Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Ransom.Foreign.hjrz

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.09.2013, 21:48   #1
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Servesa!

Könnte hier mal jemand drüberschauen? Ist ein 64bit-Windows 7-System. Haben diverse Programme suchen lassen und kommt nicht viel dabei raus. Computer wird wöchentlich mit Avira Premium gescannt. Beim letzten mal kam ein TR/Ransom-Fund in einer ZIP-Datei. Malwarebytes hat nichts gefunden.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 16.09.2013 16:33:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,28% Memory free
3,50 Gb Paging File | 2,08 Gb Available in Paging File | 59,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 229,38 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
 
Computer Name:XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 DE EC C1 18 5E CE 01  [binary data]
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\..\SearchScopes\{7724CBF8-BA9E-4994-9970-A01C5E114EC7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.08.16 10:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.08.16 10:14:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013.06.02 15:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2013.06.02 15:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.09.12 16:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\7f00v1po.default\extensions
[2013.09.12 16:10:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\7f00v1po.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.08.01 20:34:59 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\7f00v1po.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.31 18:51:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\7f00v1po.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.08.17 19:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.17 19:50:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_8\TrayServer.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3A56C93-38B7-41AD-B54F-967D48826C33}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15a874a7-ca06-11e2-893f-001fd046843b}\Shell - "" = AutoRun
O33 - MountPoints2\{15a874a7-ca06-11e2-893f-001fd046843b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.16 16:34:21 | 000,000,000 | ---D | C] -- C:\629493b1a485300b56f9c5
[2013.09.16 16:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.09.16 16:03:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.16 16:03:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\CINEBENCH_11.529
[2013.09.16 16:03:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\SysinternalsSuite
[2013.09.16 16:03:12 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\HitmanPro_3.7.7.205
[2013.09.16 16:03:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\XXXX\Desktop\HijackThis.exe
[2013.09.16 16:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2013.09.13 10:18:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\dvdcss
[2013.09.12 16:08:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.09.12 15:21:33 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.09.12 15:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.12 15:19:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.09.12 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2013.09.12 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.09.12 14:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.08.17 20:04:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\OpenOffice
[2013.08.17 20:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013.08.17 20:01:08 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\OpenOffice 4.0.0 (de) Installation Files
[2013.08.17 19:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.16 16:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.16 16:14:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.16 16:14:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.16 16:07:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.16 16:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.16 16:06:30 | 1407,852,544 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.16 14:27:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\XXXX\Desktop\HijackThis.exe
[2013.09.16 14:26:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2013.09.16 14:23:33 | 001,039,554 | ---- | M] () -- C:\Users\XXXX\Desktop\adwcleaner.exe
[2013.09.13 14:19:07 | 000,015,767 | ---- | M] () -- C:\Users\XXXX\Documents\Kontoübersicht HeikoXXXX.ods
[2013.09.13 09:24:04 | 000,018,983 | ---- | M] () -- C:\Users\XXXX\Documents\Filme sichern, Sicherungskopien auf externer Festplatte.ods
[2013.09.12 18:37:02 | 000,098,448 | ---- | M] () -- C:\Users\XXXX\Documents\Weihnachten Ruth 2012.odt
[2013.09.12 18:36:29 | 005,384,295 | ---- | M] () -- C:\Users\XXXX\Documents\Weihnachten Kerstin 2012.odt
[2013.09.12 18:35:40 | 000,231,804 | ---- | M] () -- C:\Users\XXXX\Documents\Weihnachten Heiko 2012.odt
[2013.09.12 18:34:45 | 000,128,287 | ---- | M] () -- C:\Users\XXXX\Documents\Rund um den Kahlen Asten (Cover vorn).odt
[2013.09.12 18:34:14 | 000,019,953 | ---- | M] () -- C:\Users\XXXX\Documents\Personenliste Film Girkhausen.ods
[2013.09.12 18:32:49 | 000,016,945 | ---- | M] () -- C:\Users\XXXX\Documents\Monatliche Belastungen vom Postbankkonto.odt
[2013.09.12 18:10:57 | 000,013,800 | ---- | M] () -- C:\Users\XXXX\Documents\Monatliche Belastungen vom Kto. K.odt
[2013.09.12 17:59:52 | 000,016,765 | ---- | M] () -- C:\Users\XXXX\Documents\Kontoübersicht Zuwachssparen DiBa Sparbrief.ods
[2013.09.12 17:59:10 | 000,016,125 | ---- | M] () -- C:\Users\XXXX\Documents\Kontoführung Zuwachssparen.ods
[2013.09.12 17:58:25 | 000,508,896 | ---- | M] () -- C:\Users\XXXX\Documents\Geburtstagseinladung Heiko 30, 2011.odt
[2013.09.12 17:55:04 | 000,010,331 | ---- | M] () -- C:\Users\XXXX\Documents\Geb.Kärtchen Ruth.ods
[2013.09.12 17:53:42 | 000,011,648 | ---- | M] () -- C:\Users\XXXX\Documents\Ersatztelefonnummern für 0180-.ods
[2013.09.12 17:52:39 | 000,017,618 | ---- | M] () -- C:\Users\XXXX\Documents\Jährlich durchzuführende Arbeiten Sommer- Herbst-Winter 13-14.ods
[2013.09.12 17:26:11 | 000,019,059 | ---- | M] () -- C:\Users\XXXX\Documents\Durchzuführende Arbeiten 2012-2014.ods
[2013.09.12 17:06:11 | 000,042,865 | ---- | M] () -- C:\Users\XXXX\Documents\Dinner for One (Cover vorn).odt
[2013.09.12 17:05:36 | 000,012,753 | ---- | M] () -- C:\Users\XXXX\Documents\Dinner for One (Cover innen).odt
[2013.09.12 17:04:29 | 000,011,115 | ---- | M] () -- C:\Users\XXXX\Documents\Betriebsstunden Kompressor.ods
[2013.09.12 17:03:31 | 000,015,330 | ---- | M] () -- C:\Users\XXXX\Documents\Arbeitsblatt Guthaben Abbuchungen.odt
[2013.09.12 16:02:29 | 002,397,270 | ---- | M] () -- C:\Users\XXXX\Documents\Film Girkhausen(Cover vorn).odt
[2013.09.12 16:00:16 | 000,014,567 | ---- | M] () -- C:\Users\XXXX\Documents\Rund um den Kahlen Asten (Cover innen).odt
[2013.09.12 15:57:54 | 000,014,026 | ---- | M] () -- C:\Users\XXXX\Documents\Film Girkhausen (Cover innen).odt
[2013.09.12 15:20:46 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.09.12 15:16:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.12 15:16:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.12 15:13:41 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.09.12 15:13:41 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.09.12 15:13:41 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.09.08 11:20:15 | 000,017,094 | ---- | M] () -- C:\Users\XXXX\Documents\Kontoführung Extra-Konto Ing-DiBa.ods
[2013.09.07 16:47:08 | 000,017,741 | ---- | M] () -- C:\Users\XXXX\Documents\Materialliste TV-Board.ods
[2013.08.17 19:53:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 
========== Files Created - No Company Name ==========
 
