Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.10.2012, 19:33   #1
lengischer
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen



Hallo.
Nachdem sich mein Laptop gestern den tollen Polizei-Virus eingefangen hat, war der Laptop natürlich gesperrt. So ein Mist, das ist zum Glück mein erster Virus.
Na jedenfalls konnte ich über einen zweiten PC und Google-Suche euer Forum und die Hinweise zum Virus finden.
Ich habe bereits das Programm Malwarebytes Anti-Malware heruntergeladen, installiert und laufen lassen. Nach der Installation wollte sich das Programm aktualisieren, jedoch hatte ich aufgrund eurer Hinweise die Internet-Verbindung deaktiviert. Dadurch konnte sich das Programm zwar nicht aktualisieren, aber der Rechner läuft dann zumindest (vermeintlich?) normal.
Ich habe allerdings schon bemerkt, dass sich der Taskmanager nicht öffnen lässt.

Der Suchlauf hat folgende Logfile erzeugt:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.09.29.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Alexander :: ALEXANDER-PC [Administrator]

27.10.2012 00:13:21
mbam-log-2012-10-27 (16-12-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413197
Laufzeit: 12 Stunde(n), 30 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> 3780 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt.
HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\02 - Programmspeicher\MathType v5.2a\l-dsm52a\keygen.exe (Riskware.Keygen) -> Keine Aktion durchgeführt.
C:\Users\Alexander\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)
         
Dann steht in der Anleitung, dass man die Funde in Quarantäne schicken soll. Leider kann ich keinen Button oder Eintrag im Kontextmenü (rechte Maustaste auf einen einzelnen Fund) sehen, der mir das ermöglicht.
Screenshot der angezeigten Oberfläche im Anhang.

Könnt Ihr mir helfen, wie ich nun weiter vorgehen muss? Danke im Voraus.
Miniaturansicht angehängter Grafiken
GVU Trojaner eingefangen-2012-10-27_192835.jpg  

Alt 27.10.2012, 20:11   #2
lengischer
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen



Ich habe sicherheitshalber noch die aktuellste "mbam-rules.exe" 2012.10.22 heruntergeladen, auf den Laptop übertragen und den Suchlauf erneut gestartet. Mal sehen, ob sich das Ergebnis verändert.

Zitat:
Zitat von lengischer Beitrag anzeigen
Ich habe sicherheitshalber noch die aktuellste "mbam-rules.exe" 2012.10.22 heruntergeladen, auf den Laptop übertragen und den Suchlauf erneut gestartet. Mal sehen, ob sich das Ergebnis verändert.
Habe den Scan abgebrochen und den Laptop im abgesicherten Modus gestartet. Dadurch konnte ich wieder ins Internet, ohne dass sich die lästige GESPERRT-Seite geöffent hat. Ein erster kleiner Erfolg?!.
Dadurch konnte ich das Malwareprogramm nochmal neu installiert und dabei die Aktualisierung mit ausgeführen. Nach einem erneuten vollständigen Suchlauf über das C-Laufwerk sieht die Logfile nun wie folgt aus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.27.06

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6002.18005
Alexander :: ALEXANDER-PC [Administrator]

28.10.2012 00:32:35
mbam-log-2012-10-28 (01-42-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388308
Laufzeit: 1 Stunde(n), 7 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt.
HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Alexander\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)
         
Dann habe ich das Malware-Programm einfach geschlossen, da ich mir aufgrund fehlender Reaktion hier etwas unsicher war, was zu tun wäre.

Danach habe ich den Laptop wieder im normalen Modus gestartet und siehe da: Auch so funktioniert die Internet-Verbindung seit gut 10Min, ohne dass die GESPERRT-Seite kommt. Diesen Beitrag hier schreibe ich gerade mit dem "infizierten" Rechner.
Der Task-Manager lässt sich allerdings noch nicht öffnen.

