Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.07.2012, 21:17   #1
Fairlaine
 
BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? - Standard

BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?



Hallo,
ich hoffe jemand kann mir helfen. Ich habe seit gestern Abend laut Avira folgenden Virus auf meinem Windows7 64bit SP1 Rechner:
BOO/TDss.O
im Masterbootsektor HD0
im Bootsektor C
im Bootsektor D
im Bootsektor E
und kann auf fast alle Programme/Daten nicht mehr direkt zugreifen. Windows gaukelt mir vor die Programme/Daten sind weg, jedoch kann ich sie mit hilfe vom MiniXP der HirenbootCD noch sehen.
Wie bekomme ich die Bootsektoren wieder frei und wieder vollen zugriff auf meine Programme/Daten?
Folgendes habe ich schon gemacht:
OTL.txt zeigt folgendes:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.07.2012 18:46:36 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,23% Memory free
6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 11,34 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 164,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive E: | 195,32 Gb Total Space | 193,24 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive M: | 500,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-C2D | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.05 18:37:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.05.08 20:18:16 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:18:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:18:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.20 23:00:52 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.12.20 23:00:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.07.02 00:12:13 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.07.01 23:22:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008.10.14 21:38:56 | 000,623,992 | -H-- | M] (Adobe Systems Inc.) -- D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.14 20:56:26 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 20:18:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:18:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.20 23:00:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.02 00:12:13 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.07.01 23:22:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 20:18:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:18:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.07.01 14:48:43 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011.10.17 09:01:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011.07.01 20:30:16 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.11.25 18:36:06 | 000,077,248 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.11.25 18:32:01 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 8E 52 36 CB 5A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Apple\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: d:\Programme\Mozilla Firefox\components [2012.06.20 14:12:13 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2012.06.14 22:07:30 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.12 10:14:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 14:12:13 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.14 22:07:30 | 000,000,000 | -H-D | M]
 
