Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.07.2012, 11:29   #1
TowerPower
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Hallo,

ich habe in letzter Zeit mit steigender Frequenz ein Problem beim Hochfahren meines Windows XP-Rechners (x86). Meist kurz nach dem Einloggen kommt BlueScreen und der Rechner startet neu. Oft bleibt er beim Bios-Bildschirm dann hängen.

In der Ereignisanzeige taucht in zeitlichem Zusammenhang eine Meldung 'Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.' auf.

Nach Internet-Recherche scheint das mit Samsung und Brenner-Software in Verbindung gebracht zu werden. Ganz sicher, was StarOpen ist und ob es wirklich unproblematisch ist, scheint es aber nicht zu sein.

Daraufhin habe ich Malwarebytes Antimalware laufen lassen mit zwei Funden:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sim :: SIMPC2 [Administrator]

Schutz: Aktiviert

26.07.2012 10:42:22
mbam-log-2012-07-26 (11-17-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244598
Laufzeit: 34 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Documents and Settings\sim\Local Settings\Temp\is-2D0P9.tmp\Oleau64.dll (Spyware.Banker.Gen) -> Keine Aktion durchgeführt.
C:\Documents and Settings\sim\Local Settings\Temp\is-2D0P9.tmp\RMPly00.exe (Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Dann noch defogger und otl:

otl.txt
Code:
ATTFilter
OTL logfile created on: 26.07.2012 11:47:16 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Documents and Settings\sim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 76,27% Memory free
5,72 Gb Paging File | 4,98 Gb Available in Paging File | 87,16% Paging File free
Paging file location(s): F:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122,09 Gb Total Space | 32,31 Gb Free Space | 26,46% Space Free | Partition Type: NTFS
Drive D: | 343,67 Gb Total Space | 299,41 Gb Free Space | 87,12% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 1,05 Gb Free Space | 1,41% Space Free | Partition Type: NTFS
Drive H: | 8,19 Gb Total Space | 0,98 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
Drive J: | 3726,03 Gb Total Space | 3490,16 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
Drive L: | 1,99 Gb Total Space | 1,00 Gb Free Space | 50,15% Space Free | Partition Type: NTFS
Drive P: | 14,19 Gb Total Space | 7,70 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive Q: | 9,99 Gb Total Space | 9,99 Gb Free Space | 100,00% Space Free | Partition Type: NTFS
Drive R: | 9,99 Gb Total Space | 1,28 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive S: | 9,99 Gb Total Space | 1,81 Gb Free Space | 18,13% Space Free | Partition Type: NTFS
Drive X: | 14,19 Gb Total Space | 12,55 Gb Free Space | 88,47% Space Free | Partition Type: NTFS
Drive Y: | 4,19 Gb Total Space | 4,06 Gb Free Space | 96,79% Space Free | Partition Type: NTFS
 
Computer Name: SIMPC2 | User Name: sim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.26 11:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe
PRC - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012.07.05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012.03.11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.10.27 11:33:58 | 000,173,104 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.10.27 11:33:40 | 000,126,512 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011.10.27 11:33:28 | 000,142,384 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.02.04 14:18:14 | 000,408,590 | ---- | M] () -- D:\Programme\cygwin\usr\sbin\sshd.exe
PRC - [2010.05.03 17:13:24 | 001,063,936 | ---- | M] (DATEV eG) -- C:\Program Files\DATEV-SiPa-compact\DVcServ.exe
PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.08.29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008.04.18 04:59:06 | 000,430,080 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008.04.18 04:57:26 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () -- D:\Programme\cygwin\bin\cygrunsrv.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe
PRC - [2007.09.11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- D:\Programme\PhotoshopElements6\apdproxy.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2001.10.11 17:35:00 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.26 11:11:16 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\sim\Local Settings\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.10 03:53:28 | 014,278,144 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.07.10 03:52:52 | 000,538,112 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012.06.26 10:40:56 | 000,034,304 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.06.26 10:40:06 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012.06.26 09:04:16 | 000,043,520 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\ASF_cSharpAPI.dll
MOD - [2012.06.26 09:03:18 | 000,651,216 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.06.26 09:03:18 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.06.26 09:03:16 | 000,544,208 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.06.26 09:03:16 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.06.15 09:40:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.15 08:05:10 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.15 08:04:49 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 20:37:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012.06.14 20:36:26 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012.06.14 20:35:12 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.11 18:06:19 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.11 18:04:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 17:59:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 17:58:32 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012.05.11 17:58:18 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012.05.11 17:56:52 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012.05.11 17:56:37 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 17:56:23 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.12.19 19:59:44 | 000,068,424 | ---- | M] () -- C:\Program Files\Comodo\COMODO Internet Security\scanners\smart.cav
MOD - [2011.02.08 20:44:35 | 001,174,542 | ---- | M] () -- D:\Programme\cygwin\bin\cygcrypto-0.9.8.dll
MOD - [2011.02.04 14:18:14 | 000,408,590 | ---- | M] () -- D:\Programme\cygwin\usr\sbin\sshd.exe
MOD - [2010.08.15 02:54:51 | 000,010,766 | ---- | M] () -- D:\Programme\cygwin\bin\cygssp-0.dll
MOD - [2010.08.15 02:54:30 | 000,046,094 | ---- | M] () -- D:\Programme\cygwin\bin\cyggcc_s-1.dll
MOD - [2010.08.01 23:04:19 | 000,077,838 | ---- | M] () -- D:\Programme\cygwin\bin\cygz.dll
MOD - [2010.03.28 11:02:33 | 000,028,174 | ---- | M] () -- D:\Programme\cygwin\bin\cygwrap-0.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () -- D:\Programme\cygwin\bin\cygrunsrv.exe
MOD - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe
MOD - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
MOD - [2003.10.19 11:12:30 | 000,006,656 | ---- | M] () -- D:\Programme\cygwin\bin\cygcrypt-0.dll
MOD - [2001.10.11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.07.12 09:38:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.11.05 12:07:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.22 02:01:12 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2008.04.18 04:57:26 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008.03.18 12:28:46 | 000,068,096 | ---- | M] () [Auto | Running] -- D:\Programme\cygwin\bin\cygrunsrv.exe -- (sshd)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- D:\Programme\PhotoshopElements6\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006.05.26 04:50:24 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2005.02.15 11:14:26 | 000,106,496 | ---- | M] (cobra GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\APUpdService.exe -- (APUpdService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM303.sys -- (ZSMC303)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] --  -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.11 23:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.03.11 23:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.03.11 23:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.03.11 23:13:43 | 000,018,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2011.11.29 17:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.08.17 13:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 13:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 13:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 13:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.08 16:49:04 | 000,023,168 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCEX.sys -- (KOBCCEX)
DRV - [2009.10.08 16:48:56 | 000,083,840 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KOBCCID.sys -- (KOBCCID)
DRV - [2009.05.25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009.03.02 14:46:45 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008.04.16 09:27:04 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.07.13 14:11:04 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.07.05 14:55:58 | 000,043,392 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006.03.17 20:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006.02.07 13:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/burn4free/{057A21BE-5742-412A-86FA-5C1A75A739E2}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/
IE - HKCU\..\SearchScopes,DefaultScope = {1813469C-9626-4D00-A1E1-888676CEAFC7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1813469C-9626-4D00-A1E1-888676CEAFC7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/burn4free/{057A21BE-5742-412A-86FA-5C1A75A739E2}?q={searchTerms}
IE - HKCU\..\SearchScopes\{9759558C-5B11-4702-A9B4-B837A137A5BE}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.de/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 15:31:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.16 12:51:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.12.02 00:58:14 | 000,000,000 | ---D | M]
 
[2009.02.25 09:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Extensions
[2009.02.25 09:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Extensions\home2@tomtom.com
[2012.07.15 19:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions
[2010.01.07 20:23:03 | 000,000,000 | ---D | M] (mediaDownloader) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\{4dffd90c-a059-437c-99dd-d71975f219ba}
[2009.09.05 12:00:36 | 000,000,000 | ---D | M] (Download Embedded) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\dlembed@aeruder.net
[2012.06.18 10:21:18 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Documents and Settings\sim\Application Data\mozilla\Firefox\Profiles\oa7ztugj.default\extensions\webrank-toolbar@probcomp.com
[2011.06.07 16:13:00 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\Mozilla\Firefox\Profiles\oa7ztugj.default\searchplugins\search.xml
[2011.11.23 09:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.20 16:14:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.11 13:56:11 | 000,709,293 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OA7ZTUGJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.08.23 08:42:47 | 000,014,961 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OA7ZTUGJ.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI
[2012.07.18 15:31:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.10.30 18:34:42 | 000,039,424 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2004.11.13 05:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2012.06.20 21:47:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.20 21:47:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.20 21:47:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 21:47:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 21:47:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 21:47:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
 
O1 HOSTS File: ([2009.03.10 13:31:50 | 000,000,760 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 200.200.179.91 NPI0F2121
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files\DATEV-SiPa-compact\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] D:\Programme\PhotoshopElements6\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DVCServ] C:\Program Files\DATEV-SiPa-compact\DVCSERV.exe (DATEV eG)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range -  5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5)
O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.200.179.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FE0259C-FBD6-4941-A707-5D616A1BFB4A}: DhcpNameServer = 200.200.179.243
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/sim/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.13 17:30:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{44f9b6fa-0308-11de-be51-001731890ded}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell - "" = AutoRun
O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8a352676-0735-11de-be57-001731890ded}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 11:39:56 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe
[2012.07.26 10:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\Malwarebytes
[2012.07.26 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.26 10:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.07.26 10:38:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.26 10:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 15:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDFCreator
[2012.07.20 15:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\pdfforge
[2012.07.20 15:21:31 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2012.07.20 15:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.07.19 17:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Desktop\wapstar-cfg-pundit1
[2012.07.19 17:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Desktop\wapstar-cfg-gei
[2012.07.16 12:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Local Settings\Application Data\Sun
[2012.07.16 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.16 12:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sim\Application Data\Oracle
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 12:02:00 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012.07.26 11:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 11:39:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sim\Desktop\OTL.exe
[2012.07.26 11:38:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.26 11:28:43 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\sim\defogger_reenable
[2012.07.26 10:39:52 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 12:48:11 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012.07.24 12:35:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.20 15:21:40 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFArchitect.lnk
[2012.07.20 15:21:40 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2012.07.20 13:19:42 | 002,575,384 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\2003-10-21-22 Brass Bullet IMPROVED.zip
[2012.07.20 09:39:36 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Y sysadmin.lnk
[2012.07.19 16:53:37 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\winscp.rnd
[2012.07.16 15:04:19 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.07.16 14:16:36 | 000,298,423 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Rechnung Kohl Schneegitter 2012.pdf
[2012.07.16 08:29:21 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\sim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012.07.15 18:50:30 | 003,659,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.12 11:14:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.06 12:15:16 | 000,754,301 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\Antrag_20auf_20Befreiung_20von_20Zuzahlungen_20chronisch_20Kranke,property=Data.pdf
[2012.07.05 13:02:30 | 000,081,920 | ---- | M] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2012.07.04 20:46:47 | 000,150,318 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\System Architecture 2012-07-04.pdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 11:12:11 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sim\Local Settings\Application Data\PUTTY.RND
[2012.06.29 14:34:23 | 000,091,058 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv OUTPUT
[2012.06.29 10:08:53 | 000,032,890 | ---- | M] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv INPUT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.26 11:40:59 | 000,448,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012.07.26 11:28:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\sim\defogger_reenable
[2012.07.26 10:38:31 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 15:21:40 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFArchitect.lnk
[2012.07.20 15:21:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDFCreator.lnk
[2012.07.20 09:39:36 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Y sysadmin.lnk
[2012.07.16 14:16:36 | 000,298,423 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Rechnung Kohl Schneegitter 2012.pdf
[2012.07.06 12:15:16 | 000,754,301 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\Antrag_20auf_20Befreiung_20von_20Zuzahlungen_20chronisch_20Kranke,property=Data.pdf
[2012.07.06 07:17:06 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.04 20:49:01 | 000,032,890 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv INPUT
[2012.07.04 20:48:21 | 000,091,058 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\ru_retailer_1_1_5.csv OUTPUT
[2012.07.04 20:46:47 | 000,150,318 | ---- | C] () -- C:\Documents and Settings\sim\Desktop\System Architecture 2012-07-04.pdf
[2012.06.14 10:24:57 | 000,002,117 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\recently-used.xbel
[2012.05.24 13:23:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012.05.24 13:23:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012.05.24 13:23:55 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.05.24 13:23:55 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.05.24 13:23:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.04.04 13:26:20 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\Adobe PNG Format CS5 Prefs
[2012.01.31 18:01:40 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.10.20 10:57:42 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\EF3CDE0418.dll
[2011.09.14 11:58:46 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\default.rss
[2011.05.25 11:13:02 | 000,011,248 | ---- | C] () -- C:\Documents and Settings\sim\gsview32.ini
[2011.05.11 17:59:13 | 000,052,236 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.04.27 17:18:18 | 000,703,959 | ---- | C] () -- C:\WINDOWS\HPISExe.dat
[2010.11.03 23:10:39 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2010.08.25 13:14:28 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.05.14 10:21:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\winscp.rnd
[2009.09.11 18:27:58 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\PUTTY.RND
[2009.09.05 12:13:34 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\sim\default.pls
[2009.07.15 11:35:56 | 000,010,231 | ---- | C] () -- C:\Documents and Settings\sim\LotharSimon_SimonRam_elster_2048.pfx
[2009.01.12 15:45:24 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\sim\.appletviewer
[2007.08.31 17:01:45 | 000,089,930 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\NMM-MetaData.db
[2007.01.18 12:13:05 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\sim\.ganttproject
[2007.01.12 12:56:34 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.01 10:00:43 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sim\.java.policy
[2006.12.01 09:57:11 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\sim\Local Settings\Application Data\fusioncache.dat
[2006.09.29 10:44:33 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\sim\.cvspass
[2006.09.26 13:11:12 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\sim\.starteam
[2006.09.25 15:48:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\sim\Application Data\dm.ini
 
