Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 27.02.2013, 22:48   #1
Hilfe343
 
Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Standard

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?



Liebe Forengemeinde,

ein sehr netter Kollege von mir hat sich diesen Sonntag einen Virus eingefangen, der alle Dokumente verschlüsselt hat. Laut Kaspersky Boot CD handelt es sich um den
"Trojan-Ransom.Win32.Foreign.abjw"

Die Dokumente auf dem Rechner heisen nun beispielsweise:
GJGXUyLLpxpgQsfs oder
leGoQsfAxEDsnjGoDT

Wie kann ich diese Dateien wieder entschlüsseln?
Wie immer sind die Daten sehr wichtig und ich wäre jedem Dankbar der mir helfen kann/will.

Vielen Dank

Daniel

Malwarebytes Log

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.27.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
horst :: HORST-PC [Administrator]

Schutz: Aktiviert

27.02.2013 22:33:53
mbam-log-2013-02-27 (22-33-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232787
Laufzeit: 3 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.02.2013 22:52:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horst\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free
7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:30:17 | 009,116,152 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.04.01 00:29:30 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.14 09:48:51 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.09 17:14:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 17:14:02 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\83794ccfabbb2472e26d05f07a938106\PresentationFramework.ni.dll
MOD - [2013.01.09 17:13:46 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.09 17:13:43 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d33c8e6f0b71f58abb7ee6db25097127\PresentationCore.ni.dll
MOD - [2013.01.09 17:13:35 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013.01.09 17:13:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.09 17:13:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll
MOD - [2013.01.09 17:13:24 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.09 17:13:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011.08.31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 10:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.08.04 10:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011.01.25 22:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:30:17 | 003,472,376 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.04.22 21:15:06 | 000,394,352 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.22 11:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.07.22 17:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 17:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 09:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 22:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.09.13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.07 10:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.08.03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.04.17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.03.02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Inbox Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google Maps [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Inbox.com
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/tb/mff_startpage"
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.4
FF - prefs.js..keyword.URL: "hxxp://go.gmx.net/tb/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.11.09 12:10:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012.02.24 08:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 10:25:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\Program Files (x86)\RebateInformer\Firefox\ [2013.02.03 13:36:47 | 000,000,000 | ---D | M]
 
[2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions
[2012.07.14 09:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.02.19 09:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions
[2012.10.18 08:08:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.20 09:06:33 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\horst\AppData\Roaming\mozilla\Firefox\Profiles\m8ccar48.default\extensions\AppGraffiti@AppGraffiti.com
[2013.02.19 09:43:53 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\extensions\toolbar@gmx.net.xpi
[2012.01.30 11:03:03 | 000,000,933 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\11-suche.xml
[2012.01.30 11:03:03 | 000,002,419 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\englische-ergebnisse.xml
[2012.01.30 11:03:03 | 000,010,525 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\gmx-suche.xml
[2012.01.30 11:03:03 | 000,002,457 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\lastminute.xml
[2012.05.02 15:38:31 | 000,005,489 | ---- | M] () -- C:\Users\horst\AppData\Roaming\mozilla\firefox\profiles\m8ccar48.default\searchplugins\webde-suche.xml
[2012.03.19 10:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.16 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.11.16 12:42:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.19 10:25:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 10:25:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 10:25:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 10:25:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 10:25:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 10:25:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 10:25:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: iGoogle
CHR - homepage: iGoogle
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll (Crawler, LLC)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Gygoofa] C:\Users\horst\AppData\Roaming\Azutw\xyvou.exe File not found
O4 - HKCU..\Run: [jwnenlmo] C:\Users\horst\AppData\Roaming\Txuftven\nnnkynlmo.exe File not found
O4 - HKCU..\Run: [userj] C:\Users\horst\AppData\Roaming\userj.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323F3241-93F6-4C0B-9EE3-47A761A741B7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73C2E180-6D7C-4BEA-9EA3-3C19E27AC15A}: DhcpNameServer = 83.169.184.161 192.168.0.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell - "" = AutoRun
O33 - MountPoints2\{6617214d-7f82-11e2-af38-f46d04160b67}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.27 22:51:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.27 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Malwarebytes
[2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.27 22:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.27 22:33:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.27 22:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.26 07:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.02.25 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2013.02.25 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\Programs
[2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2013.02.25 20:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2013.02.25 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\horst\ERPro
[2013.02.25 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\horst\Desktop\Neuer Ordner
[2013.02.24 13:56:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.23 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Usxhgpyvfy
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ozlee
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Niuseq
[2013.02.22 12:55:35 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Etul
[2013.02.15 14:56:01 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\Txuftven
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Reyz
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Enlo
[2013.02.15 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Atykhu
[2013.02.14 09:09:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 09:09:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 09:09:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 09:09:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 09:09:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 09:09:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 09:09:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 09:09:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 09:09:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 09:09:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 09:09:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 09:09:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 09:09:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 09:09:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 09:09:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 15:03:37 | 000,000,000 | -H-D | C] -- C:\Users\horst\AppData\Roaming\ECE760EC
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Ezuk
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Emtoi
[2013.02.13 14:50:41 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Roaming\Azutw
[2013.02.13 09:02:01 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 09:02:00 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 09:01:59 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 09:01:52 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 09:01:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 09:01:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 09:01:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 09:01:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 09:01:52 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 09:01:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 09:01:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 09:01:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 09:01:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 09:01:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 09:01:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 09:01:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 09:01:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 09:01:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 09:01:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 09:01:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 09:01:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 09:01:50 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.01.31 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\horst\AppData\Local\{D2818443-9CB5-4A0B-AC59-CF2F9CEA56B6}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.27 22:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\horst\Desktop\OTL.exe
[2013.02.27 22:50:48 | 000,000,000 | ---- | M] () -- C:\Users\horst\defogger_reenable
[2013.02.27 22:50:39 | 000,050,477 | ---- | M] () -- C:\Users\horst\Desktop\Defogger.exe
[2013.02.27 22:44:27 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.27 22:33:01 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 22:12:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.27 22:03:49 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.27 22:03:49 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.27 22:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 22:03:15 | 3151,900,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.26 15:36:36 | 000,002,270 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.02.26 15:36:29 | 000,001,243 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.02.26 07:57:39 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
[2013.02.26 07:33:02 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 07:33:02 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.26 07:33:02 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 07:33:02 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.26 07:33:02 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.25 21:43:02 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013.02.20 12:36:34 | 000,000,150 | ---- | M] () -- C:\Users\horst\Desktop\sesxyfrseeJqDNXnO
[2013.02.14 09:46:22 | 000,276,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.06 14:46:58 | 000,362,040 | ---- | M] () -- C:\Users\horst\Documents\AqOexrvagsjNlaOeAEl
[2013.01.30 14:11:41 | 000,013,352 | ---- | M] () -- C:\Users\horst\Desktop\GtvsraloJUxylg
 
========== Files Created - No Company Name ==========
 
[2013.02.27 22:50:48 | 000,000,000 | ---- | C] () -- C:\Users\horst\defogger_reenable
[2013.02.27 22:50:39 | 000,050,477 | ---- | C] () -- C:\Users\horst\Desktop\Defogger.exe
[2013.02.27 22:33:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.26 07:57:39 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8 Host.lnk
[2013.02.26 07:57:39 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8 Host.lnk
[2013.02.25 21:43:02 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2011.11.09 15:09:50 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.08 04:39:07 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.08 04:39:05 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.08 04:39:03 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.08 04:37:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.01.12 17:02:43 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[1601.02.13 09:28:18 | 002,021,888 | ---- | C] () -- C:\Users\horst\AejXgDsajegOytnJGlDT
[1601.02.13 09:28:18 | 001,521,376 | ---- | C] () -- C:\Users\horst\OrEflnjsofgLdtEfg
[1601.02.13 09:28:18 | 001,053,250 | ---- | C] () -- C:\Users\horst\rLNDvgfxxNAtEyQDjT
[1601.02.13 09:28:18 | 000,292,352 | ---- | C] () -- C:\Users\horst\gAagVVUdvjLyQAp
[1601.02.13 09:28:18 | 000,290,156 | ---- | C] () -- C:\Users\horst\ONAVLtUDAuOadoAuOtlE
[1601.02.13 09:28:18 | 000,221,257 | ---- | C] () -- C:\Users\horst\qjGEussApEltnvGgDTNA
[1601.02.13 09:28:18 | 000,176,640 | ---- | C] () -- C:\Users\horst\jyXUjogeXpjAgfupNJa
[1601.02.13 09:28:18 | 000,172,032 | ---- | C] () -- C:\Users\horst\oVJrsjLXofGUxn
[1601.02.13 09:28:18 | 000,124,248 | ---- | C] () -- C:\Users\horst\oLTfoAvsaToEJdTa
[1601.02.13 09:28:18 | 000,029,184 | ---- | C] () -- C:\Users\horst\DjvyXgTxXrEOLlEeJ
[1601.02.13 09:28:18 | 000,015,865 | ---- | C] () -- C:\Users\horst\vjJsgspXtvsEqQNdsa
[1601.02.13 09:28:18 | 000,013,379 | ---- | C] () -- C:\Users\horst\aXUjtEqQdlaOyGUDTouG
[1601.02.13 09:28:18 | 000,012,818 | ---- | C] () -- C:\Users\horst\nyfuonxreNGnJLvsvrsr
[1601.02.13 09:28:18 | 000,010,036 | ---- | C] () -- C:\Users\horst\ypyUoAuLgqdNaDnve
[1601.01.01 01:00:00 | 000,243,712 | ---- | C] () -- C:\Users\horst\AppData\Roaming\userj.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Extras.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.02.2013 22:52:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\horst\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,86% Memory free
7,83 Gb Paging File | 6,09 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 183,73 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 28,14 Gb Free Space | 8,46% Space Free | Partition Type: NTFS
 
