Trojaner auf PC alle Daten weg?

Feghelm11 · 20.06.2012, 13:20

Ic habe heute mehrere Meldungen bekommen irgendetwas zu Aktualisieren (soweit ich es lesen konnte wahr auf Englisch). Die Meldungen wahren im Bildschirm rechts gingen sehr schnell auf und auch wieder zu, danach hat meine PC sich automatisch Heruntergefahren und wieder Hochgefahren.
Nachdem er wieder Hochgefahren ist wahren die Meldungen erneut da aber mein PC wahr komplett gelöscht ich komme lediglich über die Starttaste übers Expolrer.exe ins Netz. und bin somit hier.
Kann cih die Daten noch retten?
Kann ich alte Programme wieder Herstellen?

Danke Im vorraus
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.06.2012 13:52:26 - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\Mustermann\Links
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,74% Memory free
16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,65 Gb Total Space | 387,49 Gb Free Space | 83,21% Space Free | Partition Type: NTFS
 
Computer Name: Mustermann | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E3B7BC-D9A7-4318-A5E9-9894352DB7DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{10DA4180-C472-4919-AB4E-99157CFEDE61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1B6BE605-C141-4863-A3E2-9047DB707C39}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D486F18-CD56-49F6-8BBB-FD8C1051C853}" = rport=138 | protocol=17 | dir=out | app=system | 
"{368E7465-DFD8-45C6-9238-704E506AEA2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3A4832D2-FDFB-4047-BE51-407F20D15D29}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3DB8570E-8EF8-479C-B284-8D4CA22D861D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F3ED8A1-4CEF-446E-946B-0BB77DDD26EF}" = lport=11801 | protocol=6 | dir=in | name=tcp 11801 | 
"{539DE2CA-6893-4CAE-BE0D-873F71AFF206}" = lport=27042 | protocol=6 | dir=in | name=tcp 27042 | 
"{56509695-30CE-484E-9307-0305741BCB2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5714A72A-5AA3-4424-BE5C-2AA99900F96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7823EC2B-DFFE-43BA-9EB3-2189440C0235}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7F6BF1FE-60BC-4AFE-8776-3CC32FB1B6F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8787CCF-5A1C-4B43-9246-30FD2381B630}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC883230-50EC-408E-8106-CD9FAD448095}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AEE95C69-569E-4B2A-B3AA-DB8E65B9A052}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5B859F8-C45B-4607-BA72-D1379E116691}" = lport=20686 | protocol=17 | dir=in | name=udp 20686 | 
"{B5CFDFF6-F939-46F3-92D9-7C96BE26BBF6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C576DB1A-600E-47CE-BDDC-C079780CED09}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CBBD5FE9-0545-46B0-9A7F-031B8D6FDE04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D0AF215C-1CEF-427E-9F9A-CCA819279656}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E2F57506-0C42-4BB8-83DB-5E497573E31B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E3ED1C90-CD92-4B9A-B0AD-65398DEA0B78}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EB1D95C5-B4B2-4EFD-8B3B-F023F4BE7A9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED1808E4-3834-4F03-A246-3C1A67A6080F}" = lport=15036 | protocol=17 | dir=in | name=udp 15036 | 
"{F2545F0E-EE52-45BD-BDD7-4D4CE6270EB9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F7806337-497A-487E-921E-E73DA2DC2684}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FCE8A36C-043E-4B3D-BFCB-91C5330A3E08}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FE9260BD-BCA7-445B-AB24-9FF4B5A5C31A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000D9DFD-BE6E-42A3-AB55-BB0FC8C3B81F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0154D779-FAD9-44AD-93C2-3D2B4957CA10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1C36851C-DE06-475B-BC0A-24B73979B685}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{1EC3D0D6-92FC-463C-A025-4E577B55DFCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{221868E9-E06E-4AD1-AFF6-3144CA04D3CA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{24DD2FBC-D9D4-48B6-A4A1-464D74E413AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26FD5CBD-EC30-49A8-9121-BCABD66F20F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{294E0ED6-4DF9-4F6A-977E-657D4499BB66}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2A85129A-9BF0-469E-B651-930D9792C344}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2AE4DA72-E4F3-488A-AC59-6D112C2DECA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30ECBD51-9695-4F26-BAFE-8D4CD9827AC8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{322A0E6C-68A3-4144-BD54-0BD475F2E3D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3A3BE52E-DD5C-4FC2-BC1C-B6E571967858}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{3ECD499B-0B63-4EA6-9EEF-2BAB45CB7988}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4201F817-5E69-4833-B2A9-916B5D7204EB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{529EBD67-DC60-4032-9BB6-F11BCEDF5879}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{74339816-8DD6-4CBB-A141-58725520C7EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7B1EB752-A359-4F9C-ABAB-E60D9D6EEAF1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9B639229-E85D-4811-8ECB-213916691461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E858FB6-12CF-4DDD-980E-4CF816824DC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F4D3ABC-C2D8-43FF-81EA-9C0282693424}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A1237ACE-4869-4A78-BEA8-BD4AEA6908DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A52FED88-4831-401E-BB78-2FB41B0E8B3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A6AA7026-4E6F-48FC-A405-D23AE69F55C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AC83704E-E088-418F-8D9E-981EB0A80B48}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFF7A4C4-1019-4714-BC77-2D358F948373}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{BB3728EA-90ED-425F-9382-022765ADB69D}" = protocol=6 | dir=out | app=system | 
