| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom-InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2012, 15:05
| #1 |
| |  Trojan.Ransom-Infektion Anti-Malware vermeldet mir den Fund des Trojan.Ransom. Nun erbitte ich eure Hilfe bei der endgültigen Beseitigung des Fieslings. Der Anti-Malware-Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lars :: LARS-PC [Administrator] 03.09.2012 15:33:31 mbam-log-2012-09-03 (15-33-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201433 Laufzeit: 2 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL Extras logfile created on: 03.09.2012 15:50:13 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Lars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,54% Memory free
8,00 Gb Paging File | 5,74 Gb Available in Paging File | 71,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 80,89 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AEE3E5-9BE0-4F8C-B718-9E135E6B9498}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3190A989-F553-4761-BCBB-A3AAB254C734}" = lport=445 | protocol=6 | dir=in | app=system |
"{35A2CD90-F40F-4183-B7E6-372D4B2B94A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{40AC7F32-E139-42C8-B6B8-1BC1839D2A39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{417E403B-49BA-4DA4-A8A0-DA2BE133087D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BADF3CA-AC0D-4973-AC64-E653C24A8CAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D04E3E6-E964-4685-8D45-EDDBE9283E95}" = rport=138 | protocol=17 | dir=out | app=system |
"{53B7A91F-CD87-4C74-B723-C1C20A1C11E6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{53D4EBD9-5719-4B09-B1EE-41AABD0A8148}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E6965A4-119F-4E17-8893-544D9EF38116}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6E918369-4540-4144-A7D8-6DC89886C117}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFB3A6C-EC83-4CCF-8B0B-3978FD6E102F}" = lport=138 | protocol=17 | dir=in | app=system |
"{73CF36E1-B200-4EC6-BA9D-DB2393F2BE79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B589969-3B6B-4EDC-B7D8-41B8C533C649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A028E54-D771-4B68-9295-971319BD94FC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A91F1C6-635F-46BF-96D7-B50923E4625F}" = rport=445 | protocol=6 | dir=out | app=system |
"{958444CE-3723-41B9-894C-2EE251EFE7C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8FF2BFC-3DE5-4118-A408-39F1E9D30BFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB876F04-27AB-474B-91F7-30E00AE042E8}" = lport=80 | protocol=6 | dir=in | name=http |
"{BEB7FB14-A7EA-44A4-876C-7BEF9EECEE7A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C79D6E11-9DD7-4F8F-A230-CB6517D5EFCC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCB743AC-8CD8-492C-9580-E1D4C47482E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E115B713-EF06-4BD6-B79E-7C9680B0C80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC27EEE6-21D5-4EAF-8C18-9C16134EE2A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0627414E-3679-4B25-92CE-B773B7182137}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{07FDF522-5B63-43FA-A0EC-BC2114657199}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{15254041-5E6B-46BC-A958-7C25714BE58F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{39B93A8F-2C2A-46EF-A6F4-A72900ADFCD5}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{47FD95CF-5D31-4C96-961B-465D5F6FF4EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5FF93CCE-AFAB-451E-B840-40A196BEEDFA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{604A8BBA-E993-4DE2-A3E1-78DD4DC481C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe |
"{68C5C2C8-471A-4353-9D2B-B43CE3EB1929}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{838A353E-FF14-4D20-8D0B-511BA65ABB7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{87B88E5E-DBC7-441D-A2EE-6EF144576DCF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{89EAD9EC-FD42-47A4-BD0A-35CA5EE7380E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |
"{95D0EA74-1147-4798-86FD-3471E7732BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{9E91901E-9BC7-47B2-A060-43374C34FF90}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{A01633F8-BE88-4232-A8BB-269D21BF8A01}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{ABB67060-F400-4ED5-A75C-1B9145BF005B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AED82496-1129-40E4-9FE6-58E25BE3ABC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C543F3FE-AE53-42A9-B842-1E707F12051D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CBA21894-754F-4D15-A470-8F62CBA78943}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{CF7764E7-D5A2-4FEB-9040-0D9EF18071EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E655E257-466A-482B-ADB5-E8D906F17FD6}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{ECE3926D-D3F6-4BFC-9FAF-540D6141FFAD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{6A235C60-1743-4D72-9977-3AFDE8D50836}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{81EFA3AB-732E-4561-80D9-CC1F2516A46D}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{950F46BA-8B46-48C2-A151-9983EB7C6DBC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{A6E31FDD-2EF1-4B91-B063-4744AFFE1903}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B247CABB-8E40-4EF5-822F-9B03F25B9932}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{BC053CF3-1A94-4592-A089-36D797BAE2D9}C:\test\nmutil\nmserve.exe" = protocol=6 | dir=in | app=c:\test\nmutil\nmserve.exe |
"TCP Query User{E89D9805-6060-4F29-97FB-4713A3B1F083}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{2BF0DE8C-69F7-4713-893E-3FA23DBECE14}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{7D018620-2DC7-48A2-B928-CEB4D8788F86}C:\test\nmutil\nmserve.exe" = protocol=17 | dir=in | app=c:\test\nmutil\nmserve.exe |
"UDP Query User{81DFFD97-1B28-4DD0-8EFD-29C437E6B239}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{90AC7CFB-8DF5-4F0B-885B-8B7FF4BD04B1}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{C244D60C-7BF7-4BED-994C-D9C9EFF0C0FB}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{D869B2DC-ABA4-4949-93ED-2B27CDE525F3}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{D8DACB73-A224-4972-962D-CF3FB06079AF}C:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\der herr der ringe online\lotroclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{197F2BEF-2705-406E-8CEB-8E404FFFE414}" = VMLite Workstation
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D42871F-4A1E-82E5-9494-3012BA3084F2}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{6FCA487B-89F0-4378-E1BC-91B81BCD8C98}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X3
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{ED96A4F2-C990-0C70-33FA-AE213E8697C0}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"GIMP-2_is1" = GIMP 2.6.12
"maxdome - Online Videothek" = maxdome - Online Videothek
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"x64 Components_is1" = x64 Components v3.6.9
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.5
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B247BF7-D393-1855-C8B3-66DED90DCCB6}" = Catalyst Pro Control Center
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15219EE8-4DCC-C6C5-CB04-351D4DD72ACF}" = Catalyst Control Center InstallProxy
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A10CD9-E281-4F3F-850E-F41D144B97C6}" = LibreOffice 3.4 Help Pack (German)
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{442CB906-7844-E2F5-A2EB-90D44C0BF2DF}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{4AB3F9D4-0020-4A93-A7EB-C931C09ABD29}" = n-tv plus
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{59997DD7-9434-4D44-8DFA-26EB87DD96A1}" = WISE-FTP 6
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{666B1A9E-863B-4730-9FC9-B70B60E4C8C7}" = Compucon EOS 3.0
"{67D30650-3501-66ED-265A-20870A20A689}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7355D6F3-DBA4-4CD4-8FC3-B96FA766B642}" = calibre
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.110.12050
"{82FEA187-116E-4CDA-A333-AB6ED22380C7}_is1" = Audio 180% 7.5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{896052CA-1097-4275-B084-D74440881FE6}" = AKVIS SmartMask
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = soft Xpansion Perfect PDF 6 Converter
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{b582bad2-f527-422f-8e34-a56a52ec003d}" = Nero 9
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7AB751E-235F-4B3B-A1B7-400F1D20F139}" = StarMoney 7.0
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C2460E42-DD90-4CB5-BC67-ACE64FB0201E}_is1" = Inpaint 3 Install
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Auvisio DigiTV Device Utilities
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{DC4071FC-A3FF-4F6B-0001-CCB79085A90A}" = Formatwandler 4 SE
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F23159DD-B8B4-4993-9726-41DF962A3EA2}" = EOS 3.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB8BEF4C-E2B8-725E-F84A-AF6D1E4C8960}" = Catalyst Control Center Graphics Previews Common
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A1-Faktura_is1" = A1-Faktura 1.428
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobiSplitCat" = COMPUTER BILD Splitcat
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DigiFM_is1" = DigiFM Software
"DigiTV_is1" = DigiTV Software
"Drakensang_is1" = Drakensang
"DS-MP3 Source" = DS-MP3 Source 1.30
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.90
"FreeCommander_is1" = FreeCommander 2009.02b
"Freeware Faktura" = Freeware Faktura 2012.04.20
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20110718 code)
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 4.25
"HD Tune Pro_is1" = HD Tune Pro 5.00
"HyperCam 3" = HyperCam 3
"InfoRapid Suchen & Ersetzen" = InfoRapid Suchen & Ersetzen
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mobile Partner" = Mobile Partner
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Opera 12.01.1532" = Opera 12.01
"PartyPoker" = PartyPoker
"PRJPRO" = Microsoft Office Project Professional 2007
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"Sparfuchs_is1" = Sparfuchs
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"TVRTLDrv" = Auvisio DigiTV Device
"Update Engine" = Sony Ericsson Update Engine
"VirtualCloneDrive" = VirtualCloneDrive
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
"WinSysClean X3" = WinSysClean X3
"Wireshark" = Wireshark 1.6.5
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.13.1
"Wondershare vDownloader_is1" = Wondershare vDownloader(Build 1.0.0.5)
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Color Picker" = Color Picker
"Google Chrome" = Google Chrome
"Unicode Charts _ Tools" = Unicode Charts :: Tools
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.08.2012 07:39:07 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 27.08.2012 07:39:07 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 28.08.2012 19:30:53 | Computer Name = Lars-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 29.08.2012 06:23:20 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIMain.exe, Version: 1.0.0.1, Zeitstempel:
0x4ca41cf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xde4 Startzeit der fehlerhaften Anwendung: 0x01cd85c58048b7f6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 8ddaf142-f1c3-11e1-a7d1-00030d818492
Error - 30.08.2012 06:15:20 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: UIMain.exe, Version: 1.0.0.1, Zeitstempel:
0x4ca41cf9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x5cc Startzeit der fehlerhaften Anwendung: 0x01cd8691a6dfe100 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 99f15126-f28b-11e1-9aa1-00030d818492
Error - 31.08.2012 06:12:58 | Computer Name = Lars-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 31.08.2012 10:53:59 | Computer Name = Lars-PC | Source = RasClient | ID = 20227
Description =
Error - 31.08.2012 10:55:13 | Computer Name = Lars-PC | Source = RasClient | ID = 20227
Description =
Error - 01.09.2012 04:18:32 | Computer Name = Lars-PC | Source = VSS | ID = 12344
Description =
[ Media Center Events ]
Error - 09.08.2012 13:57:51 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 19:57:51 - Fehler beim Herstellen der Internetverbindung. 19:57:51
- Serververbindung konnte nicht hergestellt werden..