Computer Name: HORST-PC | User Name: horst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119FA9C6-D269-4C77-8976-39440E43623A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1DEF9043-1413-470B-B7AC-463B9A6D6772}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{1E1DA530-6E46-49A6-BCAD-750F6B0802E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29F43436-220E-42F4-A6B5-EB07DA193F97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32996E6E-2562-45F7-A6F4-3530D0FF9096}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3B2D6E27-6F8A-47D0-8F73-7AA9B9DB2770}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{51BDE02A-706E-4AAB-9270-8E4BD7D052AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{53158159-126F-443C-8507-1D4526A6A587}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{539A08E2-2F15-44C0-96F2-3ECCFE570BB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55966B09-7615-4F13-8232-0FA2BAF80E69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{592B8AEC-D724-4384-A27F-ADCC400E9C2B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D2A4992-89DF-4E8A-8CF2-F0ABFAEA37CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93568354-1F19-475C-B4E9-19BEE5F33B92}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{941B541C-87D4-4C52-B528-D78ED09E53B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9A313182-E5C1-4776-B0E2-30F92612D0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9C7B15B5-BAFB-4FBF-9E41-36A3D8B6408E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9E7D39DD-1FAA-4E28-8E09-2D7099E36D64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A6E909CF-72ED-4D8B-B082-2F073055BDA2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B706632E-02E5-4B00-8038-8BD25B304ED6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF8153D1-58CF-4CD7-8D1F-17B5B008FFEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DA78110C-2370-4EB5-9B93-16E4CC27C9EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{ED77EEA8-8C76-4920-837C-E78404DE76A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2554677-DA41-4E79-9EE1-BF82427342D2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FE22141D-73BB-48A6-BE71-A6364A7EC361}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{465423EC-0915-46CA-BA76-A9FC64226E5C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4A5A010A-74AF-47B0-A842-A2D799BE9646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5345F2F6-1E95-470E-883C-D25315BE7F08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{5C72C850-6E4A-44FA-BA24-8B53451CAF53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{6C18535A-55AC-4082-8163-84DE2543A9A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{71D43AB7-DF4B-48C8-A14B-2F602199ED1F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7E2C447A-BC1A-41AE-9314-8FEE1D01CCFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{8722B1C6-764D-4E43-8648-7ACDF9FAD7BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9DE504BB-94DD-435C-8B82-EDD1463191B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6CE2B8A-3326-4CC7-A7B0-A840B904C03F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{C472DBE9-1B69-4915-854D-65DB98EAD538}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{E5989B42-F87B-4915-BA17-0A02295EEA79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{2A7C58DE-B27D-441E-AB6D-501C7BE9BD2A}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=6 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe | 
"UDP Query User{7AC96F82-BA39-40DC-B343-7B909E7427B7}C:\users\horst\appdata\roaming\azutw\xyvou.exe" = protocol=17 | dir=in | app=c:\users\horst\appdata\roaming\azutw\xyvou.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4543C6FA-89E7-4F1E-89A2-32F3FFEBB47E}" = Software-Edition 2012
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{99C0BA09-5F99-4A0E-B5A1-B476ED73BFA8}" = Grundstücks- und Gebäudewertermittlung
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.24
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BB3085D5-7D88-4AF2-B08E-226E26E2A169}" = Haufe iDesk-Browser
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D768CAF3-57FD-446C-BE4E-FC29DCE83B93}" = Haufe iDesk-Service
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC438CEA-210E-461C-8CB7-8CB838667A09}" = Haufe Formular-Manager
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"HaufeReader" = HaufeReader
"HIO" = HIO
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"IMV2000_is1" = IMV2000
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Jewel Quest 3" = Jewel Quest 3
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Plants vs Zombies" = Plants vs Zombies
"TeamViewer 8 Host" = TeamViewer 8 Host
"WinLiveSuite" = Windows Live Essentials
"World of Goo" = World of Goo
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2012 08:22:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 22.05.2012 04:34:22 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: imv2000.exe, Version: 6.53.0.0, Zeitstempel:
 0x47139f24  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel:
 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000346e1  ID des fehlerhaften Prozesses:
 0x1788  Startzeit der fehlerhaften Anwendung: 0x01cd37f58015be86  Pfad der fehlerhaften
 Anwendung: C:\IMV2000\imv2000.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 edb4ea2a-a3e8-11e1-87e0-f46d04160b67
 