"{BE7D0660-A0A1-4F0F-9659-3F6663CBA2C8}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{C69E4A12-8668-44CC-8F1E-2ECB655FB657}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{D8B77087-364B-488A-953A-5E7E56B54B2B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{DBA34A0C-986B-45D1-89BB-34860D4B0FE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3FBB081-7141-4A6C-B895-9AD80FB913BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFE00839-5037-43B1-AA20-02585CDF5750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{FBADB583-4CF0-4E18-AEC4-77BF4E1ADA41}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe | 
"{FCDB30D1-B0E7-4977-990B-1F1EDBDDDAB9}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"TCP Query User{AACBE71A-F4B1-47E4-B5F7-53555DC78948}C:\users\feghelm11\appdata\roaming\moigvu\ykqa.exe" = protocol=6 | dir=in | app=c:\users\feghelm11\appdata\roaming\moigvu\ykqa.exe | 
"UDP Query User{7CD5C25F-92CB-438B-AB17-1D03D4AF4BC6}C:\users\feghelm11\appdata\roaming\moigvu\ykqa.exe" = protocol=17 | dir=in | app=c:\users\feghelm11\appdata\roaming\moigvu\ykqa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB5B8FE-3F8A-4D9F-911C-F85473400859}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B374E6A8-501F-4BC0-BA59-4EE78F06B3B2}" = Oracle VM VirtualBox 4.1.10
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{051F9CB0-1499-4A0E-A861-CB19A5AAA906}" = NetObjects Fusion 12.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{404845B3-A810-4C3F-BFC0-44D71E987115}" = NetObjects Fusion 12.0
"{5CF10879-E779-4db8-AE32-25204EE81C8A}" = Enterprise
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B962E962-6369-4F66-AF35-79CB39270D12}" = NetObjects Fusion 12.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDC842C6-5607-48B9-A0B2-7D8B9BC57333}" = AD_Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ClamWin Free Antivirus_is1" = ClamWin Free Antivirus 0.97.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2012 00:19:08 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.06.2012 00:24:13 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.06.2012 23:38:29 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.06.2012 04:26:22 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2012 13:53:37 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2012 23:43:32 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2012 13:50:13 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2012 14:08:37 | Computer Name = Feghelm11Büro | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 05.06.2012 23:40:57 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.06.2012 23:45:53 | Computer Name = Feghelm11Büro | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 16.03.2012 05:26:50 | Computer Name = Feghelm11Büro | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 163
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.06.2012 00:28:52 | Computer Name = Feghelm11Büro | Source = Service Control Manager | ID = 7000
Description = Der Dienst "kqemu driver" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 14.06.2012 00:08:57 | Computer Name = Feghelm11Büro | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\kqemu.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 14.06.2012 00:08:57 | Computer Name = Feghelm11Büro | Source = Service Control Manager | ID = 7000
Description = Der Dienst "kqemu driver" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 14.06.2012 23:49:20 | Computer Name = Feghelm11Büro | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\kqemu.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 14.06.2012 23:49:20 | Computer Name = Feghelm11Büro | Source = Service Control Manager | ID = 7000
Description = Der Dienst "kqemu driver" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 15.06.2012 15:00:40 | Computer Name = Feghelm11Büro | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\kqemu.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 15.06.2012 15:00:40 | Computer Name = Feghelm11Büro | Source = Service Control Manager | ID = 7000
Description = Der Dienst "kqemu driver" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 15.06.2012 23:25:43 | Computer Name = Feghelm11Büro | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\kqemu.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 15.06.2012 23:25:43 | Computer Name = Feghelm11Büro | Source = Service Control Manager | ID = 7000
Description = Der Dienst "kqemu driver" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 16.06.2012 09:17:43 | Computer Name = Feghelm11Büro | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2012 13:52:26 - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\Feghelm11\Links
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,22 Gb Available Physical Memory | 77,74% Memory free
16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,65 Gb Total Space | 387,49 Gb Free Space | 83,21% Space Free | Partition Type: NTFS
 
