Gesperrtes System_Trojaner Bundespolizei_Win7 32bit

Elektritze · 31.08.2012, 13:51

Hallo und erstmal ein dickes Lob für dieses hervorragende Forum und die unermüdlichen Helfer!!!

Ich habe hier einen Rechner, der sich diesen Verschlüsselungs-Trojaner eingefangen hat.
Es ist wohl die Version 1.14, wie ich auf einer anderen Website gesehen habe.

Die Symptome sind halt der gesperrte Bildschirm und die Umwandlung der Dateinamen in irgendwelche sinnlosen Buchstabenkombis ohne Dateiendung!

Ich habe schon mal die "Erstanweisungen" befolgt:

- Defogger ausgeführt
- Scan mit OTL
- Scan mit Gmer
- Scan mit Malwarebytes (verkehrte Reihenfolge...?

)

Das Problem war, dass ich erst nur über den abgesicherten Modus ins System kam, daher habe ich die schädliche Datei schon mal lokalisiert und den Eintrag aus dem Systemstartmenue entfernt.

Sie war in einem Ordner "Uurlrr" in C:\Users\Anwender\AppData\Roaming.
Außerdem war im Systemstart eine Verknüpfung zu C:\Users\Anwender\AppData\Roaming \logons.exe, die habe ich auch erstmal deaktiviert, kam mir irgendwie suspekt vor...

Ich hoffe, das war kein Vorgriff entgegen euren Anweisungen, gelöscht habe ich ja nichts.
Jedenfalls war die Sperrung dann erstmal deaktiviert und ich kam wieder normal ins System!

Mit Malwarebytes habe ich dann einen vollständigen Scan durchgeführt, da ich nicht sicher war, ob sich vielleicht auf D: auch was eingenistet hat...
Das Programm hat dann auch die von mir aus dem Systemstart entfernte Datei identifiziert!
Habe ich daraufhin von Malwarebytes entfernen lassen (nach dem Erstellen des Logfiles!)

Wie ist das eigentlich mit zuvor angeschlossenen externen Laufwerken, sollte man die auch noch irgendwie "behandeln"?

Hier nun die Logfiles:

Code:

ATTFilter

OTL logfile created on: 31.08.2012 07:36:08 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Anwender\Desktop\Virus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,98% Memory free
5,95 Gb Paging File | 5,47 Gb Available in Paging File | 91,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 198,71 Gb Free Space | 85,36% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 230,41 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive F: | 121,64 Mb Total Space | 121,07 Mb Free Space | 99,53% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 01:09:04 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Anwender\Desktop\Virus\OTL.exe
PRC - [2012.08.02 13:09:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.02 13:09:06 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.15 12:38:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.02 13:09:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.07 17:13:37 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2012.05.21 12:17:52 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.10 15:42:32 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.04.10 15:42:28 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.07 01:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 16:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Programme\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv)
DRV - [2012.07.07 09:24:01 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 15:06:36 | 000,091,760 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.21 18:46:20 | 000,315,368 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV - [2012.02.21 18:46:18 | 000,102,888 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV - [2012.01.06 10:44:30 | 000,043,104 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\asahci32.sys -- (asahci32)
DRV - [2011.12.06 04:22:02 | 000,280,576 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011.11.10 00:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010.11.22 10:25:22 | 000,046,184 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Programme\Free Ride Games\X6XSEx.sys -- (X6XSEx)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.08.07 11:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.11 14:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2006.11.02 08:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb134/?search={searchTerms}&loc=search_box&a=6OyHcmxOed
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10018&barid={A5BC2C2D-CC06-11E1-AB8B-BC5FF400BD6C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com/mb135?a=6OyHcmxOed"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/mb134/?loc=ff_address_bar&a=6OyHcmxOed&search="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com/mb134?a=6OyHcmxOed"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.02 13:09:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.07 09:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Extensions
[2012.07.12 11:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anwender\AppData\Roaming\mozilla\Firefox\Profiles\sbo2ndgd.default\extensions
[2012.07.07 10:15:23 | 000,002,195 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\MyStart Search.xml
[2012.07.12 11:48:00 | 000,003,998 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\sbo2ndgd.default\searchplugins\sweetim.xml
[2012.07.07 09:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.02 13:09:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anwender\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anwender\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Anwender\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - Extension: YouTube = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PDF Genie 5.0) - {BDA33FF0-AD30-4335-9082-D5967EADB37D} - C:\Programme\DATA BECKER\PDF Genie 5.0\iexp32.dll (DATA BECKER)
O4 - HKLM..\Run: [Arcor Online]  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKCU..\Run: [4E5B272F] C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe ()
O4 - HKCU..\Run: [Arcor Online]  File not found
O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [logons] C:\Users\Anwender\AppData\Roaming\logons.exe (saw Question)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AC05CDA-1B05-42BC-86D9-D8E216D494D5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A9D0F3-44EA-4615-9336-C7BB35AE0CF3}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bcb57192-c5ac-11e1-8ef7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd5d448c-c5ae-11e1-8c72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff840267-c803-11e1-8b49-bc5ff400bd6c}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 07:20:02 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\Virus
[2012.08.31 07:14:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.08.30 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012.08.30 21:40:24 | 000,000,000 | ---D | C] -- C:\Windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}
[2012.08.29 22:27:06 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.08.29 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Zrrlshn
[2012.08.23 09:00:58 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Corel User Files
[2012.08.11 12:27:07 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Documents\Neuer Ordner
[2012.08.05 13:03:26 | 000,000,000 | ---D | C] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.08.05 13:02:16 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.08.05 13:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.08.05 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\Anwender\Desktop\OpenOffice.org 3.4 (de) Installation Files
[2012.07.07 09:11:31 | 000,010,752 | ---- | C] (Arcor Online GmbH) -- C:\Users\Anwender\AppData\Local\cmdial32.dll
[2009.07.14 01:11:09 | 000,147,456 | ---- | C] (saw Question) -- C:\Users\Anwender\AppData\Roaming\logons.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 07:27:21 | 000,000,000 | ---- | M] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:18:46 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.31 07:18:46 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.31 07:18:46 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.31 07:18:46 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.31 07:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 07:14:24 | 316,288,050 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.31 07:14:23 | 2398,355,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 06:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 06:43:02 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 06:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 08:17:49 | 000,442,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.29 22:56:19 | 000,002,679 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.29 16:19:54 | 000,006,656 | ---- | M] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.29 16:15:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000UA.job
[2012.08.29 13:15:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857302832-1272101758-2402345916-1000Core.job
[2012.08.26 19:36:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\VfVtUoEnnoALfdnsAq
[2012.08.20 19:42:22 | 000,052,736 | ---- | M] () -- C:\Users\Anwender\Documents\NsNavsQgNaOJugrTDNTJs
[2012.08.20 17:30:42 | 000,031,445 | ---- | M] () -- C:\Users\Anwender\Documents\dqUGVdofndxLqjfEAs
[2012.08.17 20:54:41 | 000,002,667 | ---- | M] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.11 23:32:33 | 000,049,756 | ---- | M] () -- C:\Users\Anwender\Documents\gOgvNOgTQpNTXpQuNsOX
[2012.08.10 12:43:00 | 000,107,930 | ---- | M] () -- C:\Users\Anwender\Documents\NDNXOJQQNlXslrOapXll
[2012.08.05 13:02:16 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.08.02 16:13:26 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2012.08.31 07:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Anwender\defogger_reenable
[2012.08.31 07:14:24 | 316,288,050 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.29 22:56:19 | 000,002,679 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Word 2007.lnk
[2012.08.29 22:56:19 | 000,002,649 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 20:54:41 | 000,002,667 | ---- | C] () -- C:\Users\Anwender\Desktop\Microsoft Office Publisher 2007.lnk
[2012.08.17 16:09:53 | 000,006,656 | ---- | C] () -- C:\Users\Anwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.05 13:02:16 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.07.23 22:27:59 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.12 11:48:33 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012.07.08 17:47:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.07 12:23:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.07.07 12:23:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.07.07 12:23:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.07.07 12:23:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.07.07 12:23:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.07.07 12:23:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.07.07 12:23:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.07.07 12:23:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.07.07 12:23:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.07.07 12:23:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.07.07 12:23:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.07.07 12:23:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.07.07 12:23:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.07.07 12:23:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.07.07 12:23:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.07.07 12:23:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.07.07 12:23:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.07.04 10:02:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.07.04 09:58:15 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012.07.04 09:58:14 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2012.05.21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012.05.21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.05.21 10:39:58 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.05.21 10:38:44 | 000,000,255 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2012.03.07 01:40:26 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
 
