Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner am 24.07.12, Win 7, 64 bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2012, 19:58   #1
blascore
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit



Hallo,
habe mir gestern beim Surfen den GVU-Trojaner (meines Erachtens nach die Version 2.07) zugezogen. Folgende Maßnahmen sind bisher erfolgt:
Anwendung der Kaspersky Rescue Disk - daraufhin hatte ich wieder vollen Zugriff auf meinen Rechner.
Mehrmaliges Scannen mit Kaspersky und Avira free: ohne Befund. Habe jetzt beim Recherchieren aber mitbekommen, dass diese Maßnahmen nicht unbedingt ausreichen (mein Online-Banking -Zugang ist gesperrt, weil die Bank den Trojaner wohl mitbekommen hat und ebay empfahl mir eine Änderung meines Passwortes). Derzeit läuft "Malewarebytes Anti-Maleware" und zeigt bereits 2 infizierte Objekte an. Wie gehe ich für eine restlose Säuberung vor? Bereits jetzt Dank im Voraus.

Alt 25.07.2012, 21:04   #2
t'john
/// Helfer-Team
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.07.2012, 22:27   #3
blascore
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit



Hallo T´john,
danke für die schnelle Reaktion.
Hier die logfiles:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steffen :: STEFFEN-PC [Administrator]

25.07.2012 21:40:34
mbam-log-2012-07-25 (21-40-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 30065
Laufzeit: 20 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2296 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart.

(Ende)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.07.2012 22:58:30 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,74% Memory free
15,96 Gb Paging File | 14,08 Gb Available in Paging File | 88,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 144,48 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive D: | 265,76 Gb Total Space | 265,66 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 130,20 Gb Free Space | 87,36% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CDD06A-EAE5-411C-A3FC-B55BC165E8D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0707E2EB-BB7A-4EF2-9C04-3F86E6D219EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0ABAEBE0-F528-43FA-82A4-9022C6FFABCB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{258AA749-A30B-432D-AD6C-E7E03C3662AB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3A4BBBEA-455F-4473-8DE6-ECB6C50DAFB6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{66418C4E-D328-4160-87BC-57F2B42EE803}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{66B2D422-2A67-4F72-AFD7-D60662173038}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{70AD515B-08A1-401A-A437-9435ECE03CAA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{7D0DD1A3-C3AE-4AA5-A480-535BE72A1540}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7FEAF48F-A059-411A-980F-02E879FF3E50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{856E4C22-D59D-4A31-BCE8-958C6FAB8823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{86D1D991-AC0A-452C-979A-79289AB6D7A4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{950DC935-7B5C-40E3-8963-353937A90713}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9B3E6BC6-2408-4AE3-AEC9-AC162FDD8FC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D0CBD46-C35B-46F8-A274-701233D04309}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A11C4803-B7B0-45A6-9EB3-4644B7528ADF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A2CA89AF-A383-4A85-81F5-4B0CD749A9AE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A34BACB5-72B1-4E45-9626-2F6309F8A41E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9CF2A1A-49A1-4794-82EB-63D0C3D1BEC0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AEB9805F-D6EF-4B61-8B6D-F5B9A5568D28}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BDF169F1-29C0-4A0B-BD90-8D7701C1739C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CE131DF4-A03A-4B74-8BA3-C239F646AC75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D7FB55F8-550C-4AFC-9FB3-BDE430D042C0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{D81C0C35-A3F3-4E87-B6ED-F6500B14DD4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DD5BF755-3E05-4B5D-8488-5417B8E96383}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2E84A84-25AF-41EE-AE21-8A4D16A76DD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2254216-C016-4A85-9A7D-73BC4472C2A5}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096FF3EE-204D-4861-8175-C8AFB7ABF55F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{09EB513B-B3CF-4C8B-B6CA-88E3F183ECF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{0D15A642-6828-413B-9C35-E45A470ABA75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EF3E1E9-B411-4A4A-A635-32D595F2E7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17760620-5B57-49DA-81C7-D8DFDC50E86A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{197495DA-4AEB-4FD4-8FD2-45D8AF0982D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1F8A9BE6-20E3-4C22-9CDC-B69EA1A379E8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1FFE9307-BC01-4CB3-B695-583ADD2A1FF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30B527C8-8E26-4017-BBC8-56E970782DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4D35BD29-86B4-4F73-BF6B-8DA5A6E3797B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{53CB8D72-C6DC-4909-8B63-E84E832A2EA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{55DFBE4D-3374-4CD1-909A-D9DC6A2B2717}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{583947A2-EFEE-4523-9A41-09C1143897D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6529E77C-FE73-4549-8BD9-EF46BCD302E3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6DF83B99-3C05-48B4-A98B-B769DB5E0EC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71E82813-AC6F-47DB-9E3A-D15C1F4ACDB5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{7F612132-E811-4B19-9BFC-A7BB250F049D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{842537F8-C284-46B2-BFE0-E5C59A937823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A6FBC7A-9160-4E35-8AB7-4B8EE8ADCDA5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8B6F1B8D-D141-4730-AA44-3586ECF7DFB5}" = protocol=6 | dir=out | app=system | 
"{8BC686EB-CC6A-4BBD-8210-8B7B7C6723C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A58D05E-A065-4C45-947C-398C6724D653}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC3EA8FF-4577-4C77-9061-5FD07D755489}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{B4153421-D87C-4695-8597-05AE200EF83D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B93ED2DA-BAE8-4E6F-A4C0-97AC218E21E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B9C9BBA3-45C4-425C-A0A6-15984E60BAB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C113BD8A-9607-4F25-9017-CF3763095126}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C20C69BF-4AC1-4F2C-81BB-F0C68EDA308C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C7F0A131-40FC-4855-A53C-2DBFD24B69C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CEB66317-37FF-4D14-A3E1-D4571E5AA619}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{D06FE244-D382-485C-93F5-0D294269448A}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{DBE35843-D877-4F06-9644-E26A8E933B24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E895D0D2-CD37-4B9B-8378-DA746CEB10E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA9D3733-F0A7-4CC4-97A0-DA3D1982BF8C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{560D7F33-2BC6-4E06-AD17-3C24B29C9483}C:\users\steffen\appdata\roaming\etisu\qaneu.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\etisu\qaneu.exe | 
"TCP Query User{B9E4AE36-BD69-4FD4-87EC-A51229B21759}C:\users\steffen\appdata\roaming\etisu\qaneu.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\etisu\qaneu.exe | 
"TCP Query User{D093C441-A65A-4B92-A72E-FC85263D78C4}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{4D276F18-1C00-45E8-8B63-8803127460A0}C:\users\steffen\appdata\roaming\etisu\qaneu.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\etisu\qaneu.exe | 
"UDP Query User{88663F78-F8CA-4401-A40D-5439B0DF0FB2}C:\users\steffen\appdata\roaming\etisu\qaneu.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\etisu\qaneu.exe | 
"UDP Query User{F7563FE3-D1C0-4173-B9BE-C9328DCEF9F2}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{54B0845F-5540-4492-9939-CD8880ABABF0}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25D56EF8-ED54-41F2-B3AB-C62F76A54E1E}" = KCService.de Fernwartung
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Creative Centrale" = Creative Centrale
"Creative Removable Disk Manager" = Creative-Manager für Wechseldatenträger
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2012 08:23:53 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2012 09:28:54 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2012 10:16:37 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2012 15:01:01 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 01:43:26 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2012 09:45:39 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2012 01:25:02 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2012 01:43:43 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2012 11:23:32 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2012 00:42:14 | Computer Name = Steffen-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 03.07.2012 05:37:25 | Computer Name = Steffen-PC | Source = MCUpdate | ID = 0
Description = 11:37:21 - Fehler beim Herstellen der Internetverbindung.  11:37:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 18.06.2012 12:13:33 | Computer Name = Steffen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 18:08:34 unerwartet heruntergefahren.
 