Error - 09.08.2012 13:58:05 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 19:57:56 - Fehler beim Herstellen der Internetverbindung. 19:57:56
- Serververbindung konnte nicht hergestellt werden..
Error - 13.08.2012 21:59:03 | Computer Name = Lars-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) USB Digital
TV
Error - 13.08.2012 22:01:10 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 04:01:09 - Fehler beim Herstellen der Internetverbindung. 04:01:09
- Serververbindung konnte nicht hergestellt werden..
Error - 13.08.2012 23:01:18 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 05:01:18 - Fehler beim Herstellen der Internetverbindung. 05:01:18
- Serververbindung konnte nicht hergestellt werden..
Error - 14.08.2012 00:01:25 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 06:01:25 - Fehler beim Herstellen der Internetverbindung. 06:01:25
- Serververbindung konnte nicht hergestellt werden..
Error - 14.08.2012 01:01:32 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 07:01:32 - Fehler beim Herstellen der Internetverbindung. 07:01:32
- Serververbindung konnte nicht hergestellt werden..
Error - 17.08.2012 04:53:33 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 10:53:32 - Fehler beim Herstellen der Internetverbindung. 10:53:32
- Serververbindung konnte nicht hergestellt werden..
Error - 22.08.2012 07:15:23 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 13:15:22 - Fehler beim Herstellen der Internetverbindung. 13:15:22
- Serververbindung konnte nicht hergestellt werden..
Error - 22.08.2012 20:48:51 | Computer Name = Lars-PC | Source = MCUpdate | ID = 0
Description = 02:48:51 - Fehler beim Herstellen der Internetverbindung. 02:48:51
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 03.09.2012 08:21:08 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.09.2012 08:30:00 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.09.2012 08:30:37 | Computer Name = Lars-PC | Source = DCOM | ID = 10016
Description =
Error - 03.09.2012 08:55:42 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.09.2012 09:16:27 | Computer Name = Lars-PC | Source = DCOM | ID = 10016
Description =
Error - 03.09.2012 09:16:43 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Virtueller Datenträger erreicht.
Error - 03.09.2012 09:16:43 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Virtueller Datenträger" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.09.2012 09:16:53 | Computer Name = Lars-PC | Source = DCOM | ID = 10005
Description =
Error - 03.09.2012 09:31:31 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 03.09.2012 09:40:06 | Computer Name = Lars-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 03.09.2012 15:50:13 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Lars\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 55,54% Memory free 8,00 Gb Paging File | 5,74 Gb Available in Paging File | 71,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 80,89 Gb Free Space | 27,15% Space Free | Partition Type: NTFS Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.09.03 15:49:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe PRC - [2012.08.27 12:32:39 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.08.27 12:32:39 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012.08.08 14:34:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.05.15 15:43:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.15 15:43:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.19 05:48:22 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2010.09.30 14:00:28 | 001,193,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe PRC - [2010.09.30 14:00:28 | 000,687,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.10.05 15:59:38 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe PRC - [2007.05.17 22:22:06 | 000,049,152 | ---- | M] (Bison Inc.) -- C:\Windows\BisonCam\BisonAPP.exe ========== Modules (No Company Name) ========== MOD - [2012.08.22 17:47:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll MOD - [2010.09.30 14:00:28 | 001,304,912 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll MOD - [2010.09.30 14:00:28 | 001,193,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe MOD - [2010.09.30 14:00:28 | 000,691,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll MOD - [2010.09.30 14:00:28 | 000,687,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe MOD - [2010.09.30 14:00:28 | 000,677,200 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll MOD - [2010.09.30 14:00:28 | 000,617,808 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll MOD - [2010.09.30 14:00:28 | 000,565,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll MOD - [2010.09.30 14:00:28 | 000,564,048 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll MOD - [2010.09.30 14:00:28 | 000,371,536 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll MOD - [2010.09.30 14:00:28 | 000,323,920 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll MOD - [2010.09.30 14:00:28 | 000,309,584 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll MOD - [2010.09.30 14:00:28 | 000,268,112 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll MOD - [2010.09.30 14:00:28 | 000,245,072 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll MOD - [2010.09.30 14:00:28 | 000,235,344 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll MOD - [2010.09.30 14:00:28 | 000,234,320 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll MOD - [2010.09.30 14:00:28 | 000,228,176 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll MOD - [2010.09.30 14:00:28 | 000,221,520 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll MOD - [2010.09.30 14:00:28 | 000,183,632 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll MOD - [2010.09.30 14:00:28 | 000,175,440 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll MOD - [2010.09.30 14:00:28 | 000,168,784 