB07-25F6C9515911}" = rport=137 | protocol=17 | dir=out | app=system | 
"{10F8E82F-2307-490B-8C9D-1095888DBCD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2363C0A4-C903-4E60-BAEF-FA25451AD8C4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{296811DC-1BC9-4A52-9540-C30532811B21}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2EA6D097-51BF-4869-A3FC-6639F1F5572F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44C5D6AD-206C-4932-A774-C0570A0C38A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{461F5ADC-15CD-444F-B3C2-6B5784D21B67}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4ACBC05D-AE2B-4A59-A0EE-D0240E3A4BBC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{51EEC2F9-90A4-4C75-A77B-E79D5EEECBE8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6AC7EC2B-C0EF-4781-ADC9-29B7FB84DE16}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6CD86D24-21DE-4F61-A97F-7131D9189F40}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7A74C94D-58E5-480D-9028-58E9E43065F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D22AE42-90C4-4FE1-8866-E9FF5A85DD2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{83831AA6-0F51-413F-9626-74E9241C80DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8D0A8A8C-84C3-492F-B226-C94D92E07D02}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{91C9D5AE-BF99-4453-825E-D14EDF9AB8D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A3950146-3FD9-4208-8DCD-B31430CA6ADC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B3253A57-103F-46EA-91AE-DCF156377F61}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9C67CB3-6099-45A0-90E4-041DD6196D12}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAA0100C-73F0-43FB-86C9-56FC890D5B19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC6D6AB8-6E29-4DC8-83E9-7B14ECA8F7F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C786E4E1-5D2D-459D-A1E8-F0814CCB9D89}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB8B3453-493B-4453-9C94-21D7D7FCFF0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CEBE1739-CA9B-4D55-A219-26977AB9A90A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D1B6715E-E380-4DDB-B8F0-13BD76C704FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E301BE66-8B56-4620-AEFB-8933F6D0071F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FAE9AF41-932E-45F8-AE1E-DEDE7AA80950}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FE9498F5-92CF-49A0-9281-1457A7505EA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5662F2-F769-4628-90FA-961AED573D45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0ED3F0CD-AB92-4DA2-A8B3-FE006A16E045}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{291F6A0A-3573-4260-9EF6-8DD1BFFC5796}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2D756DF1-98D0-4FDB-A8AB-FF7E9C5F00D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3750A2EB-E3CF-48D9-9FD2-190ABDE94F76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3E0F8567-3FFA-4F46-B314-3BC73E837C24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{410674B6-C2FB-496F-9B3A-1FB850B89B29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5190FFB0-7928-49AB-A351-D2389AA189C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{60557F6C-3177-4938-8AB8-DB56E20E51C4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{627BBE1C-5A37-4AD2-B58B-4E4C394A96BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62CE39CB-F422-435F-8085-EAF8CC914C3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{66A035C8-7BA6-4255-8B47-CA26AF412D47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66FC774B-AD14-4420-B599-A17CDF4B644B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B6FF510-6334-4F0A-9164-D75EF4B42587}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{87E8DAF5-3E59-49E1-A29E-4FB8DA9F31F9}" = protocol=6 | dir=out | app=system | 
"{8A59A940-E01C-4F7E-9E89-23D2CB11B3D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C1BAA6E-CDBF-4B7B-A7F4-288526BB67D5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{91979E1B-B652-4510-B177-2BB803D66176}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{9D7FF332-06F1-4EB0-8D94-CF8907F3FDFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7CBCD18-015B-4035-A99E-6B2D5E0C1707}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A8D7F748-BAF3-4447-A078-F7218D1C739D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{A8F94E06-3237-417F-9302-F096493D0E42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBC8AE5B-981E-411B-AB3D-80547D46EE6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C2471189-BDD7-4B77-8CD1-F60DB477E6B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{D655F820-391C-4CBD-BDFE-EB5426FC6A40}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E46AA1FC-B3EE-430B-AAFD-AB24FC679594}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E4B3A5BA-C75E-4625-AF16-8E167A88A551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E855ECB0-4429-4781-BC39-0054E7DE34D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E94C9FC6-A1EE-4284-A1F5-7F5B93BD0E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E977BC95-4D7B-4C84-828B-CD4431F3F8A8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"TCP Query User{3493E23D-D16F-4A16-8E01-6CB34CE4235F}C:\program files\counterpath\bria 3\bria3.exe" = protocol=6 | dir=in | app=c:\program files\counterpath\bria 3\bria3.exe | 
"UDP Query User{797F800A-37C5-45AC-9A04-BC1FEE59A9FA}C:\program files\counterpath\bria 3\bria3.exe" = protocol=17 | dir=in | app=c:\program files\counterpath\bria 3\bria3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1E863C38-CDA7-4575-859D-7D24AB608FCE}" = Bria 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
"{602276BD-9BC8-47E3-B07D-A2B2CF7FB2BD}" = Advanced IP Scanner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEADE01-81BF-4861-8682-D877DB656E3B}" = julitec
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}" = Intel(R) PROSet/Wireless WiFi-Software
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Minianwendung "Desktoplinks" für Windows Small Business Server 2008
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC5572BB-EE3B-477A-96C2-D401F5AFC492}" = Sierra Wireless AirCard Watcher
"1Password_is1" = 1Password 1.0.9.294
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"DYMO Label v.8" = DYMO Label v.8
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RealVNC_is1" = VNC Free Edition 4.1.3
"ShadowExplorer_is1" = ShadowExplorer 0.8
"SWIQMIDrvInstaller" = Sierra Wireless QMI Driver Package
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"WinImage" = WinImage
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

So, jetzt habe ich den PC einmal durchgestartet. Ja, es gibt noch ein Problem: Microsoft Security Essentials kann die Virendefinitionen immer noch nicht updaten. Letzte Definition vom 19.05. Fehlermeldung: Problem mit der Internet- oder Netzwerkverbindung (besteht beides einwandfrei...)

kira · 02.06.2012, 18:28

lade Dir HijackThis 2.0.4 von *von hier* herunter
Vista und Win7-> Rechtsklick drauf-> "Als Administrator ausführen" wählen
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

Zitat:

Zitat von Engel81

8. Erledigt. 1 File gefunden und gelöscht

Oh, sehe gerade, dass du das Protokoll wolltest... hab ich jetzt nicht explizit gespeichert. Legt er das automatisch irgendwo ab?

-> C:\Programme\Eset\EsetOnlineScanner\log.txt mit Deinem Editor öffnen.
wenn nicht, dann hast Du es nicht gespeichert...

Engel81 · 04.06.2012, 08:02

Hallo Kira,

anbei das ESET-Log:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6060b1fe53f5f0469f312ff3ef4bd71e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 07:35:05
# local_time=2012-05-31 09:35:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 7992188 90121923 0 0
# compatibility_mode=8192 67108863 100 0 89 89 0 0
# scanned=227471
# found=2
# cleaned=2
# scan_time=2173
C:\Users\Barbara\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Barbara\AppData\Local\Temp\is1293846689\MyBabylonTB.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6060b1fe53f5f0469f312ff3ef4bd71e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 07:57:00
# local_time=2012-06-02 09:57:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 8121832 90251567 0 0
# compatibility_mode=8192 67108863 100 0 129733 129733 0 0
# scanned=300573
# found=1
# cleaned=1
# scan_time=3444
I:\geschäftliches auf xxx (V)\USB_Stick xxx_Container\Hirens.BootCD.9.0.rar	probably a variant of Win32/TrojanDownloader.Agent.IPMCVMF trojan (deleted - quarantined)	00000000000000000000000000000000	C

hijackthis Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:59, on 04.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\1Password\Agile1pAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CounterPath\Bria 3\Bria3.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\1PASSW~1\Agile1pBroker.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Bria 3] "C:\Program Files\CounterPath\Bria 3\Bria3.exe"
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra 'Tools' menuitem: 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: hxxp://*.lordsandknights.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: 1Password (Agile1Password) - AgileBits - C:\Program Files\1Password\Agile1pService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: Sierra Wireless QDL Service - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9753 bytes

kira · 05.06.2012, 06:50

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

geht es jetzt?

Engel81 · 05.06.2012, 08:20

1. erledigt
2. Log-File:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:17:08, on 05.06.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\1Password\Agile1pAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CounterPath\Bria 3\Bria3.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Bria 3] "C:\Program Files\CounterPath\Bria 3\Bria3.exe"
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra 'Tools' menuitem: 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\PROGRA~1\1PASSW~1\AGILE1~1.DLL
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: hxxp://*.lordsandknights.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: 1Password (Agile1Password) - AgileBits - C:\Program Files\1Password\Agile1pService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe
O23 - Service: Sierra Wireless QDL Service - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9364 bytes

Update Microsoft Security Essentials: nein geht nicht

kira · 06.06.2012, 12:48

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

Engel81 · 06.06.2012, 13:21

1. Log Gmer

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-06 14:19:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.CJFA
Running: lxc7pysf.exe; Driver: C:\Users\Barbara\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E843C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EBDD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-0          hcmon.sys
Device          \Driver\usbehci \Device\USBPDO-1          hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-2           hcmon.sys
Device          \Driver\ACPI_HAL \Device\00000053         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbhub \Device\USBPDO-3           hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-5           hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-6           hcmon.sys

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\nusb3xhc \Device\00000071         hcmon.sys

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\usbhub \Device\USBPDO-8           hcmon.sys
Device          \Driver\usbhub \Device\00000073           hcmon.sys
Device          \Driver\usbhub \Device\USBPDO-9           hcmon.sys
Device          \Driver\nusb3xhc \Device\00000074         hcmon.sys
Device          \Driver\nusb3hub \Device\00000075         hcmon.sys
Device          \Driver\usbhub \Device\00000077           hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-0          hcmon.sys
Device          \Driver\usbehci \Device\USBFDO-1          hcmon.sys
Device          \Driver\usbhub \Device\0000007d           hcmon.sys
Device          \Driver\usbhub \Device\0000007e           hcmon.sys
Device          \Driver\usbhub \Device\0000007f           hcmon.sys

---- EOF - GMER 1.0.15 ----

2. MBR-Log

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.CJFA -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Rapid Storage Technology driver 
1 ntkrnlpa!IofCallDriver[0x82E7D55A] -> \Device\Harddisk0\DR0[0x8736A030]
3 CLASSPNP[0x8C1B659E] -> ntkrnlpa!IofCallDriver[0x82E7D55A] -> [0x85862F08]
5 ACPI[0x8BAA63D4] -> ntkrnlpa!IofCallDriver[0x82E7D55A] -> \Device\Ide\IAAStorageDevice-1[0x85835028]
kernel: MBR read successfully
user & kernel MBR OK

kira · 06.06.2012, 13:37

Zitat:

Zitat von Engel81

Update Microsoft Security Essentials: nein geht nicht

Fehlermeldung?

Engel81 · 06.06.2012, 13:46

Fehler beim Verbinden.
Das Update konnte nicht abgeschlossen werden, da ein Problem mit der Internet- oder Netzwerkverbindung vorliegt...

Kira, ich glaube das einfachste ist, ich setze den PC neu auf.... So kommen wir wohl nicht zu ner Lösung. Ich werde mich heute abend mal dran machen, da hab ich nämlich Zeit (hab ab morgen frei). Oder hast Du nach Durchsicht der o.g. Logs noch eine gute Idee?

02.06.2012, 08:49	#6
kira /// Helfer-Team	Verschlüsselungstrojaner - Probleme beim Entfernen zu Punkt 8. gibt es Protokoll auch? Eset etwas gefunden? ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche? __________________ --> Verschlüsselungstrojaner - Probleme beim Entfernen

Verschlüsselungstrojaner - Probleme beim Entfernen

Log-Analyse und Auswertung: Verschlüsselungstrojaner - Probleme beim Entfernen