Error - 30.06.2012 07:57:20 | Computer Name = Steffen-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.07.2012 03:23:33 | Computer Name = Steffen-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 15.07.2012 12:34:05 | Computer Name = Steffen-PC | Source = bowser | ID = 8003
Description = 
 
Error - 16.07.2012 02:25:51 | Computer Name = Steffen-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 16.07.2012 02:25:51 | Computer Name = Steffen-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 16.07.2012 02:25:51 | Computer Name = Steffen-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 16.07.2012 02:25:51 | Computer Name = Steffen-PC | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 40.
 
Error - 16.07.2012 03:30:24 | Computer Name = Steffen-PC | Source = bowser | ID = 8003
Description = 
 
Error - 16.07.2012 12:28:34 | Computer Name = Steffen-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.07.2012 23:15:50 - Run 4
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,28% Memory free
15,96 Gb Paging File | 14,07 Gb Available in Paging File | 88,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,00 Gb Total Space | 144,48 Gb Free Space | 72,24% Space Free | Partition Type: NTFS
Drive D: | 265,76 Gb Total Space | 265,66 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 130,20 Gb Free Space | 87,36% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Microsoft Corporation.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (Creative Service for CDROM Access) -- C:\Windows\SysWOW64\CTSVCCDA.EXE (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (AthDfu) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E117F7FF-430E-459C-9919-42B7C1F24E59}
IE:64bit: - HKLM\..\SearchScopes\{E117F7FF-430E-459C-9919-42B7C1F24E59}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E117F7FF-430E-459C-9919-42B7C1F24E59}
IE - HKLM\..\SearchScopes\{E117F7FF-430E-459C-9919-42B7C1F24E59}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kiebel.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://syb.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF E2 43 5F F7 D1 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.10 19:25:50 | 000,000,000 | ---D | M]
 
[2012.05.25 10:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.05.25 10:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.24 06:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\w2g8jwv3.default\extensions
[2012.07.10 19:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.24 06:14:10 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W2G8JWV3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C002960-66F1-4F64-A73B-5E1B934B0D05}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fbde00d4-a4f3-11e1-a38d-c860001d5259}\Shell - "" = AutoRun
O33 - MountPoints2\{fbde00d4-a4f3-11e1-a38d-c860001d5259}\Shell\AutoRun\command - "" = K:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 23:15:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.07.25 20:41:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.07.25 20:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 20:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 20:41:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 20:41:36 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\Malwarebytes' Anti-Malware
[2012.07.25 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{74CE7E84-0AC0-41E6-BAAF-1B54A640D761}
[2012.07.25 14:30:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{0775EF2C-3823-47B9-944C-BB470B397657}
[2012.07.25 07:39:40 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{87DF1885-2E1D-40CB-A95F-1605E4A196E0}
[2012.07.24 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{EA166FAE-C0AC-420D-B1C8-89F5EEA59233}
[2012.07.24 17:36:43 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{37C18D68-CD79-44A5-95BD-B6BF190FB414}
[2012.07.24 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C0AD25C2-4359-49AC-A18C-5B828D6EB906}
[2012.07.24 13:10:16 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.24 13:07:58 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{BA71FBE0-23F0-4FC3-8D11-6EB726FD069B}
[2012.07.23 20:13:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{A2A7FA14-EC0A-4CEA-9226-1407BB0BCA2A}
[2012.07.23 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C372A4CB-BCFA-4931-937D-6E85208F7700}
[2012.07.22 18:55:53 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{CABED089-E1C5-4269-BF47-D8AAFE8F931C}
[2012.07.22 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{3BC902EF-7E84-408C-B2EF-E541CF2F5A54}
[2012.07.21 08:00:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C2DCDED4-538A-4EAC-88AB-1188CC6B7A7E}
[2012.07.20 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Desktop\Spiele
[2012.07.20 20:55:06 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empire Interactive
[2012.07.20 20:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire Interactive
[2012.07.20 17:05:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{61B0E9CB-1E73-4E85-B41E-F18BD4840C90}
[2012.07.20 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{097A8024-369B-4FE8-8905-915679614AEF}
[2012.07.20 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{407065C5-4F97-4C7A-B119-525AD6B1808B}
[2012.07.20 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{72DA036B-E10A-45E3-A5F7-655B0CE6FB50}
[2012.07.19 21:30:36 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{1D2AE218-F520-4EFE-84BA-354DB114A05D}
[2012.07.19 21:30:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{7D60DED4-6AB4-452D-BE8C-A5BAC43FC488}
[2012.07.19 07:37:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{38025A37-C69D-484B-B59B-102520523667}
[2012.07.19 07:36:51 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{437E166D-4A2C-49FF-BACA-4A9E593CF3A2}
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Ibnyfe
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Faofop
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Etisu
[2012.07.18 17:06:31 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{FEDE4F8C-FD42-4D89-B680-AE9764473CBD}
[2012.07.18 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{0D97CCD7-1A26-4E0E-AA29-20558B62D0F5}
[2012.07.17 06:42:25 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{867A5C21-A538-45EE-AAAC-9B35932E573A}
[2012.07.17 06:42:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{9BEC99A9-84B7-4FA9-B39B-FCAC3B456D86}
[2012.07.16 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C7ABB24D-4ACA-4DE5-AEB4-4104266174F2}
[2012.07.16 14:44:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{23F14A84-30F5-4516-B892-D491B44FD961}
[2012.07.15 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{7C1B52DB-F9BB-43AE-A55A-EC42B035549C}
[2012.07.15 23:05:45 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{BAF16A8C-4524-4BD8-AD5A-470BD0634767}
[2012.07.14 23:18:43 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{AA2361FE-C320-4F14-9C27-58B6B2A79760}
[2012.07.14 23:18:21 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{D418B307-B2B6-46D9-999A-4C56948C4086}
[2012.07.14 09:17:24 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Amazon
[2012.07.13 13:17:23 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{EF6F9EFB-0D87-429D-B5C1-59B49EF68DB4}
[2012.07.13 13:17:00 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{CE7D53BC-F9FA-4A32-A234-7D3EE1FA913D}
[2012.07.12 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{17E0B3F6-F680-4C15-B027-F17F44AA9133}