Computer Name: FEGHELM11BÜRO | User Name: Feghelm11 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Feghelm11\Links\OTL.exe (OldTimer Tools)
PRC - C:\Users\Feghelm11\AppData\Roaming\Moigvu\ykqa.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (alch)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Feghelm11\AppData\Roaming\Moigvu\ykqa.exe ()
MOD - C:\Program Files (x86)\WinRAR\rarext.dll ()
MOD - C:\Program Files (x86)\ClamWin\bin\ExpShell.dll ()
MOD - C:\Program Files (x86)\ClamWin\bin\python23.dll ()
MOD - C:\Program Files (x86)\ClamWin\lib\shell.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32gui.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32file.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32api.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32security.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32process.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\win32event.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll ()
MOD - C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll ()
MOD - C:\Program Files (x86)\ClamWin\lib\_winreg.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\datetime.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\_ssl.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\_sre.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\_socket.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\wxc.pyd ()
MOD - C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll ()
MOD - C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fpsqtuba) -- C:\Windows\SysNative\drivers\fpsqtuba.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (CbFs) -- C:\Windows\SysNative\drivers\cbfs_x64.sys (EldoS Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (kqemu) -- C:\Windows\SysWOW64\drivers\kqemu.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 0B F4 93 13 FA CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {688EAD4D-FEB3-45A6-96AB-3BE451D478B8}
IE - HKCU\..\SearchScopes\{688EAD4D-FEB3-45A6-96AB-3BE451D478B8}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 21:44:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.18 21:44:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Feghelm11\AppData\Roaming\mozilla\Extensions
[2012.03.18 21:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ClamWin] C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [MQtvEpTILjvJre.exe] C:\ProgramData\MQtvEpTILjvJre.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [{154BAEB5-1200-AD41-9DDB-630B8F074016}] C:\Users\Feghelm11\AppData\Roaming\Moigvu\ykqa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 43023 = C:\PROGRA~3\LOCALS~1\Temp\mswridau.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E969A73-C8DF-465D-B1EB-54EE02BD1091}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 13:53:41 | 000,050,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vnsegiba.sys
[2012.06.20 13:53:29 | 000,050,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\akdpasgl.sys
[2012.06.20 12:58:22 | 000,050,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fpsqtuba.sys
[2012.06.20 12:47:50 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.20 12:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.06.20 06:37:38 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{4112455F-6EDF-49B6-B757-281186769076}
[2012.06.20 06:37:16 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{C4F136DF-1AC8-4E47-8548-C2112A24216D}
[2012.06.19 18:36:51 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{BBB3670E-6250-4864-AA99-CEB2C10FEB80}
[2012.06.19 18:36:28 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{71202B59-C49A-4B8D-93E0-8276B58262C1}
[2012.06.19 06:35:53 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{CE3DB1C3-B894-409E-BE5F-A240DD1A8106}
[2012.06.19 06:35:42 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{21A51EB3-21EB-4701-980E-1AD73EEF4BB4}
[2012.06.18 18:19:27 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{E6B103E4-7450-4FDB-B405-CDDD2091313A}
[2012.06.18 06:19:15 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{E8F98AE1-BF26-41E6-AF00-A04B4FF8E511}
[2012.06.17 09:53:44 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{F63BD626-043A-45C2-860A-15714FD4F095}
[2012.06.16 06:23:06 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{610F3F0A-3612-4901-8AD2-307BC2FCA054}
[2012.06.15 18:22:30 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{3F8435E2-BC1C-4AD4-AF2A-487F81F1EFC5}
[2012.06.15 05:50:25 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{3F88E1C5-5E89-43E2-92B1-DB18FF31EABF}
[2012.06.14 18:31:36 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{A2705FA6-FBD4-4164-96FC-FD83854F14B6}
[2012.06.14 06:31:23 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{9785403B-A51B-45DD-BFDA-69D5F0047E3A}
[2012.06.14 06:31:01 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{47697824-F3C3-44B7-98C8-927DC922D8C3}
[2012.06.13 19:41:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 19:41:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 19:41:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 19:41:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 19:41:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 19:41:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 19:41:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 19:41:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 19:41:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 19:41:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 19:41:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 19:41:25 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 19:41:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 18:30:36 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{13062DA8-09CD-4526-BEAC-9D1F55687635}
[2012.06.13 18:30:13 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{5AC9798A-D6AC-4CA2-AADA-4CA391CE357E}
[2012.06.13 06:35:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 06:35:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 06:35:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 06:35:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 06:35:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 06:35:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 06:34:57 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 06:34:57 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.13 06:34:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 06:29:58 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{1CE1DCB6-35A8-4C93-B85E-0A9E3E8E8A07}
[2012.06.13 06:29:47 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{B76EB849-055E-4989-96C4-C58BBCD03961}
[2012.06.12 18:06:48 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{71438B00-1C0B-41BB-B93E-32E9D0D967B4}
[2012.06.12 18:06:26 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{65EFE610-1B03-4B18-A5AA-3756A92456B3}
[2012.06.12 06:06:13 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{265BFB54-8C3A-4A17-A061-3CDE469740A3}
[2012.06.12 06:05:51 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{67AA51F5-3274-42CE-905E-B430EDA359B4}
[2012.06.11 18:05:26 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{C87B2DDD-22FE-424C-94DB-6C5C282AF1EA}
[2012.06.11 18:05:03 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{A0A5DC7E-D2C4-45F2-8DB7-C368459079AF}
[2012.06.11 06:04:42 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{709163E7-8988-4619-B31A-A847D6B2314C}
[2012.06.11 06:04:30 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{9F5710E9-220E-406A-B831-FFB31ED743EE}
[2012.06.10 10:20:52 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{BAE2AB57-8621-4618-8F3E-B18569D31A59}
[2012.06.10 10:20:37 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{DBD7B1BB-FD98-4942-8440-4888A82CD5CC}
[2012.06.09 05:47:01 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{AB738BE1-0DE7-4122-8C5C-8FAF0A47325A}
[2012.06.09 05:46:38 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{28618EB8-E84B-4104-ADD7-C5F51F3C7ED6}
[2012.06.08 17:45:47 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{407118B0-7614-4CC9-AF1F-737961E79DAB}
[2012.06.08 17:45:25 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{CA031145-83F0-4ED4-9BC4-1E2CA949C7A9}
[2012.06.08 05:45:10 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{ADE4608A-E3B2-4965-A130-891155002735}
[2012.06.08 05:44:58 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{BC94898D-950A-4F85-B6A2-E17174236AC7}
[2012.06.06 17:45:06 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{19C2BFFA-E837-49E6-BC64-2E1C0B28E983}
[2012.06.06 17:44:44 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{5C168F90-AF51-4469-9409-4D072D773846}
[2012.06.06 05:44:28 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{C74528E3-098F-4D25-BF67-99E27159B81B}
[2012.06.06 05:44:05 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{C99B809B-77FB-49EA-BBA8-98479942D080}
[2012.06.05 17:43:38 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{73A91DCC-8E87-42DB-B4E7-1469E1F1A797}
[2012.06.05 17:43:16 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{1103C052-5208-4520-A217-1B13A7406C98}
[2012.06.05 05:42:49 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{44CDC1B1-11E6-4EE0-91F3-EAAFC761D041}
[2012.06.05 05:42:33 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{9A8047A8-4FB2-4FAA-A48E-D9AB8CF24C51}