[2011.07.01 12:26:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.29 09:32:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions
[2012.06.19 20:05:35 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.20 13:39:32 | 000,000,000 | -H-D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions\ich@maltegoetz.de
[2012.06.29 09:32:41 | 000,000,853 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\11-suche.xml
[2012.06.29 09:32:41 | 000,002,209 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 09:32:41 | 000,010,506 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\gmx-suche.xml
[2012.06.29 09:32:41 | 000,002,368 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\lastminute.xml
[2012.06.29 09:32:41 | 000,005,489 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\webde-suche.xml
[2012.05.20 13:39:32 | 000,697,058 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.01.13 23:29:15 | 000,022,508 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\PLUGIN@FILSH.NET.XPI
[2012.06.29 09:32:38 | 000,575,217 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEF29970-4176-4D28-8585-3D470B9C5E58}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Programme\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.12.07 13:42:16 | 000,000,128 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{00bbce86-a3d7-11e0-87df-002586e0167a}\Shell - "" = AutoRun
O33 - MountPoints2\{00bbce86-a3d7-11e0-87df-002586e0167a}\Shell\AutoRun\command - "" = P:\AutoRunCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 18:37:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.05 06:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.05 01:05:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.05 00:06:29 | 000,000,000 | -H-D | C] -- C:\Quarantine
[2012.07.04 20:15:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.07.03 23:00:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xperia
[2012.06.19 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.06.15 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray
[2012.06.14 22:14:23 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Stardock
[2012.06.14 22:14:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
[2012.06.14 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012.06.14 22:13:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\PackageAware
[2012.06.14 22:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.14 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.14 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.14 22:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.14 22:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012.06.14 21:00:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 18:37:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.05 18:36:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.07.05 18:34:32 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.05 18:34:22 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 18:34:22 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 18:29:12 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.07.05 18:29:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.05 18:29:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.05 18:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 18:26:12 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 20:21:48 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-CY0HKRlpkCFMZmr
[2012.07.04 20:21:48 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-CY0HKRlpkCFMZm
[2012.07.04 20:21:46 | 000,000,256 | -H-- | M] () -- C:\ProgramData\CY0HKRlpkCFMZm
[2012.07.04 20:15:25 | 000,000,256 | -H-- | M] () -- C:\ProgramData\nmPg9qm99WJQ1j
[2012.07.04 20:15:14 | 000,000,662 | -H-- | M] () -- C:\Users\***\Desktop\Data_Recovery.lnk
[2012.07.04 20:15:14 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-nmPg9qm99WJQ1jr
[2012.07.04 20:15:14 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-nmPg9qm99WJQ1j
[2012.07.04 19:31:19 | 000,346,360 | -H-- | M] () -- C:\ProgramData\ucQlpyNtnuJXT.exe
[2012.06.19 21:56:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.06.18 22:26:23 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.18 22:26:23 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 22:26:23 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 22:26:23 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 22:26:23 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 22:26:13 | 001,590,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 22:31:40 | 000,001,100 | -H-- | M] () -- C:\Users\***\Desktop\Windows Explorer.lnk
[2012.06.14 22:27:50 | 000,001,409 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk
[2012.06.14 22:27:35 | 000,000,779 | -H-- | M] () -- C:\Users\***\Desktop\WinRAR.lnk
[2012.06.14 22:27:17 | 000,002,723 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2007.lnk
[2012.06.14 22:27:11 | 000,002,703 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft Excel 2007.lnk
[2012.06.14 22:27:07 | 000,002,697 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft Word 2007.lnk
[2012.06.14 22:25:27 | 000,001,890 | -H-- | M] () -- C:\Users\***\Desktop\Avira Antivirus.lnk
[2012.06.14 22:05:19 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
[2012.06.14 20:56:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 20:52:59 | 002,320,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.07.05 18:36:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.07.05 18:34:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.07.04 20:21:48 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-CY0HKRlpkCFMZmr
[2012.07.04 20:21:48 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-CY0HKRlpkCFMZm
[2012.07.04 20:21:42 | 000,000,256 | -H-- | C] () -- C:\ProgramData\CY0HKRlpkCFMZm
[2012.07.04 20:21:23 | 000,254,712 | -H-- | C] () -- C:\ProgramData\CY0HKRlpkCFMZm.exe
[2012.07.04 20:15:14 | 000,000,662 | -H-- | C] () -- C:\Users\***\Desktop\Data_Recovery.lnk
[2012.07.04 20:15:14 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-nmPg9qm99WJQ1jr
[2012.07.04 20:15:14 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-nmPg9qm99WJQ1j
[2012.07.04 20:15:10 | 000,000,256 | -H-- | C] () -- C:\ProgramData\nmPg9qm99WJQ1j
[2012.07.04 20:14:59 | 000,254,712 | -H-- | C] () -- C:\ProgramData\nmPg9qm99WJQ1j.exe
[2012.07.04 19:33:35 | 000,346,360 | -H-- | C] () -- C:\ProgramData\ucQlpyNtnuJXT.exe
[2012.06.19 21:56:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.06.15 17:15:49 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.14 22:30:58 | 000,001,100 | -H-- | C] () -- C:\Users\***\Desktop\Windows Explorer.lnk
[2012.06.14 22:27:50 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk
[2012.06.14 22:27:35 | 000,000,779 | -H-- | C] () -- C:\Users\***\Desktop\WinRAR.lnk
[2012.06.14 22:27:17 | 000,002,723 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2007.lnk
[2012.06.14 22:27:11 | 000,002,703 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft Excel 2007.lnk
[2012.06.14 22:27:07 | 000,002,697 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft Word 2007.lnk
[2012.06.14 22:25:27 | 000,001,890 | -H-- | C] () -- C:\Users\***\Desktop\Avira Antivirus.lnk
[2012.06.14 22:05:18 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
[2012.01.08 11:32:37 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\60D87FA36A.sys
[2011.07.08 12:35:50 | 000,000,205 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2011.07.08 12:00:39 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2011.07.08 12:00:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2011.07.02 13:25:58 | 000,003,558 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.07.02 00:12:29 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.02 00:12:13 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.07.02 00:12:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.01 23:27:30 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011.07.01 22:08:06 | 000,007,675 | -H-- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.07.01 20:42:09 | 000,154,624 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 19:50:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.07.01 19:50:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
 