========== LOP Check ==========
 
[2009.01.28 17:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011.06.07 15:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2012.01.31 18:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010.04.21 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular
[2010.11.05 12:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010.11.04 10:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eXPert PDF 4
[2012.03.08 11:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2011.12.02 00:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011.09.27 19:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011.09.27 20:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012.01.25 13:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.12.13 08:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009.04.08 09:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\.visualvm
[2010.11.03 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\CAD-KAS
[2011.06.07 15:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Canneverbe Limited
[2012.01.25 13:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007.08.31 16:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Datalayer
[2009.03.23 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\DATEV
[2011.10.20 11:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\DJJava
[2012.03.30 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Dropbox
[2011.11.20 16:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\elsterformular
[2010.11.03 23:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\eXPert PDF Editor
[2012.06.12 11:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\FileZilla
[2006.11.20 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\InterTrust
[2008.01.31 17:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Juniper Networks
[2006.09.26 12:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Leadertech
[2012.03.08 15:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MediaMonkey
[2011.12.27 22:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MyPhoneExplorer
[2011.11.28 11:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\MySQL
[2011.12.02 01:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia
[2007.09.17 08:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia Multimedia Player
[2011.12.02 01:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Nokia Suite
[2011.12.01 12:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Notepad++
[2007.12.03 11:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\OfficeUpdate12
[2011.11.29 19:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Opera
[2012.07.16 12:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Oracle
[2011.09.27 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\PC Suite
[2012.07.20 15:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\pdfforge
[2011.12.13 08:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Samsung
[2008.08.11 16:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\streamripper
[2011.09.22 14:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Subversion
[2009.11.11 12:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\TextPad
[2011.06.07 16:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Toolbar4
[2012.05.24 13:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Video DVD Maker FREE
[2010.06.23 10:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Windows Desktop Search
[2009.06.08 08:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\Windows Search
[2012.05.24 12:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sim\Application Data\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
         