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll MOD - [2010.09.30 14:00:28 | 000,162,128 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll MOD - [2010.09.30 14:00:28 | 000,154,960 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\CMCOMService.dll MOD - [2010.09.30 14:00:28 | 000,150,352 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll MOD - [2010.09.30 14:00:28 | 000,141,648 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll MOD - [2010.09.30 14:00:28 | 000,134,992 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll MOD - [2010.09.30 14:00:28 | 000,125,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll MOD - [2010.09.30 14:00:28 | 000,124,752 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll MOD - [2010.09.30 14:00:28 | 000,098,128 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll MOD - [2010.09.30 14:00:28 | 000,096,080 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll MOD - [2010.09.30 14:00:28 | 000,095,568 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll MOD - [2010.09.30 14:00:28 | 000,090,448 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll MOD - [2010.09.30 14:00:28 | 000,089,936 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll MOD - [2008.12.03 15:09:30 | 000,184,320 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.10.06 18:54:28 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService) SRV - [2012.08.22 17:47:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.20 14:57:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.15 15:43:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.15 15:43:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.19 05:48:22 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.12.08 15:13:12 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10) SRV - [2011.11.08 12:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.08.21 01:15:50 | 000,426,600 | ---- | M] (VMLite, Inc.) [Auto | Running] -- C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.07 22:51:11 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.07.07 22:51:11 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.06.18 13:34:44 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.06.18 13:34:42 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.05.15 15:43:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.15 15:43:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.08.18 12:30:00 | 000,135,272 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vmliteusbmon.sys -- (VMLiteUSBMon) DRV:64bit: - [2010.08.11 18:37:50 | 000,177,768 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmlitestor.sys -- (vmlitestor) DRV:64bit: - [2010.08.11 14:39:34 | 000,146,216 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010.08.03 20:28:28 | 000,014,952 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vmlitedrv.sys -- (vmlitedrv) DRV:64bit: - [2010.07.01 13:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2010.07.01 13:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3) DRV:64bit: - [2010.05.11 19:06:18 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.05.11 19:06:18 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.05.11 19:06:18 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2010.01.20 15:48:56 | 000,332,688 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.10.26 15:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA) DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.18 11:42:34 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid) DRV:64bit: - [2009.06.18 11:42:16 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k) DRV:64bit: - [2009.06.18 11:41:58 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid) DRV:64bit: - [2009.06.18 11:41:46 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 21:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2009.02.09 17:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2009.02.09 17:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2009.02.09 17:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.08.24 02:16:16 | 000,742,312 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D) DRV:64bit: - [2007.06.14 00:47:02 | 000,070,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2007.01.08 13:38:52 | 000,047,104 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV - [2012.02.19 05:48:23 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 E5 77 7E CD 7E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js..network.proxy.autoconfig_url: "hxxp://sudafe.com/hKkfHer2/proxy.pac" FF - user.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.04.19 08:12:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files (x86)\Wondershare\vDownloader\SVRFirefoxExt\ [2012.07.25 13:06:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:57:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:57:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.23 22:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions [2012.07.25 12:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\rgekk9sl.default\extensions [2012.04.03 15:40:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\rgekk9sl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.26 12:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.19 08:12:34 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} [2011.10.14 15:15:20 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\LARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RGEKK9SL.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI [2012.07.25 12:54:51 | 000,010,449 | ---- | M] () (No name found) -- C:\USERS\LARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RGEKK9SL.