Ich gehe jetzt mal weiter in Vorleistung mit defogger usw.
Bitte meldet euch dringend, wie ich weitermachen soll, denn die im Malware-Programm identifizierten Funde sind immer noch nicht behandelt.
__________________


Alt 31.10.2012, 22:38   #3
lengischer
 
GVU Trojaner eingefangen - Standard

GVU Trojaner eingefangen



Also hier die logs vom otl:


OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.10.2012 22:56:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free
6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS
Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.29 00:13:50 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.22 09:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.17 07:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.06.10 20:08:45 | 000,140,800 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.08 08:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012.07.03 20:52:41 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012.07.01 14:54:13 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.03.18 12:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.03.18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010.06.08 07:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010.03.15 10:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010.03.15 10:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2010.03.15 10:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2010.03.15 10:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010.03.15 10:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2010.03.15 10:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2010.03.15 10:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009.10.26 04:47:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.01.23 12:32:34 | 000,243,840 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.07.27 03:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.23 22:52:20 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.05.08 10:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Program Files\Netviewer\Support\Plugin\FF plugin\NVFFSupport [2010.10.01 08:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.29 21:45:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.09 21:10:27 | 000,000,000 | ---D | M]
 
[2010.01.22 23:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions
[2012.07.01 18:01:41 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.30 11:31:11 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\janvi9yr.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012.09.30 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.10.14 11:13:19 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.05.30 00:01:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.04.28 20:21:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.28 20:21:27 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.09 21:10:27 | 000,000,140 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Google.src
[2011.04.28 20:21:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.28 20:21:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.28 20:21:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.23 17:40:03 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Alexander\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Alexander\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.de/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rc.hydro.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D424496-B821-4238-8BD3-5B473D552AAA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB0B2BBE-9C89-465D-91EC-5ED0DF796580}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{20db4c67-fd2b-11df-99f6-001377b06bbd}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\AutoRun\command - "" = G:\installer.exe
O33 - MountPoints2\{6141c3c5-f7b3-11de-9683-001377b06bbd}\Shell\verb\command - "" = G:\installer.exe
O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell - "" = AutoRun
O33 - MountPoints2\{a83831a9-f4be-11de-9d0b-001377b06bbd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.28 18:57:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.10.27 16:50:12 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Fehler
[2012.10.26 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012.10.26 23:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.26 23:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.26 23:03:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.26 23:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.26 21:34:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.10.14 10:59:38 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.10.03 09:29:23 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein - A.Lebert & S. Lebert
[2012.09.30 13:25:04 | 000,000,000 | ---D | C] -- C:\Anleitung zum Männlichsein
[2012.09.30 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\assembly
[2012.09.30 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Add-in Express
[2012.09.30 12:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Suite 7.0
[2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\FILEminimizer Suite
[2012.09.30 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FILEminimizer
[2011.04.10 13:27:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5E28.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 23:26:02 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.29 23:10:06 | 000,090,111 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.29 22:40:24 | 000,050,477 | ---- | M] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2012.10.29 21:59:33 | 000,629,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.29 21:59:33 | 000,596,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.29 21:59:33 | 000,126,732 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.29 21:59:33 | 000,104,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.29 21:58:55 | 000,845,151 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.10.29 21:58:55 | 000,045,465 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 21:52:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 21:52:25 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012.10.29 21:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 21:51:28 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.29 00:42:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.29 00:14:09 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.10.29 00:14:09 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.10.29 00:13:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.10.28 18:57:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012.10.28 01:17:55 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\defogger_reenable
[2012.10.26 21:48:37 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.26 21:34:46 | 000,000,778 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.18 06:37:52 | 000,160,768 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.14 11:19:55 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2012.10.14 11:14:48 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2012.10.14 11:14:48 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2012.10.14 11:13:21 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2012.10.13 22:44:51 | 000,021,907 | ---- | M] () -- C:\Users\Alexander\Desktop\https .pdf
 
