Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2011, 20:43   #1
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



Hallo,
(hoffe in der richtigen Abteilung gelandet zu sein, sonst verschieben)
ich hatte mir am 28.8.11 einen BKA- Winlock eingefangen und mit der Rescue- CD von Dr. Web nach ca. 60 STD. scannen entfernt (also HEUTE ), AVIRA-Rescue-CD fand nach 6 STD. erstmal nichts.

So nun würde ich gern soweit sicher gehen das das Zeug überschrieben ist, ohne das ich Vista unbedingt ganz neu aufsetzen muß.

Unter XP wusste ich noch > booten " abgesicherter modus mit eingabeaufforderung" dann irgendwie "fixmbr" und dann noch was (ist schon länger her und fast vergessen). Dann mit Tool ala defraggler freien bereich überschreiben bzw. formatieren.

Bei Vista fand ich aber leider nichts derartiges bei der eingabeauffoderung.
Schreib Momentan der Sicherheit wegen vom alten XP- Rechner (staub-hust-).
Oder habt ihr ein neueres "roundabout" für nach (Boot-)Virus?


mfg
bodobob
h.w.

Geändert von bodobob (01.09.2011 um 20:50 Uhr)

Alt 02.09.2011, 06:55   #2
kira
/// Helfer-Team
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 02.09.2011, 17:39   #3
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



Hier erst mal von otl (der infekt war bei 2. User-Scann aber im admin gemacht-):

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.09.2011 16:06:38 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = D:\Users\ii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free
13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32
Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32
 
Computer Name: comp* | User Name: ii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\ii\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\MalwarebytesAnti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\TomTomHOME2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Programme\BisonCam\BsMnt.exe ()
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Programme\Notepad++\NppShell_01.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Programme\BisonCam\BsMnt.exe ()
MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- D:\TomTomHOME2\TomTomHOMEService.exe (TomTom)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte)
DRV - (AVerFx2hbtv) -- C:\Windows\System32\drivers\AVerFx2hbtv.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI Corporation)
DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI Corporation)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 32 4A B1 6C 5F CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.02 15:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.02 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MyPoi Monitor] C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.02.02 16:07:20 | 000,000,271 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.02 16:03:04 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.02 16:02:12 | 000,723,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.02 16:02:12 | 000,674,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.02 16:02:12 | 000,131,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.02 16:02:11 | 000,160,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.02 15:56:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.02 15:54:35 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.02 15:54:33 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.02 15:54:10 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.02 15:54:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.02 15:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\ii\AppData\Local\d3d9caps.dat
[2011.09.02 15:45:23 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.09.02 15:39:13 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:33:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe
[2011.09.01 18:41:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.01 18:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.08.06 03:36:07 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv
[2011.08.06 03:34:39 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66******.csv
[2011.08.05 03:13:52 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2011.08.04 16:54:38 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 15:39:13 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.08.06 03:36:07 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv
[2011.08.06 03:34:38 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****.csv
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\ii\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\ii\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\ii\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\ii\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,190 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,160,622 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,674,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,131,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
         
--- --- ---

[/code]

und otl-extra
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.09.2011 16:06:38 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = D:\Users\ii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free
13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32
Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32
 
Computer Name: comp* | User Name: ii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | 
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | 
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system | 
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | 
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system | 
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system | 
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system | 
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system | 
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | 
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system | 
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe | 
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system | 
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe | 
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe | 
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe | 
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | 
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe | 
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe | 
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe | 
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe | 
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe | 
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system | 
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe | 
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | 
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe | 
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | 
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe | 
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" =  WD Align System Utility 2.0 (Retail) - Powered By Paragon™  
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.09.2011 09:20:56 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = EventSystem | ID = 4609
Description = 
 
Error - 02.09.2011 09:54:36 | Computer Name = comp* | Source = LCSVRHIS | ID = 1
Description = 
 
Error - 02.09.2011 09:54:57 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.09.2011 09:55:05 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.09.2011 09:55:31 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 02.09.2011 09:56:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 3026
Description = 
 
Error - 02.09.2011 09:59:29 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = DCOM | ID = 10005
Description = 
 
Error - 02.09.2011 09:21:15 | Computer Name = comp* | Source = DCOM | ID = 10005
Description = 
 