[2013.09.16 16:03:01 | 001,039,554 | ---- | C] () -- C:\Users\XXXX\Desktop\adwcleaner.exe
[2013.09.13 13:31:11 | 000,015,767 | ---- | C] () -- C:\Users\XXXX\Documents\Kontoübersicht HeikoXXXX.ods
[2013.09.12 18:36:59 | 000,098,448 | ---- | C] () -- C:\Users\XXXX\Documents\Weihnachten Ruth 2012.odt
[2013.09.12 18:36:29 | 005,384,295 | ---- | C] () -- C:\Users\XXXX\Documents\Weihnachten Kerstin 2012.odt
[2013.09.12 18:35:37 | 000,231,804 | ---- | C] () -- C:\Users\XXXX\Documents\Weihnachten Heiko 2012.odt
[2013.09.12 18:34:42 | 000,128,287 | ---- | C] () -- C:\Users\XXXX\Documents\Rund um den Kahlen Asten (Cover vorn).odt
[2013.09.12 18:34:12 | 000,019,953 | ---- | C] () -- C:\Users\XXXX\Documents\Personenliste Film Girkhausen.ods
[2013.09.12 18:32:47 | 000,016,945 | ---- | C] () -- C:\Users\XXXX\Documents\Monatliche Belastungen vom Postbankkonto.odt
[2013.09.12 18:10:55 | 000,013,800 | ---- | C] () -- C:\Users\XXXX\Documents\Monatliche Belastungen vom Kto. K.odt
[2013.09.12 17:59:50 | 000,016,765 | ---- | C] () -- C:\Users\XXXX\Documents\Kontoübersicht Zuwachssparen DiBa Sparbrief.ods
[2013.09.12 17:59:08 | 000,016,125 | ---- | C] () -- C:\Users\XXXX\Documents\Kontoführung Zuwachssparen.ods
[2013.09.12 17:58:21 | 000,508,896 | ---- | C] () -- C:\Users\XXXX\Documents\Geburtstagseinladung Heiko 30, 2011.odt
[2013.09.12 17:55:02 | 000,010,331 | ---- | C] () -- C:\Users\XXXX\Documents\Geb.Kärtchen Ruth.ods
[2013.09.12 17:54:31 | 000,018,983 | ---- | C] () -- C:\Users\XXXX\Documents\Filme sichern, Sicherungskopien auf externer Festplatte.ods
[2013.09.12 17:53:40 | 000,011,648 | ---- | C] () -- C:\Users\XXXX\Documents\Ersatztelefonnummern für 0180-.ods
[2013.09.12 17:52:37 | 000,017,618 | ---- | C] () -- C:\Users\XXXX\Documents\Jährlich durchzuführende Arbeiten Sommer- Herbst-Winter 13-14.ods
[2013.09.12 17:26:10 | 000,019,059 | ---- | C] () -- C:\Users\XXXX\Documents\Durchzuführende Arbeiten 2012-2014.ods
[2013.09.12 17:06:09 | 000,042,865 | ---- | C] () -- C:\Users\XXXX\Documents\Dinner for One (Cover vorn).odt
[2013.09.12 17:05:35 | 000,012,753 | ---- | C] () -- C:\Users\XXXX\Documents\Dinner for One (Cover innen).odt
[2013.09.12 17:04:28 | 000,011,115 | ---- | C] () -- C:\Users\XXXX\Documents\Betriebsstunden Kompressor.ods
[2013.09.12 17:03:28 | 000,015,330 | ---- | C] () -- C:\Users\XXXX\Documents\Arbeitsblatt Guthaben Abbuchungen.odt
[2013.09.12 16:02:18 | 002,397,270 | ---- | C] () -- C:\Users\XXXX\Documents\Film Girkhausen(Cover vorn).odt
[2013.09.12 16:00:13 | 000,014,567 | ---- | C] () -- C:\Users\XXXX\Documents\Rund um den Kahlen Asten (Cover innen).odt
[2013.09.12 15:57:50 | 000,014,026 | ---- | C] () -- C:\Users\XXXX\Documents\Film Girkhausen (Cover innen).odt
[2013.09.12 15:19:39 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.09.07 15:13:38 | 000,017,741 | ---- | C] () -- C:\Users\XXXX\Documents\Materialliste TV-Board.ods
[2013.06.02 15:09:51 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.06.02 15:05:07 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2013.05.31 18:02:00 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013.05.31 18:02:00 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013.05.31 18:02:00 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013.05.31 18:02:00 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013.05.31 18:02:00 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013.05.31 18:02:00 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013.05.31 18:02:00 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013.05.31 18:02:00 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013.05.31 18:02:00 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013.05.31 18:02:00 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2013.05.31 18:02:00 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013.05.31 18:02:00 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013.05.31 18:02:00 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013.05.31 18:02:00 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013.05.31 18:02:00 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013.05.31 18:02:00 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2013.05.31 18:02:00 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2013.05.31 18:02:00 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013.05.31 18:02:00 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013.05.31 17:52:26 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.05.31 17:51:26 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013.05.31 17:21:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.05 19:56:13 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MAGIX
[2013.08.17 20:04:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\OpenOffice
[2013.06.02 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\OpenOffice.org
[2013.06.01 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Panasonic
[2013.06.14 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Sigel
[2013.05.31 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2013.06.02 15:28:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 933 bytes -> C:\Users\XXXX\Documents\Unsere Soforthilfe bei Anschluss-Störungen.eml:OECustomProperty

< End of report >
         
EXTRAS.txt
Code:
ATTFilter
OTL Extras logfile created on: 16.09.2013 16:33:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,28% Memory free
3,50 Gb Paging File | 2,08 Gb Available in Paging File | 59,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 229,38 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3000793201-4075148729-2800895205-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2B9CA7F6-64A9-4346-9238-CDC3604A8D66}" = MAGIX Video deluxe 2013 Plus
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8AEAA238-F71F-457B-B6EE-5915966EC629}" = MAGIX Speed burnR (MSI)
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F585E2A2-5ED5-4F65-985D-6F51E478FE9E}" = MAGIX Video easy Rescue Your Videotapes 3 Update
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition
"{3C8B5BE2-8540-47FD-BDAB-24A78E289FB9}" = MAGIX Screenshare
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57C14BDB-7D29-4DB9-98CA-F5F49120B8CF}" = Software der DVD Videokamera
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8D85149E-D7A0-4920-BEBF-B6CEDFED8D1E}" = MAGIX USB-Videowandler 2
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4E03BC-974B-45ED-A0FB-E369E83C45DA}" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition
"{A49098C1-980A-4C99-A579-4D10409AD899}" = DVDfunSTUDIO
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E26C402E-01FE-4EF2-964A-AC54734539B7}" = DVD-MovieAlbumSE 4
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Antivirus Premium
"AVMWLANCLI" = AVM FRITZ!WLAN
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.6.2
"MAGIX Filme auf DVD 8 D" = MAGIX Filme auf DVD 8 8.0.2.0 (D)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX_{2B9CA7F6-64A9-4346-9238-CDC3604A8D66}" = MAGIX Video deluxe 2013 Plus
"MAGIX_{8AEAA238-F71F-457B-B6EE-5915966EC629}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_Video_easy_3_RYVT" = MAGIX Video easy Retten Sie Ihre Videokassetten! Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"VLC media player" = VLC media player 2.0.6
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2013 09:11:14 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:14.853]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:16 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:16.353]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:17 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:17.853]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:19 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:19.353]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:20 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:20.853]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:22 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:22.353]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:23 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:23.854]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:25 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:25.354]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:26 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:26.854]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 16.08.2013 09:11:28 | Computer Name = XXXX | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/08/16 15:11:28.354]: [00000912]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 16.09.2013 10:06:34 | Computer Name = XXXX | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 16.09.2013 10:06:34 | Computer Name = XXXX | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
 
Error - 16.09.2013 10:06:36 | Computer Name = XXXX | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.09.2013 10:06:36 | Computer Name = XXXX | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.09.2013 10:06:48 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 16.09.2013 10:06:48 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 16.09.2013 10:09:59 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 16.09.2013 10:10:32 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 16.09.2013 10:11:10 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 16.09.2013 10:11:44 | Computer Name = XXXX | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
 