========== Files Created - No Company Name ==========
 
[2012.10.29 22:40:24 | 000,050,477 | ---- | C] () -- C:\Users\Alexander\Desktop\Defogger.exe
[2012.10.29 00:13:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.10.28 01:17:55 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\defogger_reenable
[2012.10.28 00:47:29 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.26 21:34:46 | 000,000,778 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.10.26 21:34:43 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.13 22:44:50 | 000,021,907 | ---- | C] () -- C:\Users\Alexander\Desktop\https .pdf
[2012.01.08 19:48:58 | 000,845,151 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.09.11 20:54:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.05.07 12:14:58 | 000,000,156 | ---- | C] () -- C:\Windows\JIXXA.INI
[2010.10.13 19:35:10 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.13 19:34:39 | 000,090,111 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.09 19:59:53 | 000,004,096 | -H-- | C] () -- C:\Users\Alexander\AppData\Local\keyfile3.drm
[2009.04.07 15:35:34 | 000,000,680 | ---- | C] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2008.10.12 01:05:22 | 000,160,768 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.14 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Amazon
[2012.05.24 19:39:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Broad Intelligence
[2012.01.24 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Buhl Data Service
[2012.01.24 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Buhl Data Service GmbH
[2012.07.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\calibre
[2012.10.08 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Canon
[2009.12.21 23:02:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Design Science
[2012.10.14 11:00:10 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft
[2012.10.14 10:59:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.16 21:18:23 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\elsterformular
[2009.10.24 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Engelmann Media
[2009.10.23 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Gaijin Ent
[2011.09.09 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Gutscheinmieze
[2011.01.23 17:38:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Juniper Networks
[2009.09.13 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ScanSoft
[2011.05.29 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Sony
[2011.05.29 21:40:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Sony Setup
[2008.10.12 20:26:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\The Longest Journey
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/CODE]


und der extra log:

OTL Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.10.2012 22:56:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,07% Memory free
6,18 Gb Paging File | 4,54 Gb Available in Paging File | 73,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,09 Gb Total Space | 14,72 Gb Free Space | 14,71% Space Free | Partition Type: NTFS
Drive D: | 188,00 Gb Total Space | 79,12 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA37BE-581E-4CA1-A885-2BE55D0CDAAE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{27CBA83E-24FB-47B7-AB39-C2D21F2C10C5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6013CB4F-D619-4942-96B0-7419A6B67D77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{71DD9408-BE7A-4478-A899-EA40AE984212}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{76D83794-88E5-4F4E-BF4A-1E5A406E6BCD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B8E84F6-F4AC-4526-B4DE-2F72F529402F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{83886093-F2E2-47B5-805C-509C5B3FF19E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9C12F136-D267-4286-8058-DBFCBB1E1FF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A070F910-020B-4403-8833-51F234DCCACF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C2788323-F215-46EA-8497-F93AEE7125B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DC334A47-49EE-4168-A9AE-7686538340EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8EC0BF9-9E63-4AE9-9754-FC91268F7886}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0862D3C8-6FD6-48E3-AF51-9EF96BA01B5D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{0E2A610A-3F30-42C6-88CC-E0BEA05BA030}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F90F335-4F5C-424C-874E-24CF4B028E25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{621A2B46-8157-4EF9-8440-841603185647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68292D8E-6F7F-496C-8A75-B84E04301A67}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{69454F7E-3C56-4698-B9CC-C819E49BADDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{786EFEAE-B606-4FFC-B506-CA53F1E83496}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B94E913-8A09-4155-AA5B-7AAFFE03452B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9627A86C-3D3A-40F1-8665-0847C23BD90E}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{C7883114-BD0D-403A-A7E5-2D6B289DFD4A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D88B413F-BC9F-45DA-982A-570FD0753D94}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"TCP Query User{4A53400A-844A-4630-94C2-7CF75F8712A9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AF6B1500-B486-44BA-B4D4-46BCC103F8BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4313D206-083D-41D2-896E-E64147D65A6C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8B848712-16C8-4F8A-AC77-325A1FC91D34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{235211CA-D0E3-4EC8-95D4-C024CE37537C}" = WISO Mein Geld 2012 Professional
"{240556C4-80D1-465F-81D8-E0B9D108548A}" = 5300_5400_Help
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28FAC14D-695D-3307-AADC-FD40EEFB2574}" = Microsoft Visual Studio 2008 Standard Edition - DEU
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58577F87-E3BB-4959-8A85-9122CF3F8ED8}" = avi.NET
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77B3331C-1644-4C9E-9F1C-7D2A5517102E}" = BPDSoftware_Ini_CCR_Vista
"{7ABD82AD-E13E-4673-A450-0890D43C8F9D}" = MPM
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISSTDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISSTDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISSTDR_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISSTDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1D6721B-9C28-4E3F-9DE1-C6584B99465D}" = Intel(R) PROSet/Wireless WiFi-Software
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAF2D4ED-864D-4921-9699-0632B81AB577}" = Paint.NET v2.61
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AD277ED4-7E41-4074-911D-D34AF41B9D49}" = HP Officejet Pro K5300/5400 Series
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10043}" = Netviewer Support
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2E76121-9E0D-49B4-894F-2C7B7D9E6A8F}" = calibre
"{B40DCEFF-9B7B-4c36-B4FA-6CE7EABFB4B8}" = K5400
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0CE30A-B8EF-4b6b-85BF-D2B2C354A32C}" = ProductContext
"{FBA70FCC-BD23-4120-BA30-3E0DDF66AE82}" = 5300_5400_Readme
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo MP3 AudioCenter" = Ashampoo MP3 AudioCenter
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSMT5" = MathType 5
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Edraw Network Diagram_is1" = Edraw Network Diagram 5.1
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 5.3
"FILEminimizer Suite_is1" = FILEminimizer Suite
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.24.426
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.13.608
"Free Disc Burner_is1" = Free Disc Burner version 3.0.9.423
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.7.608
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.13.608
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.14.627
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.19.819
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.25.627
"FreePDF_XP" = FreePDF (Remove only)
"GM(S) - Toolbar" = GM(S) - Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Mahjongg Artifacts" = Mahjongg Artifacts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaCoder" = MediaCoder 0.8.12
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual Studio 2008 Standard Edition - DEU" = Microsoft Visual Studio 2008 Standard Edition - DEU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SimpleDivX_is1" = SimpleDivX
"Soldier of Fortune" = Soldier of Fortune
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"VISSTDR" = Microsoft Office Visio Standard 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WISO Mein Geld 2012 Professional" = WISO Mein Geld 2012 Professional
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2012 18:24:15 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.10.2012 19:49:17 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.10.2012 20:20:57 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 
0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9,
 Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc,  Prozess-ID 0xd0c, Anwendungsstartzeit
 01cdb49d80cac401.
 
Error - 27.10.2012 20:26:09 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.10.2012 20:37:24 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2012 13:02:51 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.10.2012 19:20:37 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.10.2012 16:53:18 | Computer Name = Alexander-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.10.2012 16:57:36 | Computer Name = Alexander-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1b94  Anfangszeit: 01cdb617ccb3d7f6  Zeitpunkt
 der Beendigung: 187
 
Error - 29.10.2012 17:43:29 | Computer Name = Alexander-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 
0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9,
 Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc,  Prozess-ID 0x880, Anwendungsstartzeit
 01cdb6174bf076f6.
 
[ Media Center Events ]
Error - 19.06.2012 14:39:33 | Computer Name = Alexander-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 02.02.2009 05:27:41 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 2721 seconds with 1620 seconds of active time.  This session ended with a
 crash.
 
Error - 23.01.2010 10:02:25 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 7933
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2010 08:57:32 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 21200 seconds with 360 seconds of active time.  This session ended with a
 crash.
 