========== LOP Check ==========
 
[2012.07.12 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Canneverbe Limited
[2012.07.07 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Epson
[2012.08.05 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\OpenOffice.org
[2012.07.07 17:17:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\ProtectDisc
[2012.08.29 22:27:06 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Uurlrr
[2012.07.07 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Verbindungsassistent
[2012.08.14 22:44:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 31.08.2012 07:28:30 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Anwender\Desktop\Virus
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,98 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,79% Memory free
5,95 Gb Paging File | 5,50 Gb Available in Paging File | 92,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,78 Gb Total Space | 198,72 Gb Free Space | 85,37% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 230,41 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive F: | 121,64 Mb Total Space | 121,07 Mb Free Space | 99,53% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27430247-2E29-4C81-A428-7FEAE2A59193}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{301C56C5-C851-4607-972C-0EB0C630326B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4258266B-5F84-4608-8B0C-1148803732B4}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{4F3CBA09-C74A-4EF8-98B7-2BB20CBCD935}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{9D459106-F40F-4414-BBD3-7E3DF79232AD}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A6DC482E-ACD2-4163-95A4-D3A54810ED3C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{A90592C1-2CCC-4303-B1DA-957158122D5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CA9F4287-A8EE-4A5A-ADDA-ACD1E6A7BD06}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{745DDE4E-8061-4E07-9201-2C21683F9287}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{DBFDC888-114D-44A8-8C9E-559C9E305DD6}C:\users\anwender\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\anwender\appdata\local\temp\usmt\migwiz.exe | 
"UDP Query User{C202D7EB-EB68-4485-9D60-3EF56BFB2140}C:\users\anwender\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\anwender\appdata\local\temp\usmt\migwiz.exe | 
"UDP Query User{EB452385-6BF4-4490-AB8D-BD6C6D7AC9D1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = PDF Genie 5.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"exent_642550" = Jewel Quest 3
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.03.00
"IncrediMail" = IncrediMail 2.0
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Genie 5.0_is1" = DATA BECKER PDF Genie 5.0
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Verbindungsassistent" = Verbindungsassistent
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2012 10:03:25 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11305
Description = 
 
Error - 02.08.2012 10:06:50 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11305
Description = 
 
Error - 02.08.2012 10:14:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 10.0.2616.0,
 Zeitstempel: 0x3a8f0315  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000008  ID des fehlerhaften
 Prozesses: 0x3f8  Startzeit der fehlerhaften Anwendung: 0x01cd70b920264047  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 5e535576-dcac-11e1-9fb8-bc5ff400bd6c
 
Error - 02.08.2012 16:24:35 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 10.0.2616.0,
 Zeitstempel: 0x3a8f0315  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000008  ID des fehlerhaften
 Prozesses: 0xb30  Startzeit der fehlerhaften Anwendung: 0x01cd70ecd4aa57a6  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 131a135d-dce0-11e1-be25-bc5ff400bd6c
 