Error - 04.06.2012 09:31:44 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: Flash10d.ocx, Version: 10.0.42.34,
 Zeitstempel: 0x4ae7baed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cdaf9  ID des fehlerhaften
 Prozesses: 0x760  Startzeit der fehlerhaften Anwendung: 0x01cd424c1add46e4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWow64\Macromed\Flash\Flash10d.ocx  Berichtskennung:
 a00f64ca-ae49-11e1-84be-f46d04160b67
 
Error - 20.06.2012 06:15:24 | Computer Name = horst-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 16.07.2012 13:58:19 | Computer Name = horst-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 13.09.2012 05:24:59 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xca4  Startzeit der fehlerhaften Anwendung: 0x01cd918ba3b148ad  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: e2da7755-fd84-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:30:18 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1bb4  Startzeit der fehlerhaften Anwendung: 0x01cd9191c6aedc52  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a0ed4150-fd85-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:34:51 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x1704  Startzeit der fehlerhaften Anwendung: 0x01cd91926aef2a02  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 4429137f-fd86-11e1-922c-f46d04160b67
 
Error - 13.09.2012 05:39:27 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0xfa4  Startzeit der fehlerhaften Anwendung: 0x01cd91930ebf4f1e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: e8a9c680-fd86-11e1-922c-f46d04160b67
 
Error - 13.09.2012 09:18:07 | Computer Name = horst-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fecf1b7  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16850,
 Zeitstempel: 0x4e211485  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x4ec  Startzeit der fehlerhaften Anwendung: 0x01cd91b19998711d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 748e900b-fda5-11e1-819c-f46d04160b67
 
[ Media Center Events ]
Error - 03.06.2012 07:28:56 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:28:50 - Fehler beim Herstellen der Internetverbindung.  13:28:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2012 07:08:21 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:20 - Fehler beim Herstellen der Internetverbindung.  13:08:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.07.2012 07:08:35 | Computer Name = horst-PC | Source = MCUpdate | ID = 0
Description = 13:08:26 - Fehler beim Herstellen der Internetverbindung.  13:08:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 23.02.2013 07:53:35 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 23.02.2013 08:06:06 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.02.2013 08:54:46 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 24.02.2013 08:58:36 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 04:19:07 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 14:41:33 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.02.2013 15:36:11 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.02.2013 02:50:19 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 26.02.2013 10:37:15 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 27.02.2013 17:04:40 | Computer Name = horst-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

GMER
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000103ed2a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000103ed17b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000103ece320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000103ed1750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000747f1465 2 bytes [7F, 74]
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000101f52a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000101f527b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000101f517b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000101f516e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000101f508c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000101f4e320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000101f51750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404]                                                                                      0000000003ed3208
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476]                                                                                      0000000001f57da0
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464]                                                                                       0000000001f57c70