< End of report >
         

Alt 16.09.2013, 21:55   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 18.09.2013, 20:14   #3
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by XXXX XXXX (administrator) on XXXX on 18-09-2013 19:29:37
Running from C:\Users\XXXX XXXX\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
MountPoints2: {15a874a7-ca06-11e2-893f-001fd046843b} - F:\pushinst.exe
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Filme_auf_DVD_8\TrayServer.exe [90112 2008-01-17] (MAGIX AG)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [323 2013-06-02] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD4DEECC1185ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7f00v1po.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7f00v1po.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7f00v1po.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7f00v1po.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-31] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 cdrbsdrv; No ImagePath
S3 pfc; system32\drivers\pfc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-18 19:29 - 2013-09-18 19:29 - 01950524 _____ (Farbar) C:\Users\XXXX XXXX\Downloads\FRST64.exe
2013-09-18 19:29 - 2013-09-18 19:29 - 00000000 ____D C:\FRST
2013-09-18 19:28 - 2013-09-18 19:28 - 98159724 _____ C:\Windows\SysWOW64\㝷᭔9
2013-09-18 16:23 - 2013-09-18 16:37 - 00014233 _____ C:\Windows\WindowsUpdate.log
2013-09-18 16:21 - 2013-09-18 19:27 - 00000112 _____ C:\Windows\setupact.log
2013-09-18 16:21 - 2013-09-18 16:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 15:24 - 2013-09-17 16:49 - 00018082 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Kerstin XXXX (mon. Belastungen).ods
2013-09-17 12:09 - 2013-09-17 14:51 - 00021302 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht XXXX XXXX (mon. Belastungen).ods
2013-09-17 08:56 - 2013-09-17 08:56 - 00013986 _____ C:\Users\XXXX XXXX\Documents\TV-Board, Zuschnittliste.ods
2013-09-17 08:34 - 2013-09-17 09:07 - 00014660 _____ C:\Users\XXXX XXXX\Documents\Datensicherung auf externer Festplatte (Beschreibung).odt
2013-09-16 20:02 - 2013-09-16 20:02 - 97787879 _____ C:\Windows\SysWOW64\鿜쾣᭔„
2013-09-16 17:26 - 2013-09-16 17:26 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\MAXON
2013-09-16 17:24 - 2013-09-16 17:24 - 00001192 _____ C:\Users\XXXX XXXX\Desktop\OpenOffice 4.0.0.lnk
2013-09-16 17:24 - 2013-09-16 17:24 - 00000000 ___SD C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2013-09-16 16:59 - 2013-09-16 16:59 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-16 16:36 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-16 16:36 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-16 16:36 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-16 16:36 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-16 16:36 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-16 16:36 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-16 16:36 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-16 16:36 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 16:36 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-16 16:36 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 16:36 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-16 16:36 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 16:36 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-16 16:36 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-16 16:26 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-16 16:26 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-16 16:26 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-16 16:26 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-16 16:26 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-16 16:26 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-16 16:26 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-16 16:26 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-16 16:26 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-16 16:26 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-16 16:26 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-16 16:26 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-16 16:26 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-16 16:26 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-16 16:26 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-16 16:26 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-16 16:26 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-16 16:26 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-16 16:26 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-16 16:26 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-16 16:26 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 16:26 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-16 16:25 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-16 16:25 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-16 16:25 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-16 16:25 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-16 16:25 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-16 16:09 - 2013-09-16 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-16 16:03 - 2013-09-16 18:18 - 00000000 ____D C:\AdwCleaner
2013-09-13 13:31 - 2013-09-16 20:47 - 00016035 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Heiko XXXX (mon. Belastungen).ods
2013-09-13 10:18 - 2013-09-17 09:14 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\dvdcss
2013-09-12 18:36 - 2013-09-12 18:37 - 00098448 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Ruth 2012.odt
2013-09-12 18:36 - 2013-09-12 18:36 - 05384295 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Kerstin 2012.odt
2013-09-12 18:35 - 2013-09-12 18:35 - 00231804 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Heiko 2012.odt
2013-09-12 18:34 - 2013-09-12 18:34 - 00128287 _____ C:\Users\XXXX XXXX\Documents\Rund um den Kahlen Asten (Cover vorn).odt
2013-09-12 18:34 - 2013-09-12 18:34 - 00019953 _____ C:\Users\XXXX XXXX\Documents\Personenliste Film Girkhausen.ods
2013-09-12 18:10 - 2013-09-12 18:10 - 00013800 _____ C:\Users\XXXX XXXX\Documents\Monatliche Belastungen vom Kto. K.odt
2013-09-12 17:59 - 2013-09-12 17:59 - 00016765 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Zuwachssparen DiBa Sparbrief.ods
2013-09-12 17:59 - 2013-09-12 17:59 - 00016125 _____ C:\Users\XXXX XXXX\Documents\Kontoführung Zuwachssparen.ods
2013-09-12 17:58 - 2013-09-12 17:58 - 00508896 _____ C:\Users\XXXX XXXX\Documents\Geburtstagseinladung Heiko 30, 2011.odt
2013-09-12 17:55 - 2013-09-12 17:55 - 00010331 _____ C:\Users\XXXX XXXX\Documents\Geb.Kärtchen Ruth.ods
2013-09-12 17:54 - 2013-09-13 09:24 - 00018983 _____ C:\Users\XXXX XXXX\Documents\Filme sichern, Sicherungskopien auf externer Festplatte.ods
2013-09-12 17:53 - 2013-09-12 17:53 - 00011648 _____ C:\Users\XXXX XXXX\Documents\Ersatztelefonnummern für 0180-.ods
2013-09-12 17:52 - 2013-09-12 17:52 - 00017618 _____ C:\Users\XXXX XXXX\Documents\Jährlich durchzuführende Arbeiten Sommer- Herbst-Winter 13-14.ods
2013-09-12 17:26 - 2013-09-12 17:26 - 00019059 _____ C:\Users\XXXX XXXX\Documents\Durchzuführende Arbeiten 2012-2014.ods
2013-09-12 17:06 - 2013-09-12 17:06 - 00042865 _____ C:\Users\XXXX XXXX\Documents\Dinner for One (Cover vorn).odt
2013-09-12 17:05 - 2013-09-12 17:05 - 00012753 _____ C:\Users\XXXX XXXX\Documents\Dinner for One (Cover innen).odt
2013-09-12 17:04 - 2013-09-12 17:04 - 00011115 _____ C:\Users\XXXX XXXX\Documents\Betriebsstunden Kompressor.ods
2013-09-12 17:03 - 2013-09-12 17:03 - 00015330 _____ C:\Users\XXXX XXXX\Documents\Arbeitsblatt Guthaben Abbuchungen.odt
2013-09-12 16:02 - 2013-09-12 16:02 - 02397270 _____ C:\Users\XXXX XXXX\Documents\Film Girkhausen(Cover vorn).odt
2013-09-12 16:00 - 2013-09-12 16:00 - 00014567 _____ C:\Users\XXXX XXXX\Documents\Rund um den Kahlen Asten (Cover innen).odt
2013-09-12 15:57 - 2013-09-12 15:57 - 00014026 _____ C:\Users\XXXX XXXX\Documents\Film Girkhausen (Cover innen).odt
2013-09-12 15:19 - 2013-09-12 15:20 - 00001129 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 15:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-12 14:22 - 2013-09-12 15:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 14:22 - 2013-09-12 14:22 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\Malwarebytes
2013-09-12 14:22 - 2013-09-12 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-07 15:13 - 2013-09-16 20:56 - 00017729 _____ C:\Users\XXXX XXXX\Documents\Materialliste TV-Board.ods