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

nun CCleaner prg´s

Code:
ATTFilter
 WD Align System Utility 2.0 (Retail) - Powered By Paragon™  	Paragon Software	13.09.2010	43,1MB	90.00.0003
7-Zip 4.65		25.08.2009	4,28MB	
Acronis True Image WD Edition	Acronis	13.09.2010	118,3MB	13.0.14010
Adobe Digital Editions		29.07.2011	9,42MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.06.2011		10.3.181.26
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.07.2011		10.3.181.26
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	12.07.2011		9.4.5
Adobe SVG Viewer 3.0		01.12.2009	3,22MB	 3.0
Aspell English Dictionary-0.50-2	GNU	05.10.2010	13,4MB	
Aspell German Dictionary-0.50-2	GNU	05.10.2010	13,4MB	
AVerMedia A827 series driver 1.0.0.88	AVerMedia TECHNOLOGIES, Inc.	25.08.2009	1,26MB	1.0.0.88
AVerMedia MCE Encoder x86 3.0.1.5	AVerMedia Technologies, Inc.	25.08.2009	0,50MB	3.0.1.5
AVerMedia Media Center Plug-ins 20.09.02.02	AVerMedia TECHNOLOGIES, Inc.	25.08.2009	2,66MB	20.09.02.02
AVerTV	AVerMedia Technologies, Inc.	25.08.2009	55,8MB	6.0.18
Avira AntiVir Premium	Avira GmbH	11.07.2011	75,6MB	10.2.0.719
Azurewave Wireless LAN	RaLink	30.09.2009	2,42MB	1.00.0000
BenVista PhotoZoom Classic 2.0	BenVista Ltd	24.08.2011	6,95MB	2.0
Bison Webcam	Bison Webcam	25.08.2009	5,39MB	7.96.701.12a
Brother MFL-Pro Suite MFC-490CW	Brother Industries, Ltd.	25.08.2009	9,67MB	1.1.5.0
calibre	Kovid Goyal	20.08.2011	119,7MB	0.8.15
CCleaner	Piriform	01.09.2011	1,96MB	3.10
Compatibility Pack für 2007 Office System	Microsoft Corporation	16.06.2011		12.0.6425.1000
Defraggler	Piriform	23.05.2011	2,13MB	2.05
ElsaWin		01.12.2009	8.040MB	
FinePrint		25.08.2009		
GNU Aspell 0.50-3	GNU	05.10.2010	13,4MB	
Google Earth	Google	28.09.2010	85,4MB	5.2.1.1588
HP USB Disk Storage Format Tool		28.09.2010	0,61MB	
InfraRecorder		08.09.2010	6,27MB	
Intel(R) Matrix Storage Manager	Intel Corporation	24.08.2009	8,99MB	
Intel(R) PROSet/Wireless WiFi Software	Intel(R) Corporation	27.09.2009	78,9MB	12.00.0004
IsoBuster 2.0	Smart Projects	14.09.2010	5,51MB	2.0
Java(TM) 6 Update 22	Sun Microsystems, Inc.	19.09.2010	94,5MB	6.0.220
locr GPS Photo	locr	20.03.2010	0,41MB	1.2.3
Malwarebytes' Anti-Malware Version 1.51.1.1800	Malwarebytes Corporation	01.09.2011	4,40MB	1.51.1.1800
MaxPunkte Ver. 6.2.5		27.06.2010	10,9MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	25.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	25.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	70,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.06.2010	14,7MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	24.08.2011	19,4MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	24.08.2011	3,91MB	4.0.30319
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	16.06.2011		10.0.6626.0
Microsoft Office XP Web Components	Microsoft Corporation	15.09.2010		10.0.6626.0
Microsoft Silverlight	Microsoft Corporation	16.06.2011		4.0.60531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	25.08.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	25.08.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	16.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	16.09.2010	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	24.08.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,58MB	9.0.30729.6161
Mobile Partner	Huawei Technologies Co.,Ltd	05.01.2011		11.302.09.04.528
Mozilla Firefox (3.6.17)	Mozilla	23.05.2011	19,0MB	3.6.17 (de)
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	14.07.2010	34,00KB	4.20.9841.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.07.2010	34,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	14.07.2010	1,34MB	4.20.9876.0
MyPoi Manager	MyPoi World	04.04.2011	23,5MB	1.6.0.90
Nokia Connectivity Cable Driver	Nokia	22.03.2011	3,27MB	7.1.36.0
Nokia Map Loader	Nokia	14.07.2010	4,05MB	3.0.28
Nokia PC Suite	Nokia	22.03.2011	28,7MB	7.1.60.0
Nokia Software Updater	Nokia Corporation	04.08.2011	45,4MB	02.06.006.44298
Notepad++		05.10.2010	5,85MB	5.8.1
NVIDIA Drivers	NVIDIA Corporation	25.08.2009		1.4
PC Connectivity Solution	Nokia	22.03.2011	12,9MB	10.50.2.0
pdfFactory Pro		25.08.2009		
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	25.08.2009	1,67MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	25.08.2009	9,29MB	6.0.1.5730
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	25.08.2009	1,50MB	6.0.6000.20111
Recuva	Piriform	09.11.2010	1,36MB	1.38
Samsung New PC Studio	Samsung Electronics Co., Ltd.	17.03.2011	175,5MB	1.00.0000
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	17.03.2011	20,5MB	1.3.650.0
Samsung_MonSetup	Samsung	16.09.2010	1,78MB	1.00.0000
Send To Toys v2.5	Gabriele Ponti	12.06.2010	1,13MB	
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)		20.03.2010		
SnadBoy's Revelation v2	SnadBoy Software	05.07.2011	0,15MB	2.0.1.100
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	26.08.2009	29,7MB	9.0.0
TomTom HOME 2.8.2.2264	TomTom	20.06.2011	48,8MB	2.8.2.2264
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	16.08.2010	1,88MB	1.0.2
UltraISO Premium V9.36		28.09.2010	4,43MB	
VLC media player 1.0.1	VideoLAN Team	25.08.2009	72,7MB	1.0.1
WD Align - Powered by Acronis	Acronis	13.09.2010	47,0MB	1.0.316
WD Drive Manager (x86)	Western Digital	25.08.2009	3,99MB	2.103
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	22.03.2011		08/22/2008 7.0.0.0
X10 Hardware(TM)		29.08.2009	32,00KB
         
