Trojaner / Malware TR/ATRAPS.Gen2 in C:\RECYCLER\S-1-5-18\...\80000032.@
Hallo liebe PC-Lebens-und-Funktionsretter,
gestern habe ich festgestellt, dass meine Antivirensoftware nicht richtig funktioniert hat. Daher habe ich die alten Scanner entfernt und AVIRA als Freeware neu installiert.
Seit dem schlägt im 2 Minuten Rhythmus der Sicherheitshinweis auf den TR/ATRAPS.Gen2 bei mir auf (über den Echtzeitscan). Der Sicherheitshinweis bietet zwar entfernen an, verschiebt aber nur. Bisher hat er das Biest schon 37 Mal in Quarantäne verschoben, aber es nimmt kein Ende. Da bis zu vier Prüfvorgänge gleichzeitig laufen, kann ich am PC im Moment nicht arbeiten oder nur, wenn ich AVIRA Echtzeitscan ausschalte.
Ich hoffe ihr könnt mir helfen - ich weiss nicht einmal, wie lange ich dieses Vieh schon habe.
Viele Grüße
Petra
Schritt 1: Defogger habe ich erledigt, wie es scheint problemlos
Schritt 2: OTL ist auch erledigt. Ich hoffe ich kann die Textdateien hier einfügen:
OTL.Txt:OTL Logfile: Code:
OTL logfile created on: 20.05.2013 20:11:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gamer\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,48 Mb Total Physical Memory | 274,20 Mb Available Physical Memory | 53,61% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,53% Paging File free
Paging file location(s): C:\pagefile.sys 2 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,66 Gb Total Space | 59,97 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 30,73 Gb Free Space | 31,47% Space Free | Partition Type: NTFS
Drive E: | 0,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 465,11 Gb Total Space | 388,13 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Computer Name: PIETIS-PC | User Name: Gamer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.20 20:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gamer\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.05.19 18:48:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.19 18:48:06 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.19 18:48:03 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.19 18:48:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.19 16:07:54 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.05.16 14:32:50 | 000,020,784 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
PRC - [2013.03.12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Online Games Manager\ogmservice.exe
PRC - [2013.02.27 13:24:40 | 001,013,552 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
PRC - [2012.12.21 17:27:46 | 000,057,008 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.10.04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.03.30 16:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Programme\Iminent\IMBooster\IMBooster.exe
PRC - [2010.12.18 19:33:58 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.30 09:50:00 | 002,189,784 | ---- | M] (Netop Business Solutions A/S) -- C:\Programme\Netop\Netop Remote Control\Host\NHSTW32.EXE
PRC - [2009.11.30 09:50:00 | 001,734,632 | ---- | M] (Netop Business Solutions A/S) -- C:\Programme\Netop\Netop Remote Control\Host\NHOSTSVC.EXE
PRC - [2009.10.12 17:58:12 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.12.10 02:17:34 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
PRC - [2002.07.23 18:58:06 | 000,012,288 | ---- | M] () -- C:\Programme\Winamp3\winampa.exe
PRC - [2001.11.15 12:08:40 | 001,216,512 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.19 18:48:21 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.05.16 14:32:50 | 000,020,784 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
MOD - [2013.05.16 14:32:02 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\jmdp\lmrn.dll
MOD - [2013.05.16 14:02:42 | 000,362,029 | ---- | M] () -- C:\WINDOWS\system32\jmdp\sqlite3.dll
MOD - [2013.02.27 13:24:40 | 001,013,552 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
MOD - [2013.02.27 13:21:38 | 000,028,160 | ---- | M] () -- C:\WINDOWS\system32\ImHttpComm.dll
MOD - [2013.02.15 04:31:19 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.01.09 06:21:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.09 06:18:25 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.09 06:17:35 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.09 06:14:25 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.09 06:14:07 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.30 16:45:12 | 000,016,360 | ---- | M] () -- C:\Programme\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 16:45:06 | 000,236,520 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 16:45:06 | 000,218,600 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 16:45:04 | 001,869,288 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 16:45:02 | 000,041,960 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 16:45:00 | 000,337,896 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2010.12.18 19:40:04 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010.08.01 01:29:04 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.10.12 17:58:12 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008.06.04 15:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll
MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.07.23 18:58:06 | 000,012,288 | ---- | M] () -- C:\Programme\Winamp3\winampa.exe
Extras.Txt:
OTL Extras logfile created on: 20.05.2013 20:11:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gamer\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,48 Mb Total Physical Memory | 274,20 Mb Available Physical Memory | 53,61% Memory free
1,22 Gb Paging File | 0,86 Gb Available in Paging File | 70,53% Paging File free
Paging file location(s): C:\pagefile.sys 2 766 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,66 Gb Total Space | 59,97 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 30,73 Gb Free Space | 31,47% Space Free | Partition Type: NTFS
Drive E: | 0,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 465,11 Gb Total Space | 388,13 Gb Free Space | 83,45% Space Free | Partition Type: NTFS