[2012.06.04 17:17:46 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{2C8D74A2-BB75-445D-A047-4245438BE030}
[2012.06.04 17:17:23 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{0F00162D-FFF5-4C50-8002-0A70CEF291C3}
[2012.06.04 05:17:11 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{A05B61EB-3D34-4A6A-A888-2944E425C7CF}
[2012.06.04 05:16:59 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{C1C0B3D9-C7C6-4B29-BE85-B6E14C412C7C}
[2012.06.03 10:25:57 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{4ADDA511-664F-4FAE-8AD8-996F94B4262B}
[2012.06.03 10:25:46 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{4BEEB4C7-C7CE-47CE-BE8B-456B85418D59}
[2012.06.02 06:59:16 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{D94B2A3F-9F51-4D20-93CF-C444D96082FC}
[2012.06.02 06:58:50 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{6F122329-86E7-49F1-AA31-91EAFCA15754}
[2012.06.01 18:28:39 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{0944E1E0-7BA8-419C-B2A8-D3E2DB88C930}
[2012.06.01 18:28:28 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{6E6C33EF-7CEC-4D08-8BB4-1F4D1B2586E0}
[2012.06.01 06:28:13 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{98CED78D-E09B-4FED-AEFD-5DEB83EA20FC}
[2012.06.01 06:28:02 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{D549ABBA-4775-49E9-89D3-E0D06157D067}
[2012.05.31 18:27:36 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{77DD7DE4-240D-4DAF-87AB-C6672DE0C480}
[2012.05.31 18:27:14 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{A0535415-29F7-4D83-91F1-1CC867E2CB1D}
[2012.05.31 06:27:01 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{EC0F9060-08A9-4521-A42B-7CA3B0CC7FB3}
[2012.05.31 06:26:49 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{433B9753-5F04-4358-920D-BFDF7A1778D3}
[2012.05.30 07:51:57 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{B91C9663-82FF-4A22-9671-C4814EC9F5FF}
[2012.05.30 07:51:35 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{2EEFBA97-B364-419D-A2E9-F3ACE0D68DAE}
[2012.05.29 18:56:58 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{E78BEBD7-8CB8-44C7-B9C1-E25AB7815D7F}
[2012.05.29 18:56:36 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{1C3854C9-BAA1-4CD4-B970-839655C15802}
[2012.05.29 06:56:23 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{1E297B5F-4929-4B3F-A66C-8C5463093AFE}
[2012.05.29 06:56:01 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{096DEC45-7119-4A57-B60E-B5854F7DF9FA}
[2012.05.28 18:55:35 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{BE268E91-CE08-4120-8D91-53280ACCF8B0}
[2012.05.28 18:55:12 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{1E700DF6-186E-46EE-8B03-CF450B1DD670}
[2012.05.28 06:33:41 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{4FA036CB-3A4E-447C-8DA4-5A8D18317E61}
[2012.05.28 06:33:29 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{9B9CEBBD-86C9-4B49-AD73-027FFDC8DAAC}
[2012.05.27 18:05:07 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{DB801B06-62E2-4194-9F61-F5580DB970E9}
[2012.05.27 18:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{8E30CD24-CFF8-4753-A8CF-D9FC3DDA43C4}
[2012.05.27 06:04:30 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{6CC43B61-E68A-4967-B2AA-8FF0424CC316}
[2012.05.27 06:04:18 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{8C0E170B-11A7-4308-A88D-E25960714D3B}
[2012.05.26 17:47:21 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{E0F87FC5-1DC3-470C-8CF7-DF17670A46CE}
[2012.05.26 17:46:58 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{04A699FB-5D95-4320-A0AB-2E699A085D45}
[2012.05.26 05:46:44 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{7E4AC7E2-32F5-4005-B172-7A88C38960FE}
[2012.05.26 05:46:32 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{9F96E741-0A0C-47A2-9515-D9F2EEF86C5D}
[2012.05.25 19:11:53 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{4FE3F5F9-A47C-4AFB-8AD0-C691A1CE6C12}
[2012.05.25 07:11:28 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{8FDFECDD-89CA-4612-8DC8-E2E8546D0EFE}
[2012.05.25 07:11:05 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{716B6B90-CADE-47E9-A08B-845AF98DD47C}
[2012.05.24 19:10:40 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{92697261-C85F-4AF3-B0D9-2EC0F5E1D317}
[2012.05.24 19:10:18 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{A649B977-DA3E-408B-BA4C-8D9D49F97672}
[2012.05.24 06:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{D86CF846-638F-4E65-A157-4C3FF2AB423A}
[2012.05.24 06:25:15 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{CF5CE72B-C8DA-49BE-86D8-EAC5857B05D8}
[2012.05.23 18:24:50 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{ECEE602E-5697-417F-889B-C2506C2A7154}
[2012.05.23 18:24:28 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{BBE4076A-3237-46B7-8AE9-06DBCB36ABBD}
[2012.05.23 14:59:33 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\Documents\Scan
[2012.05.23 06:24:09 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{DA3295A5-06D3-4D56-A5CB-5561A03CFB15}
[2012.05.23 06:23:57 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{54BD4D28-01F3-4C8C-A1E5-1EB9F633ACD9}
[2012.05.22 18:12:52 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{F6C03ECD-917B-4509-B7D6-996518DE311D}
[2012.05.22 18:12:30 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{404D1C41-4680-44AE-BA4A-684046898801}
[2012.05.22 06:12:14 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{E4D297AC-81D5-46CA-8AFB-A5D2D2479DFA}
[2012.05.22 06:12:02 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{177ECFD0-F55F-4FCD-AE6A-809AD746A11F}
[2012.05.21 17:51:17 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{F16E0D07-2F99-4A08-9966-1D4014667580}
[2012.05.21 17:50:55 | 000,000,000 | -H-D | C] -- C:\Users\Feghelm11\AppData\Local\{D2EC44E5-9521-477D-ADCC-B97D6871F53C}
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 13:53:42 | 000,050,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vnsegiba.sys
[2012.06.20 13:53:30 | 000,050,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\akdpasgl.sys
[2012.06.20 13:46:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.20 13:37:33 | 000,000,000 | ---- | M] () -- C:\Users\Feghelm11\defogger_reenable
[2012.06.20 13:16:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 12:58:22 | 000,050,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fpsqtuba.sys
[2012.06.20 12:55:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 12:55:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 12:54:29 | 001,513,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 12:54:29 | 000,658,934 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 12:54:29 | 000,620,816 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 12:54:29 | 000,132,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 12:54:29 | 000,108,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.20 12:47:52 | 000,000,160 | ---- | M] () -- C:\ProgramData\-sPW9oU6WpoV5E1r
[2012.06.20 12:47:52 | 000,000,000 | ---- | M] () -- C:\ProgramData\-sPW9oU6WpoV5E1
[2012.06.20 12:47:47 | 000,000,256 | ---- | M] () -- C:\ProgramData\sPW9oU6WpoV5E1
[2012.06.20 12:46:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.20 12:45:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 12:45:50 | 2146,787,327 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 21:01:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.15 21:01:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.14 06:08:50 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.20 13:37:33 | 000,000,000 | ---- | C] () -- C:\Users\Feghelm11\defogger_reenable
[2012.06.20 12:47:52 | 000,000,160 | ---- | C] () -- C:\ProgramData\-sPW9oU6WpoV5E1r
[2012.06.20 12:47:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\-sPW9oU6WpoV5E1
[2012.06.20 12:47:45 | 000,000,256 | ---- | C] () -- C:\ProgramData\sPW9oU6WpoV5E1
[2012.03.18 21:31:55 | 000,074,279 | ---- | C] () -- C:\Windows\hpqins16.dat
[2012.03.04 18:18:02 | 000,219,785 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.03.04 17:59:38 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012.01.25 18:05:34 | 000,034,067 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.25 18:05:05 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.25 18:05:03 | 000,026,286 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.05.16 21:34:21 | 001,534,242 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

--- --- ---

Habe diese Meldung bekommen und dann ging er nicht mehr

A Write command during the test has failed to complete. This may be be due to a media or ready/write error. The system generates an exception error when using a reference to an invalid system memory address

Psychotic · 21.06.2012, 15:22

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [MQtvEpTILjvJre.exe] C:\ProgramData\MQtvEpTILjvJre.exe ()
O4 - HKCU..\Run: [{154BAEB5-1200-AD41-9DDB-630B8F074016}] C:\Users\Feghelm11\AppData\Roaming\Moigvu\ykqa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 43023 = C:\PROGRA~3\LOCALS~1\Temp\mswridau.com ()
:COMMANDS
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 3: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Feghelm11 · 22.06.2012, 06:13

Ich habe meinen Trojaner bereinigt durch Professionelle Hilfe.
Aber trotzdem Danke!

Psychotic · 22.06.2012, 09:06

Dieses Thema wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!

Trojaner auf PC alle Daten weg?

Plagegeister aller Art und deren Bekämpfung: Trojaner auf PC alle Daten weg?