Malwarebytes scan:

Code:
ATTFilter
Datenbank Version: 7637

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

02.09.2011 16:59:28
mbam-log-2011-09-02 (16-59-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1079172
Laufzeit: 54 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\D3DX8ab.dll (Trojan.FakeAlert) -> No action taken.
         


sch***e hab in Malwarebytes die falsche Taste erwischt, statt Abwahl die Auswahl entfernen.... totalAbsturtz und reboot mit HD- scann...
__________________

Alt 02.09.2011, 20:47   #4
kira
/// Helfer-Team
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
@Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo ::::::::  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 03.09.2011, 10:33   #5
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



Zitat:
Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
Nach der Malwarebytes- Panne versuchte ich nach Neustart nochmal Malwarebytes auszuführen um Änderungen rückgängig zu machen. Malwarebytes blockierte aber Vista kompl./ blieb hängen und rückgängig machen unmöglich (kein Protokoll, keine Quarantäne, etc.). Versuchte dann mit Piriform Recuva (??) die gelöschten Teile wieder zu finden. Danach über Vista- CD "Rep.BootLaufwerk" dann "Wiederherstellung zu früheren Zeitpunkt" (nach Zeitpunkt von BKA- Virus entfernen).

Ingesamt lahmt Vista sehr, auch im abgesicherten Modus ohne Netzwerk, auch nach Wiederherstellung (läuft etwa besser als davor), Malwarebytes startet, aber hängt.
(Bei allen Aktionen war Netzkabel abgesteckt)

Muß bei dem Otl-Script erst wieder User(ii) etc. (: (***) auf Original ändern, oder?

Bis So. Abend ist erst mal PC- Pause bei mir. Dann kommt auch Ergebnis Protokoll.

Und fürs Erste.

Grüsse...


Alt 04.09.2011, 03:48   #6
kira
/// Helfer-Team
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________
--> Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?

Alt 06.09.2011, 10:01   #7
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



hier der neue OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe
PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem
[2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre
[2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia
[2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++
[2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite
[2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX
[2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft
[2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking
[2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst
[2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung
[2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird
[2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom
[2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom
[2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis
[2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre
[2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale
[2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder
[2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad
[2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia
[2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++
[2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite
[2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX
[2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking
[2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment
[2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung
[2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF
[2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom
[2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job
[2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
         
--- --- ---


next...

Alt 06.09.2011, 10:04   #8
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



hier der neue OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: LAPTOP | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe
PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU
MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU
MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk)
DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01  [binary data]
IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M]
 
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions
[2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions
[2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com
[2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu
[2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware
[2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes
[2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware
[2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad
[2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools
[2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2
[2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe
[2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
[2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk
[2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt
[2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png
[2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg
[2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg
[2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg
[2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg
[2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg
[2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini
[2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache
[2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe
[2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe
[2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll
[2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys
[2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll
[2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll
[2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll
[2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll
[2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll
[2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll
[2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll
[2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat
[2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem
[2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre
[2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia
[2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++
[2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite
[2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX
[2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft
[2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking
[2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst
[2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung
[2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird
[2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom
[2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom
[2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis
[2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre
[2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale
[2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder
[2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad
[2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia
[2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++
[2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite
[2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX
[2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking
[2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment
[2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung
[2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF
[2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom
[2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames
[2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job
[2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job
[2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr  Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com  EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty

< End of report >
         
--- --- ---

[/code]

next... egen Fehlermeldungen vom Board...