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI [2012.08.20 14:57:29 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.24 22:54:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.24 22:54:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.24 22:54:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.24 22:54:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.24 22:54:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.24 22:54:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.19 07:52:34 | 000,000,890 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Wondershare vDownloader) - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files (x86)\Wondershare\vDownloader\SVRIEPlugin.dll (Wondershare Software Co., Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - C:\Program Files (x86)\soft Xpansion\Perfect PDF 6 Converter\iexp64.dll (soft Xpansion) O3 - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - C:\Program Files (x86)\soft Xpansion\Perfect PDF 6 Converter\iexp32.dll (soft Xpansion) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4:64bit: - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver) F3:64bit: - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com () F3 - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lars\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lars\Desktop\PartyPoker.lnk () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B46AA3-7C3F-49B0-B6BB-046E5205F0FF}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55A3DF95-ADC5-45FB-93A2-BECE87C5E016}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell - "" = AutoRun O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell\AutoRun\command - "" = E:\AutoStarter.exe O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell - "" = AutoRun O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell - "" = AutoRun O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.03 15:49:23 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe [2012.09.03 14:22:56 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Microsoft Games [2012.09.03 14:10:46 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes [2012.09.03 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.03 14:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.03 14:09:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.03 14:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.02 12:01:00 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Adobe [2012.09.02 11:51:42 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\ATI [2012.08.31 13:46:59 | 000,000,000 | ---D | C] -- C:\Users\Lars\Local Settings [2012.08.28 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\ElevatedDiagnostics [2012.08.24 20:34:00 | 000,000,000 | ---D | C] -- C:\WindowsDebug [2012.08.24 20:34:00 | 000,000,000 | ---D | C] -- C:\Windows\MiniDump [2012.08.24 14:28:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C437D41F-A277-4A3E-BF29-78D6AD51991A} [2012.08.24 14:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinSysClean X3 [2012.08.24 14:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Systems [2012.08.20 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Nero [2012.08.18 15:16:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TabletPmt [2012.08.18 15:15:36 | 000,227,840 | ---- | C] (TODO: <公司名稱>) -- C:\Windows\SysWow64\MyDrawLineWindowDll.dll [2012.08.18 15:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet [2012.08.18 15:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET [2012.08.18 15:10:13 | 000,356,352 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\tabcfg.exe [2012.08.18 15:10:13 | 000,073,728 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\WTSrv.exe [2012.08.18 15:10:13 | 000,053,248 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\pcpanel.cpl [2012.08.18 15:10:13 | 000,053,248 | ---- | C] (Pen Tablet) -- C:\Windows\SysNative\pcpanel.cpl [2012.08.18 15:10:13 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysWow64\WTClient.exe [2012.08.18 15:10:13 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\WTClient.exe [2012.08.18 15:10:13 | 000,027,304 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\TClass2k.sys [2012.08.18 15:10:13 | 000,027,304 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimBus.sys [2012.08.18 15:10:13 | 000,022,696 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\UCTblHid.sys [2012.08.18 15:10:13 | 000,017,064 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimHid.sys [2012.08.18 14:48:23 | 001,435,272 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash8.ocx [2012.08.18 14:42:40 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\PackageAware [2012.08.16 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bcgsoft [2012.08.10 23:19:39 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMLite Workstation [2012.08.10 20:44:54 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\VMLite Workstation [2012.08.10 19:30:19 | 000,000,000 | ---D | C] -- C:\Users\Lars\VMLites [2012.08.10 19:30:08 | 000,135,272 | ---- | C] (VMLite, Inc.) -- C:\Windows\SysNative\drivers\vmliteusbmon.sys [2012.08.10 19:29:38 | 000,014,952 | ---- | C] (VMLite, Inc.) -- C:\Windows\SysNative\drivers\vmlitedrv.sys [2012.08.10 19:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMLite Workstation [2012.08.10 19:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\VMLite [2012.08.07 15:58:25 | 000,000,000 | ---D | C] -- C:\Users\Lars\Documents\Rechnungen Stickservice [2012.08.07 15:48:52 | 000,000,000 | ---D | C] -- C:\des ========== Files - Modified Within 30 Days ========== [2012.09.03 15:49:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Lars\Desktop\OTL.exe [2012.09.03 15:47:03 | 000,015,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 15:47:03 | 000,015,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 15:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.03 15:39:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.03 15:39:04 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 14:49:19 | 000,081,980 | ---- | M] () -- C:\Users\Lars\Documents\cc_20120903_144914.reg [2012.09.03 