Error - 26.05.2010 17:08:00 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2010 17:33:18 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 581
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.02.2011 18:31:11 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 23.02.2011 16:18:27 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2011 13:40:37 | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.10.2012 20:43:24 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 27.10.2012 20:53:33 | Computer Name = Alexander-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 28.10.2012 04:47:26 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 28.10.2012 13:02:49 | Computer Name = Alexander-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 28.10.2012 13:02:51 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.10.2012 19:20:38 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.10.2012 19:23:51 | Computer Name = Alexander-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 29.10.2012 16:53:20 | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.10.2012 16:55:15 | Computer Name = Alexander-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 29.10.2012 17:03:07 | Computer Name = Alexander-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Und schließlich der Log von gmer.

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-01 07:00:21
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0
Running: gmer.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlyauog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                              section is writeable [0x8EC03340, 0x3EE687, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                 [74A07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                  [74A4B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                              [74A0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                        [749FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                  [74A075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                               [749FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                   [74A373F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                      [74A0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                              [749FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                               [749FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                [749F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                        [74A8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                           [74A2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                              [749FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                        [749F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                       [749F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1352] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                          [74A02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                                           
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)                       
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)                       
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-796856541-1538127837-1361236656-1003@RefCount  6

---- EOF - GMER 1.0.15 ----
         
--- --- --- s
Nachdem sich mein Rechner seit dem Wochenende wieder normal verhält, stelle ich nun die Frage an die Experten: Seht Ihr etwas, ob der Laptop nun sauber ist?
Muss ich noch etwas zu um das Problem zu beheben?

Mein G Data Internet Security 2013 konnte ich mittlerweile auch wieder aktualisieren.
Beim Start des Laptop kommt jetzt immer die Meldung:
"RunDLL"
Fehler beim Laden von C:\Users\ALEXAN~1\AddData\Local\Temp\wgsdgsdgdsgsd.exe
Das angegebene Modul wurde nicht gefunden

Die Datei wurde wahrscheinlich gelöscht, als ich nach dem Defogger und OTL auch mein Virenprogramm habe drüber laufen lassen und diese empfahl, die Datei zu löschen.
Mir ist bis auf diese Fehlermeldung kein weiteres ungewöhnliches Verhalten des PC aufgefallen.

Würdet Ihr mir bitte helfen, die Sache final zu behandeln?
__________________

Geändert von lengischer (31.10.2012 um 22:44 Uhr)

Antwort

Themen zu GVU Trojaner eingefangen
administrator, anti-malware, laptop, logfile, lsass.exe, malwarebytes, nicht öffnen, polizei-virus, riskware.keygen, taskmanager, trojan.fakealert, trojaner, vista, wgsdgsdgdsgsd.exe




Ähnliche Themen: GVU Trojaner eingefangen


  1. Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.10.2015 (13)
  2. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (10)
  3. GVU Trojaner eingefangen...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2013 (43)
  4. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  5. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  6. GVU Trojaner eingefangen!
    Log-Analyse und Auswertung - 17.10.2012 (2)
  7. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (17)
  8. Gvu Trojaner 2.07 Eingefangen
    Log-Analyse und Auswertung - 21.08.2012 (6)
  9. GVU Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (11)
  10. GVU-Trojaner 2.07 eingefangen
    Log-Analyse und Auswertung - 25.07.2012 (11)
  11. GVU Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.07.2012 (19)
  12. 50€ Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (21)
  13. Trojaner eingefangen
    Log-Analyse und Auswertung - 13.02.2012 (1)
  14. Trojaner eingefangen....
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  16. Trojaner eingefangen?
    Log-Analyse und Auswertung - 03.03.2009 (0)
  17. Trojaner VX2 eingefangen
    Log-Analyse und Auswertung - 03.05.2005 (8)

Zum Thema GVU Trojaner eingefangen - Hallo. Nachdem sich mein Laptop gestern den tollen Polizei-Virus eingefangen hat, war der Laptop natürlich gesperrt. So ein Mist, das ist zum Glück mein erster Virus. Na jedenfalls konnte ich - GVU Trojaner eingefangen...
Archiv
Du betrachtest: GVU Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.