Computer Name: PIETIS-PC | User Name: Gamer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Netop\Netop Remote Control\Host\NHSTW32.EXE" = C:\Programme\Netop\Netop Remote Control\Host\NHSTW32.EXE:*:Enabled:NetOp NHSTW32.EXE (automatic setting) -- (Netop Business Solutions A/S)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Netop\Netop Remote Control\Host\NHSTW32.EXE" = C:\Programme\Netop\Netop Remote Control\Host\NHSTW32.EXE:*:Enabled:NetOp NHSTW32.EXE (automatic setting) -- (Netop Business Solutions A/S)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000044-DD6C-11DE-9950-0417A1A01290}" = Netop Remote Control Host
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E104AF0-EA49-11DE-AC07-005056C00008}" = Paragon Festplatten Manager™ 2010 Professional
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E3278D0-D3C4-4D1B-A264-C53EBB60FA36}" = Battle Tanks
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EBF5C73-D05A-485D-AB60-E557F9947359}" = Oracle VM VirtualBox 3.2.10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7782C171-0E16-47B7-805C-401080068B07}" = Iminent
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{914C2264-B2ED-4A31-BD53-27D1023EF6FC}" = TP-LINK Wireless Client Utility
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer 2013
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EEE6C374-6118-11DC-9C72-001320C79847}" = SweetPacks Toolbar For Firefox 1.13.0.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3cba5ea1a5cf02d3363c000474fb7a3e" = Hotel Mogul
"6821187bc24c9cc3a2fdd21f705822f3" = Virtual City
"7-Zip" = 7-Zip 4.65
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Strategic Command" = Advanced Strategic Command 2.4.0.0
"Ankh" = Ankh
"Ankh - Heart of Osiris" = Ankh - HdO
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle for Wesnoth 1.8.0" = Battle for Wesnoth 1.8.0
"BSW" = BrettspielWelt
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Dirty Split" = Dirty Split (remove only)
"ElsterFormular" = ElsterFormular
"FilesFrog Update Checker" = FilesFrog Update Checker
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Freeciv-2.2.0-gtk2" = Freeciv 2.2.0 (GTK+ client)
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"hp deskjet 5550 series" = hp deskjet 5550 series (nur entfernen)
"ie8" = Windows Internet Explorer 8
"IMBoosterARP" = Iminent
"LucasArts' Monkey4" = LucasArts' Monkey4
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Online Games Manager" = Online Games Manager v1.20
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"PhotoScape" = PhotoScape
"PokerTH 0.7.1" = PokerTH
"RealPlayer 12.0" = RealPlayer
"Rigs of Rods" = Rigs of Rods 0.36.2
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"ScummVM_is1" = ScummVM 1.2.0
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"UltraStar" = UltraStar 0.8.0
"VLC media player" = VLC media player 1.1.4
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WNLT" = SweetPacks Updater
"Wormux" = Wormux
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2013 09:12:45 | Computer Name = PIETIS-PC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 28.04.2013 22:02:58 | Computer Name = PIETIS-PC | Source = MPSampleSubmission | ID = 5000
Description =
Error - 10.05.2013 09:41:39 | Computer Name = PIETIS-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nss.exe, Version 3.7.2.5, fehlgeschlagenes
Modul pepidyn.dll, Version 1.0.0.68, Fehleradresse 0x000608f3.
Error - 19.05.2013 12:55:54 | Computer Name = PIETIS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.05.2013 12:55:54 | Computer Name = PIETIS-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.05.2013 14:19:40 | Computer Name = PIETIS-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 19.05.2013 15:08:07 | Computer Name = PIETIS-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 13.6.0.1262, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x4ebb74b2.
Error - 19.05.2013 15:58:51 | Computer Name = PIETIS-PC | Source = VSS | ID = 12292
Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse
mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x8007041d] ist ein Fehler aufgetreten.
Error - 19.05.2013 16:56:12 | Computer Name = PIETIS-PC | Source = COM+ | ID = 135763
Description = Transaktionen, die zur Unterstützung von Transaktionskomponenten erforderlich
sind, konnten von der Laufzeitumgebung nicht initialisiert werden. Stellen Sie
sicher, dass MS DTC ausgeführt wird.(DtcGetTransactionManagerEx(): hr = 0x8004d01
Error - 20.05.2013 01:45:23 | Computer Name = PIETIS-PC | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
[ System Events ]
Error - 19.05.2013 17:20:42 | Computer Name = PIETIS-PC | Source = VolSnap | ID = 393236
Description = Die Schattenkopie von Volume "C:" wurde aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 19.05.2013 19:01:00 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.05.2013 19:01:00 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.05.2013 19:01:00 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 20.05.2013 01:45:21 | Computer Name = PIETIS-PC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "VSS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error - 20.05.2013 01:45:38 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Volumeschattenkopie.
Error - 20.05.2013 01:45:38 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 20.05.2013 11:54:41 | Computer Name = PIETIS-PC | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.
Error - 20.05.2013 13:17:44 | Computer Name = PIETIS-PC | Source = VolSnap | ID = 393228
Description = Die Schattenkopie von Volume "C:" verfügte nicht über ausreichend
Vergleichsbereichsspeicherplatz, bevor es richtig installiert wurde.
Error - 20.05.2013 14:02:12 | Computer Name = PIETIS-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
< End of report >
--- --- --- |
Bitte lesen:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
SecurityCheck und:
