| |
| |||||||
Log-Analyse und Auswertung: Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.07.2012, 15:33
| #1 |
| |  Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 Hallo zusammen Ich habe mir einen Trojaner auf meinem Windows 7 Notebook unter meinem Domain-Benutzernamen mit Admin-Rechten eingefangen. Den Scan habe ich lokal mit dem Localadmin für alle Benutzer durchgeführt. Das Anti-Malware von Malwarebytes hat nichts gefunden. OTL hat folgende Log-Datei OTL.txt generiert: Code:
ATTFilter OTL logfile created on: 7/13/2012 4:09:28 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\localadmin.PC-826\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.99% Memory free 7.95 Gb Paging File | 5.02 Gb Available in Paging File | 63.13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.61 Gb Total Space | 229.80 Gb Free Space | 51.69% Space Free | Partition Type: NTFS Drive E: | 15.86 Gb Total Space | 2.38 Gb Free Space | 15.00% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32 Computer Name: PC-826 | User Name: localadmin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\localadmin.PC-826\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\lqrffjyj.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\danielsiegrist\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe () PRC - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\00cb077c2bf82c7fe54b6f93af4b6686\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll () MOD - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (McAfee Endpoint Encryption Agent) -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe File not found SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.) SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.) SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ZarafaUpdaterService.exe) -- C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe () SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (hpCMSrv) -- c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (WMCoreService) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.) SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (LMIRfsClientNP) -- C:\windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (WPS) -- C:\Windows\SysNative\drivers\WPSDRVnt.sys (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Teefer3) -- C:\Windows\SysNative\drivers\Teefer3.sys (Symantec Corporation) DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (h36wgps) -- C:\Windows\SysNative\drivers\h36wgps64.sys (Ericsson AB) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) HP Mobile Broadband Module Device Management Driver (WDM) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (WpsHelper) -- C:\Windows\SysNative\drivers\wpshelper.sys (Symantec Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120708.024\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120708.024\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16 IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16 IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\SearchScopes,DefaultScope = {14349EFE-1BC9-4879-80A5-B6E4D6AEE987} IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\SearchScopes\{14349EFE-1BC9-4879-80A5-B6E4D6AEE987}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=1E533EBD-34E5-43AD-8E33-216E06CC405B&apn_sauid=6AF77691-F544-477C-B23F-BA131808F7E3 IE - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bielertagblatt.ch IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bielertagblatt.ch IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..\SearchScopes\{EA5802FC-F121-45C3-9383-86F1AAB12BCD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=1E533EBD-34E5-43AD-8E33-216E06CC405B&apn_sauid=6AF77691-F544-477C-B23F-BA131808F7E3 IE - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/18 11:37:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/16 14:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/04/16 14:08:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/01/13 10:31:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/01/13 10:31:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/01/13 10:31:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/13 10:31:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/01/13 10:31:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/01/13 10:31:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/01/13 10:31:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/07/13 15:37:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1566922826-3658650923-3801446738-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Zarafa auto-updater launcher] C:\Program Files (x86)\Zarafa\Zarafa Outlook Client\ZarafaLaunchUpdater.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [lqrffjyjqizgofb] C:\ProgramData\lqrffjyj.exe () O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\danielsiegrist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RecycleBinSize = 10 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15:64bit: - ..Trusted Domains: abo-iis ([]http in Lokales Intranet) O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Domains: abo-iis ([]http in Lokales Intranet) O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431\..Trusted Ranges: Range2 ([http] in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.1.84 172.20.1.86 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgag.intra O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A84D4C2-2593-4FCE-BFC1-8327D6259BE4}: NameServer = 138.188.101.186 138.188.101.189 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982CBCAD-DF38-4D83-B5E3-C56B46C7DBDE}: DhcpNameServer = 172.20.1.84 172.20.1.86 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/13 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Malwarebytes [2012/07/13 15:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/13 15:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/13 15:14:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/13 15:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/13 15:03:46 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Macromedia [2012/07/13 15:03:43 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Adobe [2012/07/13 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Hewlett-Packard_Developme [2012/07/13 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\WMCore [2012/07/13 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\ATI [2012/07/13 14:40:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\ATI [2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Synaptics [2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Roxio [2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Real [2012/07/13 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Intel Corporation [2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\LogMeIn [2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\hpqLog [2012/07/13 14:39:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Apple Computer [2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Virtual Machines [2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Searches [2012/07/13 14:39:27 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/07/13 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Identities [2012/07/13 14:39:14 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Contacts [2012/07/13 14:39:12 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\VirtualStore [2012/07/13 14:39:09 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Symantec [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Vorlagen [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Verlauf [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Temporary Internet Files [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Startmenü [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\SendTo [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Recent [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Netzwerkumgebung [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Lokale Einstellungen [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Videos [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Musik [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Eigene Dateien [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Documents\Eigene Bilder [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Druckumgebung [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Cookies [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\AppData\Local\Anwendungsdaten [2012/07/13 14:39:04 | 000,000,000 | -HSD | C] -- C:\Users\localadmin.PC-826\Anwendungsdaten [2012/07/13 14:38:54 | 000,000,000 | --SD | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Videos [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Saved Games [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Pictures [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Music [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Links [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Favorites [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Downloads [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Documents [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\Desktop [2012/07/13 14:38:54 | 000,000,000 | R--D | C] -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/07/13 14:38:54 | 000,000,000 | -H-D | C] -- C:\Users\localadmin.PC-826\AppData [2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Temp [2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Microsoft Help [2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\Microsoft [2012/07/13 14:38:54 | 000,000,000 | ---D | C] -- C:\Users\localadmin.PC-826\AppData\Local\ifolor [2012/07/13 13:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\kdlnnwgrqdsfzbw [2012/07/09 13:13:06 | 000,138,144 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\SymVPN.dll [2012/07/09 13:13:06 | 000,138,144 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll [2012/07/09 13:13:06 | 000,087,456 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\FwsVpn.dll [2012/07/09 13:13:06 | 000,054,904 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\WPSDRVnt.sys [2012/07/09 13:13:06 | 000,020,400 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\SnacNp.dll [2012/07/09 13:13:06 | 000,018,352 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\SnacNp.dll [2012/07/09 13:13:05 | 000,482,424 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspl64.sys [2012/07/09 13:13:05 | 000,482,424 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspl64.sys [2012/07/09 13:13:05 | 000,453,240 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtsp64.sys [2012/07/09 13:13:05 | 000,453,240 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtsp64.sys [2012/07/09 13:13:05 | 000,032,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspx64.sys [2012/07/09 13:13:05 | 000,032,376 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspx64.sys [2012/07/06 16:44:47 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/07/06 16:44:47 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/07/06 16:44:47 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/07/06 16:44:36 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/07/06 16:44:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/07/06 16:44:36 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/07/06 16:44:21 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/07/06 16:44:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012/07/06 11:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/07/06 11:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/07/06 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/07/06 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes ========== Files - Modified Within 30 Days ========== [2012/07/13 16:05:05 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 16:05:05 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/13 15:57:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/13 15:57:07 | 4268,081,152 | -HS- | M] () -- C:\hiberfil.sys [2012/07/13 15:37:00 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts [2012/07/13 15:35:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/13 15:14:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/13 13:37:00 | 000,000,051 | ---- | M] () -- C:\ProgramData\nvhecbewiqbkuce [2012/07/13 13:36:54 | 000,049,152 | ---- | M] () -- C:\ProgramData\lqrffjyj.exe [2012/07/12 14:35:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/07/12 14:35:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/07/12 10:17:14 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIRfsClientNP.dll [2012/07/12 10:17:14 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIinit.dll [2012/07/12 10:17:14 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\windows\SysNative\LMIport.dll [2012/07/11 11:30:20 | 000,000,338 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForPC-826$.job [2012/07/09 13:14:49 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/07/09 13:14:49 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/07/09 13:14:49 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF [2012/07/09 13:13:06 | 000,138,144 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\SymVPN.dll [2012/07/09 13:13:06 | 000,138,144 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SymVPN.dll [2012/07/09 13:13:06 | 000,087,456 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\FwsVpn.dll [2012/07/09 13:13:06 | 000,054,904 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\WPSDRVnt.sys [2012/07/09 13:13:06 | 000,020,400 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\SnacNp.dll [2012/07/09 13:13:06 | 000,018,352 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\SnacNp.dll [2012/07/09 13:13:05 | 000,482,424 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspl64.sys [2012/07/09 13:13:05 | 000,482,424 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspl64.sys [2012/07/09 13:13:05 | 000,453,240 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtsp64.sys [2012/07/09 13:13:05 | 000,453,240 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtsp64.sys [2012/07/09 13:13:05 | 000,032,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysWow64\drivers\srtspx64.sys [2012/07/09 13:13:05 | 000,032,376 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\srtspx64.sys [2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspx64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysNative\drivers\srtspx64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspl64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | M] () -- C:\windows\SysNative\drivers\srtspl64.cat [2012/07/09 13:13:05 | 000,007,500 | ---- | M] () -- C:\windows\SysWow64\drivers\srtsp64.cat [2012/07/09 13:13:05 | 000,007,500 | ---- | M] () -- C:\windows\SysNative\drivers\srtsp64.cat [2012/07/09 13:13:05 | 000,001,460 | ---- | M] () -- C:\windows\SysWow64\drivers\srtsp64.inf [2012/07/09 13:13:05 | 000,001,460 | ---- | M] () -- C:\windows\SysNative\drivers\srtsp64.inf [2012/07/09 13:13:05 | 000,001,451 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspl64.inf [2012/07/09 13:13:05 | 000,001,451 | ---- | M] () -- C:\windows\SysNative\drivers\srtspl64.inf [2012/07/09 13:13:05 | 000,001,442 | ---- | M] () -- C:\windows\SysWow64\drivers\srtspx64.inf [2012/07/09 13:13:05 | 000,001,442 | ---- | M] () -- C:\windows\SysNative\drivers\srtspx64.inf [2012/07/05 10:19:14 | 000,000,000 | ---- | M] () -- C:\t1eg.2 [2012/07/04 10:00:15 | 000,000,000 | ---- | M] () -- C:\t1fo.2 [2012/07/04 10:00:15 | 000,000,000 | ---- | M] () -- C:\t1fo.1 [2012/07/03 19:17:55 | 000,000,368 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFordanielsiegrist.job [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/29 08:49:10 | 000,000,000 | ---- | M] () -- C:\t1gg.2 [2012/06/29 08:49:10 | 000,000,000 | ---- | M] () -- C:\t1gg.1 [2012/06/27 11:47:27 | 000,010,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol ========== Files Created - No Company Name ========== [2012/07/13 15:14:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/13 14:39:32 | 000,001,409 | ---- | C] () -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/07/13 14:39:28 | 000,001,443 | ---- | C] () -- C:\Users\localadmin.PC-826\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/07/13 14:38:54 | 000,001,970 | ---- | C] () -- C:\Users\localadmin.PC-826\Desktop\RDS-AMASYS.RDP [2012/07/13 13:37:00 | 000,049,152 | ---- | C] () -- C:\ProgramData\lqrffjyj.exe [2012/07/13 13:36:55 | 000,000,051 | ---- | C] () -- C:\ProgramData\nvhecbewiqbkuce [2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspx64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysNative\drivers\srtspx64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspl64.cat [2012/07/09 13:13:05 | 000,007,504 | ---- | C] () -- C:\windows\SysNative\drivers\srtspl64.cat [2012/07/09 13:13:05 | 000,007,500 | ---- | C] () -- C:\windows\SysWow64\drivers\srtsp64.cat [2012/07/09 13:13:05 | 000,007,500 | ---- | C] () -- C:\windows\SysNative\drivers\srtsp64.cat [2012/07/09 13:13:05 | 000,001,460 | ---- | C] () -- C:\windows\SysWow64\drivers\srtsp64.inf [2012/07/09 13:13:05 | 000,001,460 | ---- | C] () -- C:\windows\SysNative\drivers\srtsp64.inf [2012/07/09 13:13:05 | 000,001,451 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspl64.inf [2012/07/09 13:13:05 | 000,001,451 | ---- | C] () -- C:\windows\SysNative\drivers\srtspl64.inf [2012/07/09 13:13:05 | 000,001,442 | ---- | C] () -- C:\windows\SysWow64\drivers\srtspx64.inf [2012/07/09 13:13:05 | 000,001,442 | ---- | C] () -- C:\windows\SysNative\drivers\srtspx64.inf [2012/07/05 10:19:14 | 000,000,000 | ---- | C] () -- C:\t1eg.2 [2012/07/04 10:00:15 | 000,000,000 | ---- | C] () -- C:\t1fo.2 [2012/07/04 10:00:15 | 000,000,000 | ---- | C] () -- C:\t1fo.1 [2012/06/29 08:49:10 | 000,000,000 | ---- | C] () -- C:\t1gg.2 [2012/06/29 08:49:10 | 000,000,000 | ---- | C] () -- C:\t1gg.1 [2012/02/29 10:04:56 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2012/01/13 11:46:36 | 000,000,077 | ---- | C] () -- C:\windows\{70272964-C468-4C5F-8246-AA2CABA75941}.ini [2012/01/13 11:46:36 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\{70272964-C468-4C5F-8246-AA2CABA75941}.ini [2011/11/11 02:45:44 | 000,316,928 | ---- | C] () -- C:\windows\SysWow64\hpcc3118.dll [2011/11/07 15:43:17 | 000,010,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/09/24 08:31:52 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys [2011/09/24 08:11:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/09/24 08:08:42 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011/09/24 08:08:42 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011/09/24 08:07:48 | 000,030,028 | R--- | C] () -- C:\windows\ConnectionProfiles.dat [2011/09/23 16:35:09 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011/03/08 19:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys [2011/03/08 19:01:28 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini [2011/03/08 18:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys [2011/03/08 18:27:28 | 001,594,122 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/02/26 00:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011/01/22 21:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2010/12/20 17:27:22 | 000,003,113 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2010/12/07 07:16:34 | 000,181,072 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll [2010/12/07 07:16:34 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign ========== LOP Check ========== [2012/07/13 15:59:54 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Dropbox [2011/12/06 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Infineon [2012/05/07 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\streamWriter [2011/12/06 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Synaptics [2011/12/06 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\WMCore [2012/01/16 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\danielsiegrist\AppData\Roaming\Xerox [2012/07/13 14:39:40 | 000,000,000 | ---D | M] -- C:\Users\localadmin.PC-826\AppData\Roaming\Synaptics [2012/07/13 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\localadmin.PC-826\AppData\Roaming\WMCore [2012/07/13 15:38:25 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\localadmin.PC-826\Desktop\RDS-AMASYS.RDP:AFP_AfpInfo < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/13/2012 4:09:28 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\localadmin.PC-826\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 43.99% Memory free
7.95 Gb Paging File | 5.02 Gb Available in Paging File | 63.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.61 Gb Total Space | 229.80 Gb Free Space | 51.69% Space Free | Partition Type: NTFS
Drive E: | 15.86 Gb Total Space | 2.38 Gb Free Space | 15.00% Space Free | Partition Type: NTFS
Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32
Computer Name: PC-826 | User Name: localadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AC495BD-C012-41CF-A61D-439C03EE8870}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{344CD85D-3A54-42D7-A452-5AF296A1E19A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3EA4B3CD-A703-4240-982D-DE254957F48F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FE6EB633-E6D8-4610-8E39-FB8D86DD3966}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B61CE0-8F81-4EB5-A847-C1F8CF8507CC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0EC15D83-41AF-42D0-A200-ACBDB0B9A610}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{2DD2B53B-95F8-43BF-8274-7A15558FD243}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C6BC375-B0A8-493D-AB1C-F4309EE1094C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{44D2BE3A-4331-4A68-9B57-48B4C59AC780}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{45FEC4C0-F104-487F-ADBA-55B15F69FE55}" = protocol=17 | dir=in | app=c:\users\danielsiegrist\appdata\roaming\dropbox\bin\dropbox.exe |