Error - 05.08.2012 13:13:47 | Computer Name = ***-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 10.08.2012 06:45:26 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.08.2012 06:45:37 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.08.2012 05:46:30 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Volume\Professional\Connection.exe".
Die
 abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.08.2012 10:29:42 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IncMail.exe, Version: 6.3.2.5194,
 Zeitstempel: 0x4f82d06b  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c380b  ID des fehlerhaften
 Prozesses: 0xa5c  Startzeit der fehlerhaften Anwendung: 0x01cd85f068c3fd26  Pfad der
 fehlerhaften Anwendung: C:\Program Files\IncrediMail\Bin\IncMail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f8a17c06-f1e5-11e1-9b9c-bc5ff400bd6c
 
Error - 30.08.2012 15:31:38 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description = 
 
[ Media Center Events ]
Error - 23.08.2012 12:33:22 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:33:22 - Fehler beim Herstellen der Internetverbindung.  18:33:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.08.2012 12:33:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:33:51 - Fehler beim Herstellen der Internetverbindung.  18:33:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.08.2012 11:51:16 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:51:16 - Fehler beim Herstellen der Internetverbindung.  17:51:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.08.2012 11:51:49 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:51:45 - Fehler beim Herstellen der Internetverbindung.  17:51:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.08.2012 10:48:00 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:48:00 - Fehler beim Herstellen der Internetverbindung.  16:48:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.08.2012 10:48:32 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:48:29 - Fehler beim Herstellen der Internetverbindung.  16:48:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 09:52:57 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung.  15:52:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 09:53:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:53:26 - Fehler beim Herstellen der Internetverbindung.  15:53:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.08.2012 11:17:14 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 17:17:13 - Fehler beim Herstellen der Internetverbindung.  17:17:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 15:24:25 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:24:25 - Fehler beim Herstellen der Internetverbindung.  21:24:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 30.08.2012 22:50:09 | Computer Name = ***-PC | Source = Microsoft-Windows-DriverFrameworks-UserMode | ID = 10101
Description = Das Treiberpaket konnte nicht installiert werden. Der letzte Status
 war "1115".
 
Error - 31.08.2012 01:14:31 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?08.?2012 um 07:13:14 unerwartet heruntergefahren.
 
Error - 31.08.2012 01:14:31 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 31.08.2012 01:14:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AsrAppCharger  avipbb  avkmgr  discache  spldr  ssmdrv  Wanarpv6
 
Error - 31.08.2012 01:14:46 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 01:14:52 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 01:14:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 01:14:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-31 08:03:10
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45
Running: wtjrriwg.exe; Driver: C:\Users\Anwender\AppData\Local\Temp\pwlcruob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409  82484989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2    824A44E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           autochk.exe                               007111D2 1 Byte  [6C]
.text           autochk.exe                               007111D2 3 Bytes  [6C, 00, 6C]
.text           autochk.exe                               007111D6 1 Byte  [2C]
.text           autochk.exe                               007111D6 3 Bytes  [2C, 00, 2D]
.text           autochk.exe                               007111DA 1 Byte  [35]
.text           ...                                       

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.06

Windows 7 Service Pack 1 x86 FAT32
Internet Explorer 9.0.8112.16421
Anwender :: ***-PC [Administrator]

Schutz: Aktiviert

31.08.2012 17:03:25
mbam-log-2012-08-31 (18-18-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 291220
Laufzeit: 1 Stunde(n), 3 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Anwender\AppData\Roaming\Uurlrr\eueplelblu.exe (Trojan.Inject) -> Keine Aktion durchgeführt.

(Ende)

Nun warte ich auf weitere Instruktionen und sage schon mal im Voraus: "Herzlichen Dank"!

Gruß Susanne

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit

Plagegeister aller Art und deren Bekämpfung: Gesperrtes System_Trojaner Bundespolizei_Win7 32bit

Gesperrtes System_Trojaner Bundespolizei_Win7 32bit

Ähnliche Themen: Gesperrtes System_Trojaner Bundespolizei_Win7 32bit