==================== One Month Modified Files and Folders =======

2013-09-18 19:29 - 2013-09-18 19:29 - 01950524 _____ (Farbar) C:\Users\XXXX XXXX\Downloads\FRST64.exe
2013-09-18 19:29 - 2013-09-18 19:29 - 00000000 ____D C:\FRST
2013-09-18 19:28 - 2013-09-18 19:28 - 98159724 _____ C:\Windows\SysWOW64\㝷᭔9
2013-09-18 19:27 - 2013-09-18 16:21 - 00000112 _____ C:\Windows\setupact.log
2013-09-18 19:27 - 2013-07-28 15:48 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 19:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 16:37 - 2013-09-18 16:23 - 00014233 _____ C:\Windows\WindowsUpdate.log
2013-09-18 16:28 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 16:28 - 2009-07-14 06:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 16:21 - 2013-09-18 16:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 16:53 - 2013-07-28 15:48 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-17 16:49 - 2013-09-17 15:24 - 00018082 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Kerstin XXXX (mon. Belastungen).ods
2013-09-17 16:16 - 2013-05-31 19:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-17 14:51 - 2013-09-17 12:09 - 00021302 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht XXXX XXXX (mon. Belastungen).ods
2013-09-17 09:30 - 2013-05-31 19:23 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\vlc
2013-09-17 09:14 - 2013-09-13 10:18 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\dvdcss
2013-09-17 09:09 - 2011-04-12 09:43 - 00653928 _____ C:\Windows\system32\perfh007.dat
2013-09-17 09:09 - 2011-04-12 09:43 - 00129800 _____ C:\Windows\system32\perfc007.dat
2013-09-17 09:09 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 09:07 - 2013-09-17 08:34 - 00014660 _____ C:\Users\XXXX XXXX\Documents\Datensicherung auf externer Festplatte (Beschreibung).odt
2013-09-17 08:56 - 2013-09-17 08:56 - 00013986 _____ C:\Users\XXXX XXXX\Documents\TV-Board, Zuschnittliste.ods
2013-09-16 20:56 - 2013-09-07 15:13 - 00017729 _____ C:\Users\XXXX XXXX\Documents\Materialliste TV-Board.ods
2013-09-16 20:47 - 2013-09-13 13:31 - 00016035 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Heiko XXXX (mon. Belastungen).ods
2013-09-16 20:02 - 2013-09-16 20:02 - 97787879 _____ C:\Windows\SysWOW64\鿜쾣᭔„
2013-09-16 18:42 - 2009-07-14 06:45 - 00411680 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-16 18:18 - 2013-09-16 16:03 - 00000000 ____D C:\AdwCleaner
2013-09-16 17:26 - 2013-09-16 17:26 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\MAXON
2013-09-16 17:24 - 2013-09-16 17:24 - 00001192 _____ C:\Users\XXXX XXXX\Desktop\OpenOffice 4.0.0.lnk
2013-09-16 17:24 - 2013-09-16 17:24 - 00000000 ___SD C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2013-09-16 17:23 - 2013-08-17 20:03 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-16 17:22 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-16 17:20 - 2013-05-31 18:18 - 00000000 ____D C:\Windows\Panther
2013-09-16 17:18 - 2013-07-19 20:57 - 00000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-16 17:18 - 2013-05-31 20:43 - 00000000 ____D C:\Program Files\CCleaner
2013-09-16 17:14 - 2013-06-02 14:13 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-09-16 17:14 - 2013-05-31 17:27 - 00000000 ___RD C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-16 17:05 - 2013-05-31 17:27 - 00000000 ___RD C:\Users\XXXX XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-16 16:59 - 2013-09-16 16:59 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-16 16:57 - 2013-06-14 20:27 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2013-09-16 16:57 - 2013-06-02 18:38 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2013-09-16 16:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-16 16:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-09-16 16:36 - 2013-08-15 18:45 - 00000000 ____D C:\Windows\system32\MRT
2013-09-16 16:34 - 2013-05-31 18:54 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-16 16:15 - 2013-09-16 16:09 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-16 15:58 - 2013-05-31 17:26 - 00000000 ____D C:\Users\XXXX XXXX
2013-09-13 09:24 - 2013-09-12 17:54 - 00018983 _____ C:\Users\XXXX XXXX\Documents\Filme sichern, Sicherungskopien auf externer Festplatte.ods
2013-09-12 18:37 - 2013-09-12 18:36 - 00098448 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Ruth 2012.odt
2013-09-12 18:36 - 2013-09-12 18:36 - 05384295 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Kerstin 2012.odt
2013-09-12 18:35 - 2013-09-12 18:35 - 00231804 _____ C:\Users\XXXX XXXX\Documents\Weihnachten Heiko 2012.odt
2013-09-12 18:34 - 2013-09-12 18:34 - 00128287 _____ C:\Users\XXXX XXXX\Documents\Rund um den Kahlen Asten (Cover vorn).odt
2013-09-12 18:34 - 2013-09-12 18:34 - 00019953 _____ C:\Users\XXXX XXXX\Documents\Personenliste Film Girkhausen.ods
2013-09-12 18:10 - 2013-09-12 18:10 - 00013800 _____ C:\Users\XXXX XXXX\Documents\Monatliche Belastungen vom Kto. K.odt
2013-09-12 17:59 - 2013-09-12 17:59 - 00016765 _____ C:\Users\XXXX XXXX\Documents\Kontoübersicht Zuwachssparen DiBa Sparbrief.ods
2013-09-12 17:59 - 2013-09-12 17:59 - 00016125 _____ C:\Users\XXXX XXXX\Documents\Kontoführung Zuwachssparen.ods
2013-09-12 17:58 - 2013-09-12 17:58 - 00508896 _____ C:\Users\XXXX XXXX\Documents\Geburtstagseinladung Heiko 30, 2011.odt
2013-09-12 17:55 - 2013-09-12 17:55 - 00010331 _____ C:\Users\XXXX XXXX\Documents\Geb.Kärtchen Ruth.ods
2013-09-12 17:53 - 2013-09-12 17:53 - 00011648 _____ C:\Users\XXXX XXXX\Documents\Ersatztelefonnummern für 0180-.ods
2013-09-12 17:52 - 2013-09-12 17:52 - 00017618 _____ C:\Users\XXXX XXXX\Documents\Jährlich durchzuführende Arbeiten Sommer- Herbst-Winter 13-14.ods
2013-09-12 17:26 - 2013-09-12 17:26 - 00019059 _____ C:\Users\XXXX XXXX\Documents\Durchzuführende Arbeiten 2012-2014.ods
2013-09-12 17:06 - 2013-09-12 17:06 - 00042865 _____ C:\Users\XXXX XXXX\Documents\Dinner for One (Cover vorn).odt
2013-09-12 17:05 - 2013-09-12 17:05 - 00012753 _____ C:\Users\XXXX XXXX\Documents\Dinner for One (Cover innen).odt
2013-09-12 17:04 - 2013-09-12 17:04 - 00011115 _____ C:\Users\XXXX XXXX\Documents\Betriebsstunden Kompressor.ods
2013-09-12 17:03 - 2013-09-12 17:03 - 00015330 _____ C:\Users\XXXX XXXX\Documents\Arbeitsblatt Guthaben Abbuchungen.odt
2013-09-12 16:10 - 2013-05-31 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-12 16:10 - 2011-04-12 09:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-12 16:02 - 2013-09-12 16:02 - 02397270 _____ C:\Users\XXXX XXXX\Documents\Film Girkhausen(Cover vorn).odt
2013-09-12 16:00 - 2013-09-12 16:00 - 00014567 _____ C:\Users\XXXX XXXX\Documents\Rund um den Kahlen Asten (Cover innen).odt
2013-09-12 15:57 - 2013-09-12 15:57 - 00014026 _____ C:\Users\XXXX XXXX\Documents\Film Girkhausen (Cover innen).odt
2013-09-12 15:20 - 2013-09-12 15:19 - 00001129 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-12 15:20 - 2013-09-12 14:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-12 15:16 - 2013-05-31 19:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 15:16 - 2013-05-31 19:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 15:16 - 2013-05-31 19:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-12 15:13 - 2013-05-31 18:44 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-12 15:13 - 2013-05-31 18:32 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-12 15:13 - 2013-05-31 18:32 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-12 14:22 - 2013-09-12 14:22 - 00000000 ____D C:\Users\XXXX XXXX\AppData\Roaming\Malwarebytes
2013-09-12 14:22 - 2013-09-12 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 11:20 - 2010-10-22 19:30 - 00017094 _____ C:\Users\XXXX XXXX\Documents\Kontoführung Extra-Konto Ing-DiBa.ods
2013-08-25 12:20 - 2013-05-31 20:55 - 00114776 _____ C:\Users\XXXX XXXX\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-31 17:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


ADDITION.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by XXXX XXXX at 2013-09-18 19:30:35
Running from C:\Users\XXXX XXXX\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
ArcSoft Software Suite (x32)
aTube Catcher (x32 Version: 2.9.1462)
Avira Antivirus Premium (x32 Version: 13.0.0.4052)
AVM FRITZ!WLAN (x32)
Brother MFL-Pro Suite DCP-195C (x32 Version: 1.0.1.0)
CCleaner (Version: 4.05)
CrystalDiskInfo 5.6.2 (x32 Version: 5.6.2)
DVDfunSTUDIO (x32 Version: 2.5.006.0)
DVD-MovieAlbumSE 4 (x32 Version: 4.5.043.07)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.32.0)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
High-Definition Video Playback (x32 Version: 7.1.13400.42.0)
LUMIX Simple Viewer (x32 Version: 0.99.0000)
MAGIX Filme auf DVD 8 8.0.2.0 (D) (x32 Version: 8.0.2.0)
MAGIX Foto Manager 8 6.0.1.457 (D) (x32 Version: 6.0.1.457)
MAGIX Fotobuch 3.6 (x32 Version: 3.6)
MAGIX Online Druck Service 3.4.3.0 (D) (x32 Version: 3.4.3.0)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Screenshare 4.3.6.1987 (D) (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX USB-Videowandler 2 (x32 Version: 1.02.0000)
MAGIX Video deluxe 2013 Plus (Version: 12.0.3.4)
MAGIX Video deluxe 2013 Plus (x32 Version: 12.0.3.4)
MAGIX Video easy Rescue Your Videotapes 3 Update (Version: 2.0.2.1)
MAGIX Video easy Retten Sie Ihre Videokassetten! Edition (x32 Version: 2.0.2.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nero 10 ClipartPack (x32 Version: 10.2.10000.11.0)
Nero 10 Menu TemplatePack 1 (x32 Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 2 (x32 Version: 10.2.10000.0.0)
Nero 10 Menu TemplatePack 3 (x32 Version: 10.2.10100.1.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.2.10000.0.0)
Nero 10 Movie ThemePack 1 (x32 Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack 2 (x32 Version: 10.2.10100.1.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0)
Nero 10 Sample ImagePack (x32 Version: 10.2.10000.11.0)
Nero 10 Sample Videos (x32 Version: 10.2.10000.11.0)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Burning ROM 10 (x32 Version: 10.2.11000.12.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100)
Nero BurnRights 10 (x32 Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Control Center 10 (x32 Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.17400.8.2)
Nero CoverDesigner 10 (x32 Version: 5.2.10700.7.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000)
Nero DiscSpeed 10 (x32 Version: 6.2.10300.1.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Dolby Files 10 (x32 Version: 2.0.12100.0.10)
Nero Express 10 (x32 Version: 10.2.11100.12.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10100)
Nero InfoTool 10 (x32 Version: 7.2.10300.5.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000)
Nero MediaHub 10 (x32 Version: 1.2.12300.27.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Multimedia Suite 10 (x32 Version: 10.5.10500)
Nero Recode 10 (x32 Version: 4.8.10400.3.100)
Nero Recode 10 Help (CHM) (x32 Version: 10.5.10000)
Nero RescueAgent 10 (x32 Version: 3.2.10600.7.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000)
Nero SoundTrax 10 (x32 Version: 4.8.10200.1.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.5.10000)
Nero StartSmart 10 (x32 Version: 10.2.11100.10.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
Nero Vision 10 (x32 Version: 7.2.14700.9.100)
Nero Vision 10 Help (CHM) (x32 Version: 10.5.10000)
Nero WaveEditor 10 (x32 Version: 5.8.10400.2.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.5.10000)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PaperPort Image Printer 64-bit (Version: 1.00.0000)
Picasa 3 (x32 Version: 3.9)
ScanSoft PaperPort 11 (x32 Version: 11.2.0000)
Sigel Professional Label Software SE (x32)
Software der DVD Videokamera (x32 Version: 1.00.000)
TomTom HOME (x32 Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VLC media player 2.0.8 (x32 Version: 2.0.8)

==================== Restore Points  =========================

16-09-2013 16:22:05 Hirschi Wiederherstellungspunkt
16-09-2013 16:24:39 Wiederherstellungspunkt nach Virus

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {022FB60F-0467-4172-9601-033FB53F6A7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2321ADF8-9DBF-4DD8-975C-6C676FDCE2D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {6CBA84AF-648B-45E7-BB0A-C0FB5EEF1A41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {723CBA0E-F312-4764-A06F-7D04A4895304} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3000793201-4075148729-2800895205-1000
Task: {A8BB3604-5F05-40CA-8192-7D3F17812017} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12] (Adobe Systems Incorporated)
Task: {DB779452-7E07-492A-B857-30844A76F823} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {E08770F4-20E6-4F87-AE67-82CF56EE830E} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-31 18:01 - 2005-10-27 16:40 - 00229376 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\CmLibs2.dll
2013-05-31 18:01 - 2005-09-30 17:38 - 00122880 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\CmlibsEx.dll
2013-05-31 18:01 - 2005-09-30 17:38 - 00024576 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\CheckMarkCache.dll
2013-05-31 18:01 - 2005-09-30 17:23 - 00172032 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\PictureLib.pcp
2013-05-31 18:01 - 2005-04-25 20:01 - 00159744 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\IppJpeg.dll
2013-05-31 18:01 - 2005-09-30 17:39 - 00040960 _____ (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\LUMIXSimpleViewer\MjThumb.vcp
2008-07-09 23:06 - 2008-07-09 23:06 - 00029984 _____ (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\PPRecDiag.dll
2008-07-09 23:08 - 2008-07-09 23:08 - 00058656 _____ (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\XMAXUTIL.dll
2005-09-07 12:03 - 2005-09-07 12:03 - 00036864 _____ (Black Ice Software, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\blicectr.dll
2008-07-09 23:11 - 2008-07-09 23:11 - 02987296 _____ (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\MaxRes.dll
2008-07-09 23:11 - 2008-07-09 23:11 - 00136480 _____ (Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\BindRes.dll
2013-06-02 15:07 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-17 19:50 - 2013-08-17 19:50 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\XXXX XXXX\Documents\Unsere Soforthilfe bei Anschluss-Störungen.eml:OECustomProperty


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2013 07:28:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 04:22:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 05:10:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 05:07:44 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:44.092]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:42 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:42.548]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:41 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:41.003]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:39 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:39.459]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:37 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:37.914]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:36 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:36.370]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:34 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2013/09/17 17:07:34.826]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (09/18/2013 07:26:42 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/18/2013 07:26:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/18/2013 07:26:40 PM) (Source: atikmdag) (User: )
Description: EDID contain an error in the RangeLimit field

Error: (09/18/2013 07:26:40 PM) (Source: atikmdag) (User: )
Description: EDID contain an error in the RangeLimit field

Error: (09/18/2013 07:26:37 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (09/18/2013 07:26:37 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (09/18/2013 07:26:35 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (09/18/2013 04:21:08 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/18/2013 04:21:08 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/18/2013 04:21:07 PM) (Source: atikmdag) (User: )
Description: EDID contain an error in the RangeLimit field


Microsoft Office Sessions:
=========================
Error: (09/18/2013 07:28:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 04:22:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 05:10:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 05:07:44 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:44.092]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:42 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:42.548]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:41 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:41.003]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:39 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:39.459]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:37 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:37.914]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:36 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:36.370]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2

Error: (09/17/2013 05:07:34 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2013/09/17 17:07:34.826]: [00002976]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 1790.18 MB
Available physical RAM: 719.04 MB
Total Pagefile: 3580.36 MB
Available Pagefile: 2192.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System und Daten) (Fixed) (Total:297.99 GB) (Free:237.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Bitteschön...
__________________

Geändert von DatHirschi (18.09.2013 um 20:52 Uhr)

Alt 19.09.2013, 09:37   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Zeig mal bitte das Logfile von Avira.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2013, 14:03   #5
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Hab da nur noch Bruchstücke von...

Der einzige Fund ist folgender:
Code:
ATTFilter
C:\users\XXXX\AppData\Local\Temp\_yoFvJU5.zip.part soll eine hd.gallery_22300.exe drin gewesen sein,
die den TR/Ransom.Foreign.hjrz enthält...Datei wurde erfolgreich überschrieben und gelöscht
         


Alt 19.09.2013, 17:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> TR/Ransom.Foreign.hjrz

Alt 20.09.2013, 11:00   #7
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Also ich glaube wir sind chronologisch etwas durcheinander...

Der Avira-Log war überhaupt erst der Auslöser des ganzen. Danach kamen Tools wie OTL, MalwareBytes, AdwCleaner, FRST so ziemlich in dieser Reihenfolge zum Einsatz. Das FRST-Log ist der aktuellste Status...nur JRT fehlt noch - werden wir aber übers Wochenende laufen lassen.

Alt 20.09.2013, 15:29   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 15:26   #9
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Also hier jetzt in chronologischer Reihenfolge...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
XXXX XXXX :: XXXX [Administrator]

29.09.2013 15:10:12
mbam-log-2013-09-29 (15-10-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195827
Laufzeit: 4 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.005 - Bericht erstellt am 29/09/2013 um 15:17:42
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXX XXXX - XXXX
# Gestartet von : C:\Users\XXXX XXXX\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\XXXX XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\7f00v1po.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1512 octets] - [16/09/2013 16:03:37]
AdwCleaner[R1].txt - [954 octets] - [16/09/2013 16:08:37]
AdwCleaner[R2].txt - [1013 octets] - [16/09/2013 16:15:45]
AdwCleaner[R3].txt - [1073 octets] - [16/09/2013 18:18:16]
AdwCleaner[R4].txt - [1136 octets] - [29/09/2013 15:16:45]
AdwCleaner[S0].txt - [1451 octets] - [16/09/2013 16:05:29]
AdwCleaner[S1].txt - [1058 octets] - [29/09/2013 15:17:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1118 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by XXXX XXXX on 29.09.2013 at 15:23:02,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\XXXX XXXX\AppData\Roaming\mozilla\firefox\profiles\7f00v1po.default\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2013 at 15:28:00,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 29.09.2013, 18:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 18:54   #11
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Probleme eigentlich nur gesundheitlich, aber der Rechner läuft sagt man mir.

Alt 30.09.2013, 08:45   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Mach bitte noch obige Sachen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 13:50   #13
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Ok, aber wird wohl wieder etwas dauern...

Alt 30.09.2013, 19:40   #14
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



kein Ding
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 14:16   #15
DatHirschi
 
TR/Ransom.Foreign.hjrz - Standard

TR/Ransom.Foreign.hjrz



Kurze Zwischenmeldung: Wurde benachrichtigt, weil besagter Rechner wieder "Desktop wird vorbereitet" anzeigt und ewig zum Hochfahren braucht. Klingt für mich nach nem Update, aber in den letzten Tagen gabs doch keins???

Antwort

Themen zu TR/Ransom.Foreign.hjrz
adobe, adobe reader xi, antivir, avg, avira, browser, computer, crystaldiskinfo, email, error, explorer, fehler, firefox, flash player, format, hijack, home, homepage, iexplore.exe, install.exe, installation, logfile, registry, rundll, schutz, security, software, stick




Ähnliche Themen: TR/Ransom.Foreign.hjrz


  1. deeprybka: Trojan-Ransom.Win32.Foreign ist weg
    Lob, Kritik und Wünsche - 29.06.2014 (1)
  2. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Trojan.Ransom.Win32.Foreign.kvfa gefunden in C:\Documents and Settings\Carmen\Downloads\2014_05rechnungonline_8290485236sign.zip
    Log-Analyse und Auswertung - 01.06.2014 (21)
  4. lenovo x61 mit Win 7, Trojan-Ransom.Win32.Foreign.doov und weitere
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (5)
  5. Meldung von ZoneAlarm: Trojan-Ransom.Win32.Foreign.fvto erkannt
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (19)
  6. trojan-ransom.win32.foreign.bnpm entdeckt in e-mail anhang!
    Log-Analyse und Auswertung - 19.07.2013 (4)
  7. Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (15)
  8. Trojanische Pferd TR/Ransom.Foreign.dtbb
    Log-Analyse und Auswertung - 09.07.2013 (21)
  9. trojan-ransom.win32.foreign.dfos eventuell versehentlich geöffnet
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (14)
  10. Mahnungsmail mit ZIP Datei - Trojan-Ransom.Win32.Foreign.cjue
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (30)
  11. Ransom.Win32.Foreign / Trojan-Downloader.Java / Exploit.Java (Bildschirm weiß)
    Log-Analyse und Auswertung - 19.05.2013 (6)
  12. Trojan-Ransom.Win32.Foreign.abjw
    Log-Analyse und Auswertung - 23.04.2013 (11)
  13. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  14. Trojaner ( TR/ransom.foreign.acdb.1) von Avira entdeckt, Outlook funktioniert nicht mehr, PC langsam
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (2)
  15. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  16. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  17. Bundestrojaner Trojan-Ransom.win32.Foreign.oja usw.
    Log-Analyse und Auswertung - 14.05.2012 (17)

Zum Thema TR/Ransom.Foreign.hjrz - Servesa! Könnte hier mal jemand drüberschauen? Ist ein 64bit-Windows 7-System. Haben diverse Programme suchen lassen und kommt nicht viel dabei raus. Computer wird wöchentlich mit Avira Premium gescannt. Beim letzten - TR/Ransom.Foreign.hjrz...
Archiv
Du betrachtest: TR/Ransom.Foreign.hjrz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.