Alt 06.09.2011, 10:08   #9
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



-nach Fehlermeldungen vom Board-

und der Extra.txt

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
 
Computer Name: &&& | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | 
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system | 
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system | 
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | 
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | 
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system | 
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | 
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | 
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system | 
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system | 
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system | 
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system | 
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | 
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | 
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system | 
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | 
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | 
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe | 
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system | 
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe | 
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe | 
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe | 
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | 
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | 
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe | 
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe | 
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe | 
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | 
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe | 
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe | 
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system | 
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe | 
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | 
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | 
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | 
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | 
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe | 
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | 
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | 
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | 
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | 
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe | 
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" =  WD Align System Utility 2.0 (Retail) - Powered By Paragon™  
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"ElsaWin" = ElsaWin
"ETKA" = ETKA
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 03.09.2011 01:31:48 | Computer Name = &&& | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 03.09.2011 01:31:50 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.09.2011 01:52:53 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 03.09.2011 01:52:54 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.09.2011 02:22:20 | Computer Name = &&& | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.09.2011 02:38:49 | Computer Name = &&& | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Public\Downloads\dfsetup200\Defraggler64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 03.09.2011 00:50:35 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

P.S.: OTL- Scann für ALLE B.Konten!

SUPERAntiSpyware FREE Edition scan läuft bis Mittagspause (hope so)

Grüße nach Wien..

Alt 07.09.2011, 00:24   #10
bodobob
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Frage

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



SUPERAntiSpyware fand nur google- cockies (harmlose)

soll ich nun dein otl-script anwenden? >

Zitat:
Zitat von kira Beitrag anzeigen
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
[code]
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = ...

Alt 07.09.2011, 07:07   #11
kira
/// Helfer-Team
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



Ja, aus Posting #4 - 1., und 2., noch ausführen
Zitat:
Achtung wichtig!:

Die mit Stern gekennzeichneten Teile, musst Du durch die Originalbezeichnung ersetzen (z.B DeinName) und so in Script einfügen! sonst funktioniert nicht!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 10.09.2011, 07:27   #12
kira
/// Helfer-Team
 
Wie bei Vista nach BKA-Winlock den MBR  neu schreiben und freie Blöcke auf HD formatieren? - Standard

Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?



bitte kein PN, stell deine Fragen gleich hier in deinem Thread!
Posting #11 - bitte nochmal gründlich lesen, steht da was Du noch erledigen musst!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?
abgesicherter modus mit eingabeaufforderung, alten, aufsetzen, bereich, bka- winlock, blöcke, booten, defraggler, dr.web, eingabeaufforderung, eingefangen, entfernt, formatieren, formatieren?, heute, mbrtool, modus, neu, neu aufsetzen, rechner, scan, scannen, sicherheit, tan, tool, unbedingt, verschieben, virus, vista, winlock



Ähnliche Themen: Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?


  1. Windows 7 Problem nach dem formatieren
    Alles rund um Windows - 29.03.2014 (3)
  2. Formatieren ohne Windows-CD, Ursprungsbetriebsystem Vista, jetzt aber Win7
    Alles rund um Windows - 01.12.2013 (2)
  3. Nach GVU-Virus Windows Vista neu aufsetzen - aber Formatieren geht nicht
    Alles rund um Windows - 03.02.2013 (3)
  4. Windows Vista wieder sauber nach entfernen von Vista Recovery?
    Log-Analyse und Auswertung - 14.06.2011 (5)
  5. Laptop (mit Vista) formatieren
    Alles rund um Windows - 04.04.2010 (1)
  6. Windows Vista mit der Recovery Cd formatieren. [Acer,Aspire,7730G]
    Alles rund um Windows - 28.02.2010 (3)
  7. Internet langsam nach Formatieren
    Log-Analyse und Auswertung - 19.11.2009 (2)
  8. Virus nach formatieren immernoch da?
    Log-Analyse und Auswertung - 29.05.2009 (2)
  9. Torjaner nach formatieren wieder da
    Log-Analyse und Auswertung - 27.10.2008 (1)
  10. Formatieren (Vista)
    Alles rund um Windows - 23.08.2008 (3)
  11. Hilfe! nach Trojaner formatieren?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2008 (2)
  12. Problem nach formatieren
    Log-Analyse und Auswertung - 19.03.2008 (0)
  13. Virus nach mehrfachigem formatieren
    Plagegeister aller Art und deren Bekämpfung - 17.06.2007 (26)
  14. PC bleibt nach dem Formatieren hängen:(
    Alles rund um Windows - 16.11.2006 (10)
  15. PC nach Formatieren der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 24.12.2005 (3)
  16. nach formatieren wuam.exe auf dem pc was kann ich tun
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2004 (5)
  17. PHPNuke - Module,Blöcke,Buggys etc. - 36MB Download
    Alles rund um Windows - 25.04.2003 (5)

Zum Thema Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? - Hallo, (hoffe in der richtigen Abteilung gelandet zu sein, sonst verschieben) ich hatte mir am 28.8.11 einen BKA- Winlock eingefangen und mit der Rescue- CD von Dr. Web nach ca. - Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?...
Archiv
Du betrachtest: Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.