"{4AABEB7A-4DDE-41D7-A3D2-0D87CF1F698F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{817F2F98-1C53-4149-B841-62964089DE14}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{82EE3F28-0329-4C1E-820F-E8CDC6CB54FE}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{874DD43B-D048-4876-AC7A-D0E1FACCBBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9ABAB997-E880-4B9F-87E6-F33DBC26B989}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{A0FE47A5-358F-4DE3-A8BB-4A0ADBB494A4}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{A28C60E3-66C4-4B3F-A1DB-716A9D837E52}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{CEEAB884-FE54-4FCD-8EE6-5A82E8FB0DBE}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{F26C6E79-F115-4BA4-8495-78C6CA84985D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F2A10B9A-7088-4C14-ACA7-96012574B7D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8CF4607-6B23-443B-9FB1-BC52011F5F42}" = protocol=6 | dir=in | app=c:\users\danielsiegrist\appdata\roaming\dropbox\bin\dropbox.exe |
"{F939CF93-2840-4614-B74E-06053FF62D23}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{103729AF-35B8-7567-2739-905128A38CFE}" = ccc-utility64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{4117BB0F-FF94-4373-B5A1-D9799EA9DBEA}" = Symantec Endpoint Protection
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BC741628-0AFC-405C-8946-DD46D1005A0A}" = 64 Bit HP CIO Components Installer
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5526B83-25C4-88A8-A984-98F871DA1415}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"GPL Ghostscript 9.04" = GPL Ghostscript
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E8F1F2-6E5B-C5A4-A5FD-B76CCF833F21}" = CCC Help Finnish
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E8DE6AB-5193-A885-A550-7B26858FFF74}" = Catalyst Control Center Localization All
"{11C8CD1B-B0F8-D6F5-3E5D-6103FA7A2740}" = CCC Help English
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1267DA48-A6EA-3202-6C02-0AD5D3AAF360}" = Catalyst Control Center InstallProxy
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{14FDECFD-FBA1-5D0A-16FE-51621197077E}" = CCC Help Norwegian
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E8D5440-0CC6-6E2D-7A1A-1B02699C76DE}" = CCC Help Danish
"{2041A685-F8DC-A7C7-2AF4-CE646D1E2161}" = CCC Help Thai
"{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb
"{225C4860-9D03-49F5-B983-943EB938E0B0}" = HP GPS and Location
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
"{2F36E5A1-A627-3736-D4BC-7962DD22EE0B}" = CCC Help Polish
"{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager
"{39705143-74BD-1E99-5952-22764AD6DED9}" = ccc-core-static
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C213840-A3A6-FD8C-91E5-AC7566FCB71B}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44C72B93-46FA-6D17-4020-E796E8D9C808}" = CCC Help German
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5681FF4A-5469-D41F-F990-D1AC1037AB02}" = CCC Help Korean
"{5A6CB42D-AFB6-989E-E7EB-B3FF928C707F}" = Catalyst Control Center Profiles Mobile
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{63240320-9946-4A11-5135-DB66D8113842}" = CCC Help Japanese
"{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68DDF0E0-42D9-B5C3-AD7A-3E1DCCE8D2E3}" = CCC Help Turkish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70272964-C468-4C5F-8246-AA2CABA75941}" = Roxio Easy Media Creator 9 Suite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F7E4DF2-1795-99AD-CDD7-29F440B61088}" = CCC Help Hungarian
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A79846AB-AE6A-C993-71DF-99FF8E559613}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF6CCCD-2C82-CF3F-58AD-1766D370622F}" = CCC Help French
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0116FFA-6568-B16B-09EF-01E97CEF89E9}" = CCC Help Chinese Standard
"{C501064B-0925-A417-D08B-A96C07D11E01}" = CCC Help Italian
"{CDF2096F-1FBD-C097-15BC-8BC64AF0B6F7}" = CCC Help Spanish
"{CE7AE690-57AF-286B-B022-A808D30F08F2}" = CCC Help Greek
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D9965E8E-496F-F5E4-D8FF-78FB7EBE6ABA}" = CCC Help Swedish
"{DA8B96DE-3FE5-2079-D33B-7152C13AFC73}" = CCC Help Portuguese
"{E132EEDE-AF01-4976-9BC9-E9DE2C94D8C5}" = Zarafa Outlook Client 7.0.2.29470
"{E1625943-425A-6675-6A52-6AE98AC3080F}" = CCC Help Dutch
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E755FF48-9936-FE6B-3910-490DFB39F56D}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F70487C4-B639-5576-6DE1-2D2D790AC51A}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FreePDF_XP" = FreePDF (Remove only)
"ifolor-Designer" = ifolor Designer
"ifolor-OrderClient" = ifolor Bestellsoftware 3.7
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"RealPlayer 15.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"streamWriter_is1" = streamWriter
"SZCCID" = Alcor Micro Smart Card Reader Driver
"VIP Access SDK" = VIP Access SDK x64(1.0.0.50)
"Wisdom-soft ScreenHunter 4.2 Pro" = Wisdom-soft ScreenHunter 4.2 Pro
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1566922826-3658650923-3801446738-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/1/2012 7:13:02 AM | Computer Name = PC-826.wgag.intra | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.0.7, Zeitstempel:
0x4f4667f7 Name des fehlerhaften Moduls: hpasset.exe, Version: 3.0.0.7, Zeitstempel:
0x4f4667f7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003df75 ID des fehlerhaften Prozesses:
0x1dac Startzeit der fehlerhaften Anwendung: 0x01cd278b5c287126 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Berichtskennung:
9d88abb0-937e-11e1-bcc8-028037ec0200
Error - 5/1/2012 4:37:00 PM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/2/2012 3:15:03 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/2/2012 11:17:49 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/2/2012 11:18:05 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/2/2012 11:21:26 AM | Computer Name = PC-826.wgag.intra | Source = Application Hang | ID = 1002
Description = Programm EXCEL.EXE, Version 14.0.6112.5000 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 198c Startzeit:
01cd287316214e24 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Berichts-ID:
66be9daa-946a-11e1-bea7-028037ec0200
Error - 5/2/2012 11:48:39 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/3/2012 4:20:33 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/3/2012 12:23:04 PM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
Error - 5/4/2012 2:41:55 AM | Computer Name = PC-826.wgag.intra | Source = WinVNC4 | ID = 1
Description = SocketManager: unknown listener event: 0
[ Hewlett-Packard Events ]
Error - 7/13/2012 7:44:25 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 7:48:57 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 7:48:57 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:01:40 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:01:40 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:11:09 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:11:10 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:36:54 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 8:36:54 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 7/13/2012 9:41:12 AM | Computer Name = PC-826.wgag.intra | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 4070 Ram
Utilization: 50 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Connection Manager Events ]
Error - 7/6/2012 6:45:45 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:45.705|00000528|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/6/2012 6:45:55 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:55.716|00000528|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/6/2012 6:45:55 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 00:45:55.965|00000528|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/7/2012 9:02:14 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:14.934|00001378|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/7/2012 9:02:24 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:24.938|00001378|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/7/2012 9:02:28 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/07 15:02:28.256|00001378|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/7/2012 7:46:31 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/08 01:46:31.338|000016F8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/7/2012 7:46:31 PM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/08 01:46:31.665|000016F8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 7/13/2012 7:46:49 AM | Computer Name = PC-826.wgag.intra | Source = hpCMSrv | ID = 5
Description = 2012/07/13 13:46:49.803|000004D0|Error |CWWAN::DataClassChanged|Fire_DataClassChanged
failed [hr:0x800706BA]
Error - 7/13/2012 9:05:14 AM | Computer Name = PC-826.wgag.intra | Source = hpMobile | ID = 5
Description = 2012.07.13 15:05:14.081|000016B8|Error |[HP.Mobile]Sms::.ctor{}|Error
registering WWAN events:
[ HP Power Assistant Events ]
Error - 3/4/2012 7:44:19 AM | Computer Name = PC-826.wgag.intra | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
HP Power Assistant application. Additional details may be available in the Details
section. DETAILS Level value needs to be an integer between 0 and 100, got 106UpdateBatteryPredictions()
has bad values. Check PMCCapabilities.XML and PMCData.XML if in emulation mode
[ System Events ]
Error - 7/13/2012 8:42:18 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HP Power Assistant Service erreicht.
Error - 7/13/2012 9:01:55 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 7/13/2012 9:02:13 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
RxFilter
Error - 7/13/2012 9:05:11 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Connection Manager 4 Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 7/13/2012 9:34:56 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec Event Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 200 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 7/13/2012 9:34:56 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Symantec Settings Manager" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 7/13/2012 9:38:28 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 7/13/2012 9:38:31 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
RxFilter
Error - 7/13/2012 9:57:23 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 7/13/2012 9:57:26 AM | Computer Name = PC-826.wgag.intra | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
RxFilter
< End of report >
Herzlichen Dank und Gruss |
|
13.07.2012, 15:40
| #2 |
| /// Malware-holic   | Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2741654391-3626595544-1486187325-1431..\Run: [lqrffjyjqizgofb] C:\ProgramData\lqrffjyj.exe ()
[2012/07/13 13:37:00 | 000,000,051 | ---- | M] () -- C:\ProgramData\nvhecbewiqbkuce
:Files
C:\ProgramData\lqrffjyj.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
13.07.2012, 16:02
| #3 |
| | Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 Es hat funktioniert. Herzlichen Dank. nachfolgend noch das Log-File:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2741654391-3626595544-1486187325-1431\Software\Microsoft\Windows\CurrentVersion\Run\\lqrffjyjqizgofb deleted successfully.
C:\ProgramData\lqrffjyj.exe moved successfully.
C:\ProgramData\nvhecbewiqbkuce moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: carlovalenti
User: danielsiegrist
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: localadmin
User: localadmin.PC-826
->Flash cache emptied: 492 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: carlovalenti
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: danielsiegrist
->Temp folder emptied: 20307 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: localadmin
User: localadmin.PC-826
->Temp folder emptied: 518702 bytes
->Temporary Internet Files folder emptied: 6713147 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13343 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33304 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07132012_164535
Files\Folders moved on Reboot...
C:\Users\danielsiegrist\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\player[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\PShidden[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\119386-trojaner-computer-wurde-gesperrt-ukash-eur-100-a[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\AccountViewMail153924b0[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\ads[1].htm moved successfully.
C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\windows\temp\JETA063.tmp moved successfully.
PendingFileRenameOperations files...
File C:\Users\danielsiegrist\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\localadmin.PC-826\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\player[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W5YV9L2W\PShidden[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\119386-trojaner-computer-wurde-gesperrt-ukash-eur-100-a[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\AccountViewMail153924b0[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U6PS1RST\ads[1].htm not found!
File C:\Users\localadmin.PC-826\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\windows\temp\JETA063.tmp not found!
Registry entries deleted on Reboot...
|
|
13.07.2012, 16:20
| #4 | |
| /// Malware-holic | Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 danke Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.07.2012, 17:41
| #5 |
| | Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 Ich habe den ComboFix ausgeführt. Nachfolgen das Resultat: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-13.02 - danielsiegrist 13.07.2012 18:03:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.41.1031.18.4070.1277 [GMT 2:00]
ausgeführt von:: c:\users\danielsiegrist\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
C:\Thumbs.db
c:\windows\SysWow64\charset.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-13 bis 2012-07-13 ))))))))))))))))))))))))))))))
.
.
2012-07-13 16:12 . 2012-07-13 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 16:12 . 2012-07-13 16:12 -------- d-----w- c:\users\carlovalenti\AppData\Local\temp
2012-07-13 13:14 . 2012-07-13 13:14 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 13:14 . 2012-07-13 13:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-13 13:14 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 12:38 . 2012-07-13 12:39 -------- d-----w- c:\users\localadmin.PC-826
2012-07-13 11:36 . 2012-07-13 11:36 -------- d-----w- c:\programdata\kdlnnwgrqdsfzbw
2012-07-09 11:13 . 2012-07-09 11:13 87456 ----a-w- c:\windows\SysWow64\FwsVpn.dll
2012-07-09 11:13 . 2012-07-09 11:13 54904 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2012-07-09 11:13 . 2012-07-09 11:13 20400 ----a-w- c:\windows\system32\SnacNp.dll
2012-07-09 11:13 . 2012-07-09 11:13 18352 ----a-w- c:\windows\SysWow64\SnacNp.dll
2012-07-09 11:13 . 2012-07-09 11:13 138144 ----a-w- c:\windows\SysWow64\SymVPN.dll
2012-07-09 11:13 . 2012-07-09 11:13 138144 ----a-w- c:\windows\system32\SymVPN.dll
2012-07-09 11:13 . 2012-07-09 11:13 482424 ----a-w- c:\windows\SysWow64\drivers\srtspl64.sys
2012-07-09 11:13 . 2012-07-09 11:13 482424 ----a-w- c:\windows\system32\drivers\srtspl64.sys
2012-07-09 11:13 . 2012-07-09 11:13 453240 ----a-w- c:\windows\SysWow64\drivers\srtsp64.sys
2012-07-09 11:13 . 2012-07-09 11:13 453240 ----a-w- c:\windows\system32\drivers\srtsp64.sys
2012-07-09 11:13 . 2012-07-09 11:13 32376 ----a-w- c:\windows\SysWow64\drivers\srtspx64.sys
2012-07-09 11:13 . 2012-07-09 11:13 32376 ----a-w- c:\windows\system32\drivers\srtspx64.sys
2012-07-06 14:44 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-06 14:44 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-06 14:44 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-06 14:44 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-06 14:44 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-06 14:44 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-06 14:44 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-06 14:44 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-06 14:44 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-06 09:45 . 2012-07-06 09:45 -------- d-----w- c:\program files\iPod
2012-07-06 09:45 . 2012-07-06 09:46 -------- d-----w- c:\program files\iTunes
2012-07-06 09:45 . 2012-07-06 09:46 -------- d-----w- c:\program files (x86)\iTunes
2012-06-15 15:16 . 2012-06-15 15:16 -------- d-----w- c:\users\danielsiegrist\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 12:35 . 2012-04-18 06:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:35 . 2012-01-10 15:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:17 . 2011-11-08 12:39 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-12 08:17 . 2011-11-08 12:39 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-12 08:17 . 2011-11-08 12:39 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-09 11:14 . 2011-11-08 11:59 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-05-22 07:30 . 2011-11-08 12:39 80768 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2012-04-26 17:01 . 2012-04-26 17:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-04-26 17:01 . 2012-04-26 17:01 2155344 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-20 11:53 . 2012-04-20 11:53 47208 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-16 12:08 . 2012-03-28 10:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2011-01-12 514544]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-06 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2011-03-10 93240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Zarafa auto-updater launcher"="c:\program files (x86)\Zarafa\Zarafa Outlook Client\ZarafaLaunchUpdater.exe" [2011-09-26 53440]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2012-07-09 115624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-13 296056]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\danielsiegrist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)
"NoHardwareTab"= 1 (0x1)
"NoSecurityTab"= 1 (0x1)
"ConfirmFileDelete"= 1 (0x1)
"RecycleBinSize"= 10 (0xa)
"NoFavoritesMenu"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoStartMenuEjectPC"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-11-08 53880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-06 203776]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-27 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2010-11-27 1907656]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S2 ZarafaUpdaterService.exe;Zarafa Updater Service;c:\program files (x86)\Zarafa\Zarafa Outlook Client\ZarafaUpdaterService.exe [2011-09-26 378560]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-02-06 9090048]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-02-06 299520]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-21 316080]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2011-02-28 101416]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-04-05 1094712]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 Mbm3CBus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208]
S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912]
S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528]
S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-11-08 12904]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-03-04 277032]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 12:35]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleFordanielsiegrist.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-07-11 c:\windows\Tasks\HPCeeScheduleForPC-826$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\danielsiegrist\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2011-09-24 5398528]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bielertagblatt.ch
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 172.20.1.84 172.20.1.86
TCP: Interfaces\{4A84D4C2-2593-4FCE-BFC1-8327D6259BE4}: NameServer = 138.188.101.186 138.188.101.189
FF - ProfilePath - c:\users\danielsiegrist\AppData\Roaming\Mozilla\Firefox\Profiles\n6ab4d2d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.bielertagblatt.ch
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-File Sanitizer - c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
Wow6432Node-HKLM-Run-ISUSPM Startup - c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Wow6432Node-HKLM-Run-ISUSScheduler - c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
SafeBoot-Symantec Antvirus
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-13 18:37:12
ComboFix-quarantined-files.txt 2012-07-13 16:37
.
Vor Suchlauf: 11 Verzeichnis(se), 254'648'336'384 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 253'910'335'488 Bytes frei
.
- - End Of File - - 2933D6774208E7CABCF0B1CC57A93463
So ich hoffe, dass jetzt alles erledigt ist. Besten Dank. |
|
14.07.2012, 16:15
| #6 |
| /// Malware-holic | Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 |
|
| Themen zu Trojaner "Ihr Computer wurde gesperrt" - Ukash EUR 100 |
| alternate, antivirus, askbar, bho, computer, defender, document, error, excel, firefox, flash player, format, gesperrt, home, ihr computer wurde gesperrt, install.exe, intranet, log-datei, logfile, microsoft office word, plug-in, programm, registry, rundll, scan, searchscopes, security, software, symantec, trojaner, windows |
Linear-Darstellung