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
--- --- ---

GMER

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-27 23:23:37
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\horst\AppData\Local\Temp\fgloipoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe[3960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000103ed2a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000103ed27b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000103ed17b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000103ed16e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000103ed0df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000103ed08c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000103ecdcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000103ecdd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000103ece320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000103ed1750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000103ecfa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000103ed16c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000103ed0ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000103ecf2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  00000000747f1465 2 bytes [7F, 74]
.text   C:\Windows\AsScrPro.exe[4240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                            000000007648102d 5 bytes JMP 0000000101f52a04
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                      000000007621bbdb 5 bytes JMP 0000000101f527b0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                        00000000749fc664 5 bytes JMP 0000000101f517b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                             00000000749fe13a 5 bytes JMP 0000000101f516e8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFile                                           00000000749ff8d8 5 bytes JMP 0000000101f50df4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                                 0000000074a03184 5 bytes JMP 0000000101f508c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetOpenA                                              0000000074a0d5e0 5 bytes JMP 0000000101f4dcdc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetConnectA                                           0000000074a2567e 5 bytes JMP 0000000101f4dd30
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                           0000000074a25761 5 bytes JMP 0000000101f4e320
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpQueryInfoW                                             0000000074a25865 5 bytes JMP 0000000101f51750
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                           0000000074a2632d 5 bytes JMP 0000000101f4fa54
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExW                                        0000000074a2f9ee 5 bytes JMP 0000000101f516c8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                        0000000074a2fa49 5 bytes JMP 0000000101f50ff8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                           0000000074a5525a 5 bytes JMP 0000000101f4f2f0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[2368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                     00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                    00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000747f1465 2 bytes [7F, 74]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000747f14bb 2 bytes [7F, 74]
.text   ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [4156:1404]                                                                                      0000000003ed3208
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:2476]                                                                                      0000000001f57da0
Thread  C:\Program Files (x86)\Internet Explorer\iexplore.exe [2368:464]                                                                                       0000000001f57c70

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007a2bc2                                                                            
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007a2bc2 (not active ControlSet)                                                        

---- EOF - GMER 2.1 ----
         
--- --- ---

 

Themen zu Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?
bingbar, boot, boot cd, dankbar, dateien, daten verschlüsselt, dokumente, eingefangen, entschlüsseln, gefangen, gemeinde, gen, heise, install.exe, kaspersky, kollege, liebe, microsoft office starter 2010, msn deutschland, netter, ntdll.dll, nvidia update, nvpciflt.sys, plug-in, rechner, schlüsseln, sonntag, troja, verschlüsselt, virus eingefangen, was tun?, wichtig, win32/kryptik.avxq




Ähnliche Themen: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  4. lenovo x61 mit Win 7, Trojan-Ransom.Win32.Foreign.doov und weitere
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  5. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  6. trojan-ransom.win32.foreign.bnpm entdeckt in e-mail anhang!
    Log-Analyse und Auswertung - 19.07.2013 (4)
  7. trojan-ransom.win32.foreign.dfos eventuell versehentlich geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (14)
  8. Mahnungsmail mit ZIP Datei - Trojan-Ransom.Win32.Foreign.cjue
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (30)
  9. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  10. Trojan-Ransom.Win32.Foreign.abjw
    Log-Analyse und Auswertung - 23.04.2013 (11)
  11. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  12. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  13. Probleme Daten verschlüsselt Trojan-Dropper.Win32.Injektor.fanf
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  14. Trojaner hat alle Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (2)
  15. Verschlüsselungstrojaner, alle Daten und Photos verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (1)
  16. Bundestrojaner Trojan-Ransom.win32.Foreign.oja usw.
    Log-Analyse und Auswertung - 14.05.2012 (17)
  17. Schwarzer Bildschirm und alle Daten weg!(Trojan:Win32/Tips.IT)
    Plagegeister aller Art und deren Bekämpfung - 10.04.2012 (34)

Zum Thema Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? - Liebe Forengemeinde, ein sehr netter Kollege von mir hat sich diesen Sonntag einen Virus eingefangen, der alle Dokumente verschlüsselt hat. Laut Kaspersky Boot CD handelt es sich um den "Trojan-Ransom.Win32.Foreign.abjw" - Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?...
Archiv
Du betrachtest: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.