und

Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 26.07.2012 11:47:17 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Documents and Settings\sim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 76,27% Memory free
5,72 Gb Paging File | 4,98 Gb Available in Paging File | 87,16% Paging File free
Paging file location(s): F:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 122,09 Gb Total Space | 32,31 Gb Free Space | 26,46% Space Free | Partition Type: NTFS
Drive D: | 343,67 Gb Total Space | 299,41 Gb Free Space | 87,12% Space Free | Partition Type: NTFS
Drive F: | 74,53 Gb Total Space | 1,05 Gb Free Space | 1,41% Space Free | Partition Type: NTFS
Drive H: | 8,19 Gb Total Space | 0,98 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
Drive J: | 3726,03 Gb Total Space | 3490,16 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
Drive L: | 1,99 Gb Total Space | 1,00 Gb Free Space | 50,15% Space Free | Partition Type: NTFS
Drive P: | 14,19 Gb Total Space | 7,70 Gb Free Space | 54,29% Space Free | Partition Type: NTFS
Drive Q: | 9,99 Gb Total Space | 9,99 Gb Free Space | 100,00% Space Free | Partition Type: NTFS
Drive R: | 9,99 Gb Total Space | 1,28 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive S: | 9,99 Gb Total Space | 1,81 Gb Free Space | 18,13% Space Free | Partition Type: NTFS
Drive X: | 14,19 Gb Total Space | 12,55 Gb Free Space | 88,47% Space Free | Partition Type: NTFS
Drive Y: | 4,19 Gb Total Space | 4,06 Gb Free Space | 96,79% Space Free | Partition Type: NTFS
 
Computer Name: SIMPC2 | User Name: sim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Install\Uninstal.exe" = D:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" = C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI
"D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = D:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe -- (DATEV eG)
"D:\DATEV\PROGRAMM\Install\Uninstal.exe" = D:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Program Files\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Documents and Settings\sim\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sim\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13D2D749-7F84-4A63-A09E-3DFDBA4E03EF}" = DATEV Sicherheitspaket - compact
"{1444B16A-766B-4AD1-8AE8-F0C04C782E2F}" = MySQL Query Browser 1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21C1E6B6-8796-4EEE-ACF3-F318CEFC257C}" = Lexware buchhalter 2006
"{222AE20C-7693-4899-91A9-044597BF95EC}" = MSN Missile Launcher  V1.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{38766225-85FA-469B-A373-82BF1923A7E4}" = MySQL Workbench 5.2 CE
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4509D9E5-57F8-45B0-9091-4676D709FD7A}" = Microsoft SQL Server Native Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F702A4B-D39C-44E6-95A2-A6C9179303DB}" = WD Drive Manager (x86)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51A91-E7D3-11DB-A386-005056C00008}" = Canyon USB2.0 PC Camera
"{743dcba6-4391-450d-b3ca-92d4bc3a5e2e}" = Nero 9 Essentials
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C4DAB3-F63A-498F-8645-1E8D6B3EC543}" = Lexware info service aktualisierung 2006
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A2DA523-38FD-49DA-88E9-6BCDD7CCE9CF}" = MySQL Administrator 1.1
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C17851D-8495-4827-8E9A-52722E2EEE7B}" = Lexware Dao 350 Dao 360
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9762315F-29C6-488C-98D4-80CDE3418102}" = Lexware buchhalter 2006
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D942B1-E0C7-4AC7-8C2A-E4FD446BD3E2}" = cobra Component Update 02
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAE0048D-02E0-42E2-AED8-996995ADE4D4}" = MySQL Server 5.0
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{b86754dd-2ddb-4ac0-9015-cb487277254e}" = InCD Help
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}" = Enterprise Architect 4.00
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.0.0
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F49F760A-05DD-4424-BE2B-E084B9FDA9C0}" = Lexware buchhalter 2006
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"3271E907F27C989F2C244ACB3D32020E3DD3CA6F" = Windows Driver Package - Nokia Modem  (06/12/2006 6.81.0.21)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"Android SDK Tools" = Android SDK Tools
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DATEVB00000482.0" = DATEV Installation V.2.6
"ElsterFormular 11.3.0.4235" = ElsterFormular
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.5.3
"GanttProject" = GanttProject
"GIMP-2_is1" = GIMP 2.8.0
"GPL Ghostscript 9.02" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IntelliJ IDEA 11.0" = IntelliJ IDEA 11.0
"IntelliJ IDEA 9.0.2" = IntelliJ IDEA 9.0.2
"IrfanView" = IrfanView (remove only)
"khb_bh" = Lexware know how buchhaltung
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.52.1100" = Opera 11.52
"Paint Shop Pro 4.12 Shareware" = Paint Shop Pro 4.12 Shareware
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"Dropbox" = Dropbox
"Juniper Secure Meeting 5.5.0" = Juniper Networks Secure Meeting 5.5.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2012 04:31:41 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\TOMCAT 6.0\WEBAPPS\ZAPHOD\.SVN\ENTRIES> in the hash 
map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:  Ein an das
 System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 04.07.2012 01:33:02 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\NOTIFICATIONS.XML~>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 04.07.2012 01:33:02 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\OTHER.XML~>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 04.07.2012 01:33:09 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\FEATURE.USAGE.STATISTICS.XML>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 04.07.2012 01:33:09 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\.INTELLIJIDEA11\CONFIG\OPTIONS\FEATURE.USAGE.STATISTICS.XML>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 16.07.2012 10:16:22 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\RECENT\RECHNUNGEN (2).LNK>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 16.07.2012 10:16:22 | Computer Name = SIMPC2 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\SIM\RECENT\RECHNUNGEN (2).LNK>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
	Ein
 an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f) 
 