[2012.07.11 22:13:32 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{226EF086-1E78-4576-A169-678D7F2DF33F}
[2012.07.11 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{B52449ED-2C96-4C2F-86E5-BB99C78CC2D3}
[2012.07.11 17:55:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{28023BD9-8F13-4A84-AD8A-464E490C6FCC}
[2012.07.11 14:06:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{B372A019-A4EC-410B-83F1-C86C14739074}
[2012.07.11 06:50:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 06:50:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 06:50:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 06:50:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 06:50:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 06:50:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 06:50:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 06:50:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 06:50:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 06:50:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 06:50:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 06:50:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 06:50:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 06:32:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{56D17C4D-BD2B-4873-83D7-E8DBB68F8886}
[2012.07.11 06:32:28 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{34963191-3AD4-4C99-B3AD-14ECDD0DF601}
[2012.07.11 06:31:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 06:31:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 06:31:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 06:31:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 06:31:04 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 19:41:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{A091D793-8C6C-417C-9BBF-A6167EA1CE53}
[2012.07.10 19:40:51 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{8FFA0377-3DA7-4B15-A2D1-8B20D00510DF}
[2012.07.10 19:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.10 19:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.10 07:28:59 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.10 06:29:07 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{83AA4E18-7BBC-4130-931E-2361AF28A673}
[2012.07.10 06:28:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{A29EC1CE-7E27-4EEF-9E4F-8DD5C17AF73A}
[2012.07.08 21:29:43 | 000,000,000 | ---D | C] -- C:\Users\Steffen\PLATTENSPIELER PHILLIPS AG 9137 D-95 SUPERGERÄT VON 1957!!!  eBay-Dateien
[2012.07.08 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{9FBF5C74-90BE-41F6-B8F5-05EFE91E7AC6}
[2012.07.08 20:09:33 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{F7636CBD-EA57-489D-8591-2F6081348C30}
[2012.07.08 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{2D683769-EF04-49E1-901D-62F86447AE39}
[2012.07.08 19:23:36 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{2886CF11-1CA9-4E42-8FEB-0330C700091D}
[2012.07.08 07:11:59 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{8C3BD523-7830-4075-881C-B05236AFCB46}
[2012.07.08 07:11:36 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{5E74A04D-B772-4889-8027-712166EC6EA7}
[2012.07.07 16:30:02 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{DE62E2B4-5CBA-4874-BC1E-F0F5C923488A}
[2012.07.07 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{97FEB021-D48E-4FE6-BDCF-E485D6D1ED84}
[2012.07.07 10:16:33 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{6E478CDC-085D-41FC-8046-56D40528ED4F}
[2012.07.07 10:16:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{DAD21938-6567-4B4E-A4C7-ACAA4AA9FFAD}
[2012.07.06 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{83A6A14E-1664-4196-97CB-4EEF964E3058}
[2012.07.06 22:08:05 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{B5440DF9-E8FD-4E9C-839F-0849C3241516}
[2012.07.06 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{E7A45EA6-465F-4043-B228-7FD9456A21AE}
[2012.07.06 06:47:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{0A8E7E86-A5E9-4D70-9000-F13EA3C60C98}
[2012.07.05 17:54:33 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{7C054E17-633A-4E8C-8388-01F95C3E45F6}
[2012.07.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{7B9E99CA-EF5E-44C9-966D-B1E415715038}
[2012.07.04 22:07:23 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{D11D0894-6479-4C1F-A93C-900629764C6F}
[2012.07.04 22:07:00 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{952FE548-1612-4D52-80EF-E9599E6A7C72}
[2012.07.01 07:57:37 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{02F20818-BA90-4FC8-B116-AB8AF2A829BB}
[2012.07.01 07:57:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{8FDD07AF-C143-4335-90AD-1038CCE42F5E}
[2012.06.30 08:04:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{87BC0CDE-1249-4FD6-852E-FB55E5D6C778}
[2012.06.30 08:03:41 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{C2981514-2003-461A-99E0-3757C5C0C036}
[2012.06.29 18:53:23 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{AC5E2D62-2995-4D1A-8826-18FB9096F8B6}
[2012.06.29 18:53:01 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{93F1494C-FEFC-417E-B42E-4C8D6E003A73}
[2012.06.29 06:52:33 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{5626B808-A198-4756-8574-A3634FF37939}
[2012.06.29 06:52:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{8F57AD69-F215-443F-A66D-BC4AAE362A99}
[2012.06.28 18:07:37 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{61A1AB77-2750-4B2B-8BED-CB2B782F14DA}
[2012.06.28 18:07:26 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{35C3458E-CE70-433A-B811-865E7E7A13C8}
[2012.06.28 07:29:34 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{756F394E-CD73-4344-9A7C-6572F45C7C16}
[2012.06.27 16:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.06.27 13:19:37 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{009702CA-0A7D-44C9-AC4F-3ABCD7F53FF7}
[2012.06.27 13:19:25 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{B49A2620-C9D2-4DB5-A03E-EE879EFA95BE}
[2012.06.26 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{AF360CC3-2413-4E43-B897-86467016AC18}
[2012.06.26 22:00:23 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\{0F5D5A5E-46FA-4E8B-A05F-6D100974179B}
[1 C:\Users\Steffen\*.tmp files -> C:\Users\Steffen\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 23:15:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.07.25 21:52:46 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 21:52:46 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 21:51:21 | 001,619,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.25 21:51:21 | 000,698,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.25 21:51:21 | 000,654,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.25 21:51:21 | 000,148,944 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.25 21:51:21 | 000,121,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.25 21:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 21:45:07 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 20:41:41 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 10:34:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.18 17:00:05 | 000,067,790 | ---- | M] () -- C:\Users\Steffen\Documents\Steffen Babyfoto.jpg
[2012.07.11 16:32:24 | 000,000,824 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN19P1P1WQ05QV.job
[2012.07.11 13:16:29 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 19:25:54 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.08 21:29:43 | 000,095,772 | ---- | M] () -- C:\Users\Steffen\PLATTENSPIELER PHILLIPS AG 9137 D-95 SUPERGERÄT VON 1957!!!  eBay.htm
[2012.07.08 18:41:42 | 000,798,997 | ---- | M] () -- C:\Users\Steffen\Documents\Bummi 2..jpg
[2012.07.08 18:40:38 | 000,911,529 | ---- | M] () -- C:\Users\Steffen\Documents\Bummi 1..jpg
[2012.07.08 18:38:40 | 000,353,488 | ---- | M] () -- C:\Users\Steffen\Documents\Josetti 4..jpg
[2012.07.08 18:37:28 | 000,589,765 | ---- | M] () -- C:\Users\Steffen\Documents\Josetti 3..jpg
[2012.07.08 18:35:55 | 000,433,652 | ---- | M] () -- C:\Users\Steffen\Documents\Josetti 2..jpg
[2012.07.08 18:33:14 | 000,285,182 | ---- | M] () -- C:\Users\Steffen\Documents\Josetti 1.jpg
[2012.07.08 18:15:20 | 000,140,975 | ---- | M] () -- C:\Users\Steffen\Documents\Berlin Postkarte Rückseite.jpg
[2012.07.08 18:12:18 | 001,092,554 | ---- | M] () -- C:\Users\Steffen\Documents\Berlin Postkarte.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 15:34:25 | 000,023,552 | ---- | M] () -- C:\Users\Steffen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Steffen\*.tmp files -> C:\Users\Steffen\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.25 20:41:41 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.24 09:17:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.18 17:00:05 | 000,067,790 | ---- | C] () -- C:\Users\Steffen\Documents\Steffen Babyfoto.jpg
[2012.07.08 21:29:43 | 000,095,772 | ---- | C] () -- C:\Users\Steffen\PLATTENSPIELER PHILLIPS AG 9137 D-95 SUPERGERÄT VON 1957!!!  eBay.htm
[2012.07.08 18:41:28 | 000,798,997 | ---- | C] () -- C:\Users\Steffen\Documents\Bummi 2..jpg
[2012.07.08 18:40:14 | 000,911,529 | ---- | C] () -- C:\Users\Steffen\Documents\Bummi 1..jpg
[2012.07.08 18:38:39 | 000,353,488 | ---- | C] () -- C:\Users\Steffen\Documents\Josetti 4..jpg
[2012.07.08 18:37:04 | 000,589,765 | ---- | C] () -- C:\Users\Steffen\Documents\Josetti 3..jpg
[2012.07.08 18:35:54 | 000,433,652 | ---- | C] () -- C:\Users\Steffen\Documents\Josetti 2..jpg
[2012.07.08 18:33:14 | 000,285,182 | ---- | C] () -- C:\Users\Steffen\Documents\Josetti 1.jpg
[2012.07.08 18:14:52 | 000,140,975 | ---- | C] () -- C:\Users\Steffen\Documents\Berlin Postkarte Rückseite.jpg
[2012.07.08 18:11:47 | 001,092,554 | ---- | C] () -- C:\Users\Steffen\Documents\Berlin Postkarte.jpg
[2012.05.23 23:02:18 | 000,023,552 | ---- | C] () -- C:\Users\Steffen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.23 17:27:47 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.05.23 17:15:51 | 000,000,017 | ---- | C] () -- C:\Users\Steffen\AppData\Local\resmon.resmoncfg
[2012.05.18 12:31:48 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.05.18 12:31:48 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.05.18 12:31:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.05.18 12:31:46 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.02.09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.13 15:27:07 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.13 14:35:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