========== LOP Check ==========
 
[2011.07.01 21:40:26 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ACD Systems
[2011.07.01 23:57:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.07.13 08:48:21 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.06.19 21:56:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2011.09.01 21:56:20 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.08.20 09:40:06 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2011.08.20 10:03:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.06.14 22:14:23 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2012.07.05 18:29:12 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 07:08:49 | 000,003,150 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

die Extras.txt folgendes:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2012 18:46:36 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,23% Memory free
6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 11,34 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 164,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive E: | 195,32 Gb Total Space | 193,24 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive M: | 500,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8E8D3-1E88-4A49-BEF6-532E903027C2}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{04717527-9334-4DA1-8AE6-36C8BFB76BF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13EAE0D7-EFB1-42ED-B57F-12AD48033D22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1E9AA635-2C9E-4CFF-94D5-025D73DDDA50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EF18B5C-C968-4B38-9DAF-5FE490E2CB6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{274F758C-DA01-4CCF-A420-4116C92469AD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{326A5456-7BFD-4434-8291-2A5E997A9A6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{32FA9F24-16A1-4973-AED9-50C8B4F2F345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{39B3A56F-CB60-4AB2-B09A-8A8014908AC4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3DDF21BC-8633-40B4-8DE5-7487EB44E1A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46CFCB5E-4C0C-4D27-9BE3-D30337EB3DFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E72B51C-2A60-472A-A2D4-49DD60D4D719}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{71C0144A-DBA9-40D3-A13F-C0D8E90B72EB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{88624A7F-135B-41A1-BFBF-10CEBC0EA111}" = rport=445 | protocol=6 | dir=out | app=system | 
"{88ACC015-53BA-497C-BF9F-2B6117F66CA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8AE2C99F-8CA9-4CDF-AE45-226486C54767}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A8A6FAA1-9B44-43F0-9846-DD8EBE2C2522}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{B470F0FB-8B15-44DD-A3E8-48AD1D147BBD}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{C6B1F667-4C73-4443-84C1-128CE9C17155}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C817BD39-1471-458D-8870-C930695FED8E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB290E6D-596D-41EB-93B0-FF13E0C58C9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D718922C-C26F-438C-B14F-88E36EFBFF04}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E2A2D0AA-AA00-4BBD-A718-1D02301270BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E58C6827-2251-42B6-A9A2-4069B936491C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E6A68422-B845-4021-B14C-0679D7D3206D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F77C7CED-C415-473C-B312-9DF06A6F6B56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F828C42B-6F48-42A2-BF50-3D4B576196BE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA4717C-CB3B-4CC4-87A9-BAD49D57D06E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0EC6A848-1EC3-4EA2-96ED-72AD44943F68}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0ED15EC5-171D-4BD4-974B-C51BBB1D7D09}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2B5850B5-682A-4BCA-B0D1-97E44D858AA1}" = protocol=6 | dir=out | app=system | 
"{3C511D55-AABB-4CDB-8C6E-8C88F00FE1A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50DCA917-B1BE-42A4-B6A2-AB68647569CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52FC333B-65A0-4511-87DB-BB6E1C7DE89A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{541E2DB2-3DEC-46BB-933F-746169E684D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56D49510-9C40-43D9-B4F7-A20C08B724FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B026DE1-0916-4EAB-9AAE-23E2FBFD19BE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5B283AC1-47FD-4234-B35A-0EB1C5900A3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6099D706-6087-48FE-A165-44D8690E0610}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{61F8A610-1D97-49F7-BFD4-D5D3F05B2184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{884B926B-AAB9-4E46-93F0-1D88BD26E433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8CEB2C22-BFE5-458A-8344-CAB7CDE8E94D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{993D71E3-E302-4CF3-85B1-6539667519CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1A764A1-FAED-4307-99CE-6851DC4DA5F5}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{A32F9765-C2E5-4BA7-AA3B-911769D37F92}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AEA75EBD-8CDF-44B3-BE60-2FDF53A4A46C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF00E2A0-1085-4931-8512-260F7624861D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{B40CBDB2-6310-4577-BF5C-526263165FAC}" = dir=in | app=d:\programme\apple\itunes\itunes.exe | 
"{B44400FF-2C09-4188-8F8F-5EEBC6D2500B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B7170408-A54A-4351-B8F5-A0072F5EBA86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8BCA5A1-6B96-4044-AE60-FF850EC44A9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BB687EF0-1B44-48EB-8064-69F878A2EAAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C479BDBE-6FE1-4C92-BE85-B1006B0FDA7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C77D87E1-9885-4329-9DC4-A528B6AB72C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{CA1071AF-CC69-4910-8144-386EFD636876}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CB973B2F-AF54-41EF-8748-A8B0F88047B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DA60212B-3671-43C1-A21A-7D5FD38D296C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DCAF2C39-B8CC-45A3-AE67-AC8732F076E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E010B1E3-FD88-406D-AA0C-6FFF98A1214B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EFF9F43B-10B3-4A50-9EBA-9EAF883DE6D6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{FA249CF8-52AA-4F75-B0CF-D29E6D4D6535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFF02DB5-269E-41EA-964F-2720F7D0510D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{307831C7-A5EB-4369-8862-101E8903A848}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{73BC93BF-8317-4EEE-A554-3067C265096E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{ABE10EB1-2811-449E-8013-FB55CADBCACC}D:\programme\android\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\programme\android\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{5CBF1C02-15CB-4E39-88A2-7119B409667D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6F823711-A81B-4337-ACBF-254F4176D9E7}D:\programme\android\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\programme\android\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{DE341FEC-11E9-4368-B213-8887C5906735}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Home & Student Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{031340C8-1733-40FE-BF52-83B599021BA9}" = CorelDRAW Graphics Suite X5 - IPM HSE
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR} 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{356658C7-8C60-4A43-AF50-75CA8E642934}" = CorelDRAW Graphics Suite X5 - CZ
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48C503D7-15A0-414A-B32E-0EFFA13B68E2}" = CorelDRAW Home & Student Suite X5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CA12DA1D-25DD-4495-92D5-B1DE65D43C77}" = CorelDRAW Graphics Suite X5 - RU
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DriverTools" = DriverTools 1.0
"Fences" = Fences
"Flashtool" = Flashtool
"Hardcopy" = Hardcopy
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"PunkBusterSvc" = PunkBuster Services
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2012 02:26:01 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12e8    Startzeit:
 01cd503fc8671b91    Endzeit: 15    Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe

Berichts-ID:
 1c420a1c-bc33-11e1-911d-002586e0167a  
 
Error - 22.06.2012 02:26:26 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 118c    Startzeit:
 01cd503fe85d098a    Endzeit: 235    Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe

Berichts-ID:
 2f4344c4-bc33-11e1-911d-002586e0167a  
 
Error - 22.06.2012 07:32:20 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
 Zeitstempel: 0x43ac9d03  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ab3  ID des fehlerhaften
 Prozesses: 0xdbc  Startzeit der fehlerhaften Anwendung: 0x01cd506aac0f6f42  Pfad der
 fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ece1fc16-bc5d-11e1-911d-002586e0167a
 
Error - 22.06.2012 07:35:52 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1154    Startzeit:
 01cd506b27246312    Endzeit: 16    Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe

Berichts-ID:
 6a6c5cb6-bc5e-11e1-911d-002586e0167a  
 
Error - 22.06.2012 07:35:57 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
 Zeitstempel: 0x43ac9d03  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000371f3  ID des fehlerhaften
 Prozesses: 0x42c  Startzeit der fehlerhaften Anwendung: 0x01cd506b2e8e590f  Pfad der
 fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 6e771949-bc5e-11e1-911d-002586e0167a
 
Error - 22.06.2012 07:36:11 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: db0    Startzeit: 
01cd506b33fedc85    Endzeit: 0    Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe

Berichts-ID:
 75b3c29a-bc5e-11e1-911d-002586e0167a  
 
Error - 22.06.2012 11:18:14 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
 Zeitstempel: 0x43ac9d03  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xdc4  Startzeit der fehlerhaften Anwendung: 0x01cd50837d07676c  Pfad der
 fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 7bb47d4a-bc7d-11e1-911d-002586e0167a
 
Error - 04.07.2012 13:09:58 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
 Zeitstempel: 0x43ac9d03  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00033ab3  ID des fehlerhaften
 Prozesses: 0xaec  Startzeit der fehlerhaften Anwendung: 0x01cd5a07d337fc19  Pfad der
 fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 14c1391d-c5fb-11e1-b96c-002586e0167a
 
Error - 04.07.2012 13:10:56 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
 Zeitstempel: 0x43ac9d03  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e211319  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b9bc  ID des fehlerhaften
 Prozesses: 0x28d8  Startzeit der fehlerhaften Anwendung: 0x01cd5a07f75f64dd  Pfad der
 fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 375947fe-c5fb-11e1-b96c-002586e0167a
 
Error - 04.07.2012 13:22:30 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2a3c    Startzeit:
 01cd5a087a8a6a6b    Endzeit: 15    Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe

Berichts-ID:
 d32d87a6-c5fc-11e1-b96c-002586e0167a  
 
[ OSession Events ]
Error - 20.05.2012 07:39:22 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session 
lasted 10772 seconds with 3660 seconds of active time.  This session ended with 
a crash.
 
[ System Events ]
Error - 29.05.2012 05:22:09 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 05:22:11 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 05:22:32 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.05.2012 05:22:34 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 29.05.2012 10:54:58 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 10:54:59 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 10:54:59 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 10:55:00 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 29.05.2012 10:55:21 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.05.2012 10:55:22 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
 
< End of report >
         
--- --- ---

und MaleWareBytes zeigt folgendes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [administrator]

Protection: Disabled

05.07.2012 19:27:27
mbam-log-2012-07-05 (20-29-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 493514
Time elapsed: 57 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
E:\temp\20111101 Datensicherung von IDE Platten\Von ***\Laufwerk D\emails\Geschenk (PUP.Joke.Geschenk) -> No action taken.
C:\Users\***\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> No action taken.

(end)
         
und die Install.txt von CCleaner zeigt folgendes:
Code:
ATTFilter
ACDSee Pro	ACD Systems Ltd.	30.06.2011	57,3MB	8.0.67
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen	Adobe Systems Incorporated	30.06.2011	7.654MB	1.0
Adobe Flash Player 9 ActiveX	Adobe Systems, Inc.	30.06.2011	2,66MB	9.0.45.0
DAEMON Tools Lite	DT Soft Ltd	30.06.2011		4.40.2.0131
DAEMON Tools Toolbar	DT Soft Ltd	30.06.2011		1.1.7.0190
MediaMonkey 3.2	Ventis Media Inc.	30.06.2011		3.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.06.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.06.2011	2,94MB	4.0.30319
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	30.06.2011	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.06.2011	0,58MB	9.0.30729.4148
NVIDIA Grafiktreiber 275.33	NVIDIA Corporation	30.06.2011		275.33
NVIDIA Update 1.3.5	NVIDIA Corporation	30.06.2011		1.3.5
WinRAR		30.06.2011		
WinZip 15.0	WinZip Computing, S.L. 	30.06.2011	36,5MB	15.0.9411
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	01.07.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	01.07.2011	0,69MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	01.07.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	01.07.2011	0,59MB	9.0.30729.6161
PunkBuster Services	Even Balance, Inc.	01.07.2011		0.986
Hardcopy		07.07.2011		
Lidl-Fotos		07.07.2011		
ScanWizard 5		07.07.2011		
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	17.07.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	17.07.2011	1,33MB	4.20.9876.0
Nokia Connectivity Cable Driver	Nokia	11.08.2011	4,21MB	7.1.45.0
Nokia Ovi Suite	Nokia	11.08.2011		3.1.1.85
Nokia Ovi Suite Software Updater	Nokia Corporation	11.08.2011	43,4MB	02.07.004.45780
PC Connectivity Solution	Nokia	11.08.2011	19,9MB	11.4.19.0
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	11.08.2011		08/22/2008 7.0.0.0
Adobe Color Common Settings	Adobe Systems Incorporated	31.08.2011	9,20MB	1.0.1
Adobe ExtendScript Toolkit 2	Adobe Systems Incorporated	31.08.2011	16,4MB	2.0.2
Nokia PC Suite	Nokia	31.08.2011		7.1.62.1
Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)	Nokia	31.08.2011		02/25/2011 4.7
Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)	Nokia	31.08.2011		02/25/2011 7.01.0.9
DriverTools 1.0	Huawei Technologies Co.,Ltd	06.09.2011		1.0
Microsoft Office File Validation Add-In	Microsoft Corporation	14.09.2011	7,95MB	14.0.5130.5003
Ad-Aware	Lavasoft Limited	16.10.2011	34,1MB	9.5.0
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	17.10.2011	16,5MB	10.0.40219
Microsoft Office Home and Student 2007	Microsoft Corporation	27.10.2011		12.0.6612.1000
Google Earth	Google	19.12.2011	92,7MB	6.1.0.5001
Juniper Networks Host Checker	Juniper Networks	19.12.2011		7.1.0.19757
Juniper Networks, Inc. Setup Client	Juniper Networks, Inc.	19.12.2011	0,78MB	7.1.5.14305
Mozilla Firefox 9.0 (x86 de)	Mozilla	19.12.2011	36,4MB	9.0
Mozilla Firefox 9.0.1 (x86 de)	Mozilla	11.01.2012	37,1MB	9.0.1
CCleaner	Piriform	13.01.2012		3.14
Corel Graphics - Windows Shell Extension	Corel Corporation	13.01.2012	2,93MB	15.2.0.686
CorelDRAW Home & Student Suite X5 - Extra Content	Corel Corporation	13.01.2012		
CorelDRAW(R) Home & Student Suite X5	Corel Corporation	13.01.2012	4.425MB	15.2.0.686
Ghostscript GPL 8.64 (Msi Setup)	Corel Corporation	13.01.2012	22,5MB	8.64
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,24MB	8.0.50727.4053
ALDI NORD Bestellsoftware 4.11.0	ORWO Net	17.02.2012		4.11.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.02.2012	0,22MB	9.0.30729
Java(TM) 6 Update 31	Oracle	08.04.2012	95,1MB	6.0.310
Java(TM) 6 Update 31 (64-bit)	Oracle	08.04.2012	91,8MB	6.0.310
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	11.04.2012	121,5MB	10.1.3
Microsoft Office Live Add-in 1.5	Microsoft Corporation	17.04.2012	0,50MB	2.0.4024.1
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	21.04.2012	18,0MB	1.61.0.1400
Avira Free Antivirus	Avira	07.05.2012	104,8MB	12.0.0.1125
Microsoft Silverlight	Microsoft Corporation	08.05.2012	100,2MB	5.1.10411.0
Apple Software Update	Apple Inc.	26.05.2012	2,38MB	2.1.3.127
Bonjour	Apple Inc.	26.05.2012	2,04MB	3.0.0.10
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.06.2012	6,00MB	11.3.300.257
Apple Application Support	Apple Inc.	13.06.2012	61,0MB	2.1.9
Apple Mobile Device Support	Apple Inc.	13.06.2012	25,0MB	5.2.0.6
Fences		13.06.2012		
iCloud	Apple Inc.	13.06.2012	33,2MB	1.1.0.40
iTunes	Apple Inc.	13.06.2012	182,7MB	10.6.3.25
QuickTime	Apple Inc.	13.06.2012	73,3MB	7.72.80.56
Safari	Apple Inc.	13.06.2012	104,3MB	5.34.57.2
Fences	Stardock Corporation	14.06.2012		
FILSHtray	FILSH Media GmbH	14.06.2012	15,3MB	0.12
Microsoft .NET Framework 4 Extended	Microsoft Corporation	14.06.2012	52,0MB	4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	14.06.2012	10,7MB	4.0.30319
MyPhoneExplorer	F.J. Wechselberger	18.06.2012		1.8.2
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	19.06.2012	39,9MB	13.0.1
Defraggler	Piriform	20.06.2012		2.10
Flashtool	Androxyde	02.07.2012		0.8.0.0
7-Zip 9.20		04.07.2012
         
und TDSSKiller Logfile ist in der Anlage zusehen (ich hoffe das hat geklappt):

Ich frage frage mich, wie sich das Ding auf meinem Rechner einnisten konnte, trotz ständigem Laufen von aktuellen Avira, MaleWareBytes und Ad-Aware.

Ich habe mir aufm "sauberen" Zweitrechner die HirenbootCD15.1. erstellt.
Was kann/soll ich tun um den Störenfried loszuwerden? Ich hoffe das klappt ohne Formatierung, wenn es sich jedoch nicht verhindern läßt...
Ich hoffe ich habe nichts vergessen!

Ich freue mich über eine Rückmeldung!
Herzliche Grüsze,
Fairlaine

Geändert von Fairlaine (05.07.2012 um 21:48 Uhr) Grund: kleine Fehler behoben und Logfilezips angehängt

Alt 09.07.2012, 08:55   #2
kira
/// Helfer-Team
 
BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? - Standard

BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?



Hallo und Herzlich Willkommen!

Zitat:
Zitat von Fairlaine Beitrag anzeigen
Was kann/soll ich tun um den Störenfried loszuwerden?
ist die absolut sicherste Methode wäre dein System komplett neu zu installieren. Das ist IMMER die einzige Möglichkeit zum Säubern eines befallenen Systems. was die Malware bereits mit dem System angestellt bzw welche Spuren hinterlassen hat, kann man nicht wirklich einschätzen. Neuinstallation ist immer die schnellste und einfachste Lösung, meiner Meinung nach, da nie wieder nachvollziehbar ist, was der Schädling alles manipulliert hat:-> Technische Kompromittierung

gruß
kira
__________________

__________________

Antwort

Themen zu BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?
ad-aware, adobe after effects, antivir, autorun, avira, bho, bonjour, boo/tdss.o, bootsektor virus, cs3/contributeieplugin.dll, entfernen, error, firefox, flash player, frage, google earth, helper, home, install.exe, langs, logfile, microsoft office word, ntdll.dll, nvidia update, office 2007, popup, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, third party, virus, window7, windows



Ähnliche Themen: BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?


  1. BOO/TDSS.o Befall - was kann ich tun
    Plagegeister aller Art und deren Bekämpfung - 21.10.2014 (12)
  2. b00/tdss.0 Bootsektorvirus in MBR und in den Bootsektoren der USB-Sticks entdeckt
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (5)
  3. BOO/TDss.O Virus entfernen
    Log-Analyse und Auswertung - 02.05.2012 (40)
  4. BOO/Shertwil.L in (allen) Bootsektoren gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (22)
  5. BOO/Shertwil.L in (allen) Bootsektoren gefunden
    Log-Analyse und Auswertung - 19.11.2011 (1)
  6. Too/TDss.m entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (1)
  7. Kann BOO/TDss.M - Virus / Malware nicht entfernen!
    Log-Analyse und Auswertung - 20.10.2011 (37)
  8. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  9. BOO/Alureon.a in den Bootsektoren
    Plagegeister aller Art und deren Bekämpfung - 27.11.2010 (1)
  10. Rootkit.Win32.TDSS.mbr - Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 01.11.2010 (13)
  11. win32.tdss.rtk entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (14)
  12. TDSS-Rootkit entfernen - wie?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2010 (9)
  13. Anleitung Rootkit.TDSS entfernen
    Anleitungen, FAQs & Links - 19.01.2010 (0)
  14. Rootkit TDSS entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (54)
  15. Trojan.TDss.AP entfernen?
    Plagegeister aller Art und deren Bekämpfung - 19.01.2009 (6)
  16. Was sind Bootsektoren-Viren?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2005 (1)
  17. Partitionstabellen und Bootsektoren
    Netzwerk und Hardware - 15.08.2003 (5)

Zum Thema BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? - Hallo, ich hoffe jemand kann mir helfen. Ich habe seit gestern Abend laut Avira folgenden Virus auf meinem Windows7 64bit SP1 Rechner: BOO/TDss.O im Masterbootsektor HD0 im Bootsektor C im - BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?...
Archiv
Du betrachtest: BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.