14:10:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 16:52:31 | 000,000,002 | ---- | M] () -- C:\Users\Lars\uz.dat [2012.08.27 13:39:10 | 007,161,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.27 13:39:10 | 002,618,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.27 13:39:10 | 002,221,220 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.27 13:39:10 | 001,989,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.27 13:39:10 | 000,006,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.24 16:49:59 | 000,001,456 | ---- | M] () -- C:\Users\Lars\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.08.24 14:28:24 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\WinSysClean X3 (64-bit).lnk [2012.08.18 16:38:43 | 005,098,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.18 14:48:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Photo Collage Studio.lnk [2012.08.15 14:29:16 | 000,038,531 | ---- | M] () -- C:\Users\Lars\Documents\Kto_15_08_2012.pdf [2012.08.14 03:59:03 | 000,007,776 | ---- | M] () -- C:\Windows\KernelMessage [2012.08.07 17:45:46 | 000,029,064 | ---- | M] () -- C:\Users\Lars\Documents\Pflegehinweis.odt ========== Files Created - No Company Name ========== [2012.09.03 14:49:16 | 000,081,980 | ---- | C] () -- C:\Users\Lars\Documents\cc_20120903_144914.reg [2012.09.03 14:10:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 16:52:31 | 000,000,002 | ---- | C] () -- C:\Users\Lars\uz.dat [2012.08.24 14:28:24 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\WinSysClean X3 (64-bit).lnk [2012.08.18 15:15:36 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE [2012.08.18 15:10:13 | 000,231,936 | ---- | C] () -- C:\Windows\SysNative\WinTab32.dll [2012.08.18 15:10:13 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll [2012.08.18 15:10:13 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\UCMfg.exe [2012.08.18 15:10:13 | 000,037,967 | ---- | C] () -- C:\Windows\SysNative\Tablet2k_x64.cat [2012.08.18 15:10:13 | 000,031,662 | ---- | C] () -- C:\Windows\SysNative\Tablet2k.inf [2012.08.18 15:10:13 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\ucinst32.dll [2012.08.18 15:10:13 | 000,007,529 | ---- | C] () -- C:\Windows\SysNative\PTSimHid_x64.cat [2012.08.18 15:10:13 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\PTSimBus_x64.cat [2012.08.18 15:10:13 | 000,002,505 | ---- | C] () -- C:\Windows\SysNative\PTSimHid.inf [2012.08.18 15:10:13 | 000,001,566 | ---- | C] () -- C:\Windows\SysNative\PTSimBus.inf [2012.08.18 15:10:12 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe [2012.08.18 15:10:12 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\Desk.scf [2012.08.18 14:48:24 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Photo Collage Studio.lnk [2012.08.15 14:22:17 | 000,038,531 | ---- | C] () -- C:\Users\Lars\Documents\Kto_15_08_2012.pdf [2012.08.07 16:03:06 | 000,337,632 | ---- | C] () -- C:\Users\Lars\Documents\Preisliste_PB.odt [2012.08.07 16:03:06 | 000,336,015 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_Aushang.odt [2012.08.07 16:03:06 | 000,335,459 | ---- | C] () -- C:\Users\Lars\Documents\Brief Bewerbungzusage Franzi.odt [2012.08.07 16:03:06 | 000,334,957 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_Öffnungszeiten.odt [2012.08.07 16:03:06 | 000,334,707 | ---- | C] () -- C:\Users\Lars\Documents\Brief Investitionsbank.odt [2012.08.07 16:03:06 | 000,334,433 | ---- | C] () -- C:\Users\Lars\Documents\Brief Stickservice WVB.odt [2012.08.07 16:03:06 | 000,207,267 | ---- | C] () -- C:\Users\Lars\Documents\Brief Bewerbungzusage Franzi.pdf [2012.08.07 16:03:06 | 000,029,064 | ---- | C] () -- C:\Users\Lars\Documents\Pflegehinweis.odt [2012.08.07 16:03:06 | 000,021,764 | ---- | C] () -- C:\Users\Lars\Documents\AGB.odt [2012.08.07 16:03:06 | 000,014,712 | ---- | C] () -- C:\Users\Lars\Documents\Sonderangebot.odt [2012.08.07 16:03:06 | 000,010,596 | ---- | C] () -- C:\Users\Lars\Documents\Stickservice_geschlossen.odt [2012.08.07 16:03:06 | 000,007,645 | ---- | C] () -- C:\Users\Lars\Documents\AGB.html [2012.08.07 16:03:05 | 000,352,862 | ---- | C] () -- C:\Users\Lars\Documents\Adressfeld_A3.odt [2012.08.07 16:03:05 | 000,010,618 | ---- | C] () -- C:\Users\Lars\Documents\Adressfeld.odt [2012.08.07 16:03:05 | 000,009,935 | ---- | C] () -- C:\Users\Lars\Documents\Texte Homepage.odt [2012.06.26 16:34:04 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.30 11:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012.05.21 18:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll [2012.04.20 12:58:57 | 000,000,862 | ---- | C] () -- C:\Users\Lars\AppData\Local\recently-used.xbel [2012.03.22 22:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.03.12 13:51:23 | 000,006,144 | ---- | C] () -- C:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.19 22:19:19 | 000,000,001 | ---- | C] () -- C:\Users\Lars\AppData\Local\llftool.4.25.agreement [2012.01.09 23:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.25 20:40:28 | 000,294,974 | R--- | C] () -- C:\Windows\SysWow64\RTL283XACCESS.dll [2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011.12.02 01:48:30 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.12.02 01:48:30 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.12.02 01:48:30 | 000,012,782 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.msg [2011.12.02 01:48:29 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe [2011.12.02 01:48:29 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.12.02 01:48:28 | 000,709,568 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.exe [2011.12.02 01:48:28 | 000,007,645 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\unins000.dat [2011.11.27 17:07:09 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.10.19 23:46:15 | 000,000,092 | ---- | C] () -- C:\Users\Lars\AppData\Local\fusioncache.dat [2011.10.19 23:45:14 | 000,006,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.07.06 15:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.05.10 14:38:21 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.05.04 19:13:32 | 000,017,408 | ---- | C] () -- C:\Users\Lars\AppData\Local\WebpageIcons.db [2011.04.28 15:41:01 | 000,001,456 | ---- | C] () -- C:\Users\Lars\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.04.24 20:18:44 | 000,000,132 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.04.24 16:19:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.24 15:23:05 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2011.04.19 07:35:04 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.17 18:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2011.12.07 15:04:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\AceBIT [2012.07.04 15:42:23 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ALDITALKVerbindungsassistent [2011.12.09 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ASCOMP Software [2011.11.02 18:59:34 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Auslogics [2011.11.27 21:06:35 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\BOM [2012.08.31 13:40:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\calibre [2011.09.09 14:09:38 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Canon [2011.12.12 00:18:48 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\CBL-Electronics [2012.04.19 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.02 15:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\concept design [2011.12.02 01:53:00 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Engelmann Media [2012.08.31 13:55:22 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\FileZilla [2011.12.02 15:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Franzis [2011.09.02 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\FreeCommander [2011.10.19 23:26:34 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Gaijin Ent [2012.03.02 14:41:42 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\gtk-2.0 [2012.01.19 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\HD Tune Pro [2012.06.29 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\IT-Service Christian Hau (www.a-bit-more.de) [2011.12.25 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\KWorld Multimedia [2011.10.17 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\LibreOffice [2012.07.18 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ManyCam [2012.07.08 03:15:31 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\MyPhoneExplorer [2011.12.01 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Nik Software [2012.06.14 17:48:29 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Opera [2012.07.12 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ProtectDISC [2012.06.26 16:07:17 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Shark007 [2012.06.15 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Sony [2012.02.08 19:05:02 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Trillian [2012.07.12 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TS3Client [2012.06.26 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Win7codecs [2012.03.01 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Wireshark [2012.07.25 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Wondershare [2012.06.23 02:10:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:FF566C71 < End of report > |
|
03.09.2012, 20:41
| #2 |
| /// Helfer-Team  | Trojan.Ransom-Infektion Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lars\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com ()
F3 - HKCU WinNT: Load - (C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com) - C:\Users\Lars\LOCALS~1\Temp\mscvuqzy.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell - "" = AutoRun
O33 - MountPoints2\{149d56d5-84f9-11e1-b73d-00030d818492}\Shell\AutoRun\command - "" = E:\AutoStarter.exe
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{65c8191d-7c9e-11e0-bf62-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf1034-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf1043-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{7caf104e-6ffc-11e0-a4cc-001060d177c0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{90f1bd13-5aa9-11e1-bfd4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e58152f0-61a7-11e1-b825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff0a3679-5e88-11e1-a09f-001060d177c0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
[2012.08.24 14:28:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C437D41F-A277-4A3E-BF29-78D6AD51991A}
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:FF566C71
[2011.04.24 16:19:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\Users\Lars\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Lars\AppData\Local\Temp\*.exe
C:\Users\Lars\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
04.09.2012, 15:36
| #3 |
| | Trojan.Ransom-Infektion Erstmal vielen Dank für die schnelle Antwort.
__________________Das OTL-Log ist leider weg. Mea Culpa. Ich hab nach dem alles fertig war und ich alles hier reinkopiert hatte vorm Absenden im OTL auf "Bereinigen" geklickt... Neustart... alle OTL-Dateien weg und im Zwischenspeicher natürlich auch nichts mehr.  sry. Jedenfalls gab's keine Fehlermeldungen im Log soweit ich das sehen konnte. Die anderen Logdateien sind aber zum Glück noch da. Der Log des Anti-Malware Vollscans: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lars :: LARS-PC [Administrator] 04.09.2012 13:25:02 mbam-log-2012-09-04 (13-25-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 534395 Laufzeit: 2 Stunde(n), 41 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) C:\AdwCleaner[R1].txt Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/04/2012 um 16:14:21 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - LARS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Lars\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Opera v12.1.1532.0
Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [737 octets] - [04/09/2012 16:14:21]
########## EOF - C:\AdwCleaner[R1].txt - [796 octets] ##########
C:\AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/04/2012 um 16:16:06 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - LARS-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Lars\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Opera v12.1.1532.0
Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [864 octets] - [04/09/2012 16:14:21]
AdwCleaner[S1].txt - [1455 octets] - [04/09/2012 16:16:06]
########## EOF - C:\AdwCleaner[S1].txt - [1515 octets] ##########
|
|
04.09.2012, 19:39
| #4 |
| /// Helfer-Team | Trojan.Ransom-Infektion Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log> |
|
05.09.2012, 09:58
| #5 |
| | Trojan.Ransom-Infektion Leider nein da sich aus einem mir unerfindlichen Grund OTL beim Klick auf "Bereinigen" auch selbst deinstalliert. Ohne Rückfrage übrigens. Einfach alles weg. Vorher war der Ordner C:\_OTL\ da und dann plötzlich weg. |
|
06.09.2012, 00:41
| #6 |
| /// Helfer-Team | Trojan.Ransom-Infektion Ahja, schade. Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Trojan.Ransom-Infektion |
|
06.09.2012, 10:18
| #7 |
| | Trojan.Ransom-Infektion Er läuft wieder ganz gut denke ich. Vielen Dank. Gefühlt bummeln die Rechenknechte natürlich immer ^^ Das Emsisoft-Log: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.09.2012 12:34:39
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 05.09.2012 12:35:43
Value: hkey_current_user\software\partygaming --> autologintoothergames gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown gefunden: Trace.Registry.partypoker!E1
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\airdecap-ng.exe gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\aircrack-ng.exe gefunden: possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\makeivs-ng.exe gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\packetforge-ng.exe gefunden: not-a-virus:Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Windows Loader 2.1\Windows Loader.exe gefunden: not-a-virus-Activator.WindowsLoader!E2
C:\Users\Lars\Downloads\Aircrack\bin\airdecap-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\aircrack-ng.exe gefunden: possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\Aircrack\bin\airtun-ng.exe gefunden: Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\aireplay-ng.exe gefunden: Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\makeivs-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\packetforge-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\airdecap-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\aircrack-ng.exe gefunden: possible-Threat.Aircra.A!E2
C:\test\Aircrack\bin\airtun-ng.exe gefunden: Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\aireplay-ng.exe gefunden: Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\packetforge-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\makeivs-ng.exe gefunden: Riskware.Hacktool.Aircrack!E2
Gescannt 785859
Gefunden 20
Scan Ende: 05.09.2012 15:23:31
Scan Zeit: 2:47:48
C:\Users\Lars\Downloads\Aircrack\bin\airtun-ng.exe Quarantäne Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\aireplay-ng.exe Quarantäne Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\airtun-ng.exe Quarantäne Riskware.Win32.Agent!E1
C:\test\Aircrack\bin\aireplay-ng.exe Quarantäne Riskware.Win32.Agent!E1
C:\Users\Lars\Downloads\Aircrack\bin\airdecap-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\makeivs-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Aircrack\bin\packetforge-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\airdecap-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\packetforge-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\test\Aircrack\bin\makeivs-ng.exe Quarantäne Riskware.Hacktool.Aircrack!E2
C:\Users\Lars\Downloads\Windows Loader 2.1\Windows Loader.exe Quarantäne not-a-virus-Activator.WindowsLoader!E2
C:\Users\Lars\Downloads\aircrack-ng-1.1-win.zip -> aircrack-ng-1.1-win\bin\aircrack-ng.exe Quarantäne possible-Threat.Aircra.A!E2
C:\Users\Lars\Downloads\Aircrack\bin\aircrack-ng.exe Quarantäne possible-Threat.Aircra.A!E2
C:\test\Aircrack\bin\aircrack-ng.exe Quarantäne possible-Threat.Aircra.A!E2
Value: hkey_current_user\software\partygaming --> autologintoothergames Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall Quarantäne Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown Quarantäne Trace.Registry.partypoker!E1
Quarantäne 17
|
|
06.09.2012, 18:40
| #8 | |
| /// Helfer-Team | Trojan.Ransom-InfektionZitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
06.09.2012, 22:33
| #9 |
| | Trojan.Ransom-Infektion Also da liegt der Hase im Pfeffer. Alles klar. Dann mache ich mich mal ans Werk. Den Rechner hab ich übrigens so mit System gekauft. Gibt's da nach der Zeit noch Regressansprüche? Das ist ja im Endeffekt Betrug wenn ich den Rechner zwar gebraucht aber mit Windows 7 Lizenz vorinstalliert kaufe beim Händler. Zum Glück hebe ich immer alle Rechnungen auf. Vielen Dank für deine Hilfe. Ich bin erst mal Daten sichern. |
|
07.09.2012, 18:00
| #10 |
| /// Helfer-Team | Trojan.Ransom-Infektion C:\Users\Lars\Downloads\ Hast du den Rechner mit gebrauchtem Windows gekauft? Du benutzt ein Windows System das vorher von jemanden anderen benutzt und eingestellt wurde? |
|
27.10.2012, 04:47
| #11 |
| /// Helfer-Team | Trojan.Ransom-Infektion Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Trojan.Ransom-Infektion |
| autorun, avira, beseitigung, bho, brief, error, excel, fehler, firefox, flash player, format, google, home, install.exe, langs, logfile, mozilla, object, plug-in, realtek, recuva, registry, rundll, security, senden, software, starmoney, svchost.exe, tablet, tcp, teamspeak, visual studio, wrapper |
Linear-Darstellung