< End of report >
         
--- --- ---


Hoffe, ich habe alles richtig gemacht.
__________________

Alt 26.07.2012, 11:22   #4
t'john
/// Helfer-Team
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E117F7FF-430E-459C-9919-42B7C1F24E59} 
IE:64bit: - HKLM\..\SearchScopes\{E117F7FF-430E-459C-9919-42B7C1F24E59}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {E117F7FF-430E-459C-9919-42B7C1F24E59} 
IE - HKLM\..\SearchScopes\{E117F7FF-430E-459C-9919-42B7C1F24E59}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKLM..\Run: [] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{fbde00d4-a4f3-11e1-a38d-c860001d5259}\Shell - "" = AutoRun 
O33 - MountPoints2\{fbde00d4-a4f3-11e1-a38d-c860001d5259}\Shell\AutoRun\command - "" = K:\pushinst.exe 

[2012.07.24 10:34:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 
 

[2012.07.11 16:32:24 | 000,000,824 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN19P1P1WQ05QV.job 
:Files
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Ibnyfe
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Faofop
[2012.07.18 20:08:12 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Etisu
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.07.2012, 15:49   #5
blascore
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit



Hallo trojaner-board, hallo T´john,

habe mich jetzt doch entschlossen (u.a. auf Anraten meines Schwagers, einem IT-Fachmann), die radikale und sichere Methode des Neuaufspielens des Betriebssystems durchzuführen.
Ich danke Euch / Dir für die Hilfsbereitschaft und hoffe, der bisherige Aufwand war nicht all zu groß. Auf jeden Fall empfehle ich Euch weiter und wer weiß, vielleicht brauche ich ja in Zukunft noch einmal Eure Unterstützung.
Nochmals Danke an Euch und weiterhin viel Erfolg mit Eurer Seite.


Alt 26.07.2012, 15:59   #6
t'john
/// Helfer-Team
 
GVU-Trojaner am 24.07.12, Win 7, 64 bit - Standard

GVU-Trojaner am 24.07.12, Win 7, 64 bit



Ich empfehle dir zumindest den Fix auszufuehren.

Dann Daten sichern und Neuaufsetzen: http://www.trojaner-board.de/51262-a...sicherung.html

Bei Fragen, melden.
__________________
--> GVU-Trojaner am 24.07.12, Win 7, 64 bit

Antwort

Themen zu GVU-Trojaner am 24.07.12, Win 7, 64 bit
avira, bereits, e-banking, ebay, erfolg, folge, folgende, free, gesperrt, gestern, infizierte, kaspersky, malewarebytes, maßnahmen, online-banking, rescue, scan, scanne, scannen, surfe, surfen, säuberung, unbedingt, version, version 2.07, win, zugriff




Zum Thema GVU-Trojaner am 24.07.12, Win 7, 64 bit - Hallo, habe mir gestern beim Surfen den GVU-Trojaner (meines Erachtens nach die Version 2.07) zugezogen. Folgende Maßnahmen sind bisher erfolgt: Anwendung der Kaspersky Rescue Disk - daraufhin hatte ich wieder - GVU-Trojaner am 24.07.12, Win 7, 64 bit...
Archiv
Du betrachtest: GVU-Trojaner am 24.07.12, Win 7, 64 bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.