Error - 18.07.2012 02:39:22 | Computer Name = SIMPC2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 18.07.2012 03:06:41 | Computer Name = SIMPC2 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 24.07.2012 06:39:29 | Computer Name = SIMPC2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.265,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
[ OSession Events ]
Error - 01.12.2009 09:34:07 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 651
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03.12.2009 03:23:51 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 88324
 seconds with 4260 seconds of active time.  This session ended with a crash.
 
Error - 26.04.2010 07:07:51 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9571
 seconds with 1920 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2010 06:08:38 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102404
 seconds with 3180 seconds of active time.  This session ended with a crash.
 
Error - 04.06.2010 02:23:59 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71823
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error - 19.07.2010 01:51:21 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 260269
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2010 07:20:39 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.10.2010 03:49:42 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 235802
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 01.11.2011 09:46:12 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22011
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 07.02.2012 11:09:43 | Computer Name = SIMPC2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28679
 seconds with 960 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.07.2012 06:12:52 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 25.07.2012 07:12:58 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 25.07.2012 08:13:10 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 25.07.2012 09:16:18 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 25.07.2012 10:16:24 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 25.07.2012 11:16:37 | Computer Name = SIMPC2 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2FE0259C-FBD6-4941-A-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 26.07.2012 04:11:44 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.07.2012 04:16:26 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.07.2012 04:20:59 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 26.07.2012 05:42:47 | Computer Name = SIMPC2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
Nun kommt gleich noch Gmer (x86 System) dran...

Ich hoffe mal auf eine schnelle Antwort, da ich ja nach Anweisung nix machen soll an meinem System. Aber wer muss schon nix machen an seinem System...?

Alt 30.07.2012, 07:43   #2
TowerPower
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Leider hat bis jetzt niemand geantwortet. Vielleicht weil ich das gmer-log noch nicht geschickt habe? Anscheinend ist die Datei zu groß, um sie hier zu posten. Also, wenn sie jemand braucht, kann ich sie ja zuschicken oder sowas.

Außerdem habe ich einen Full Scan mit Malwarebytes gemacht:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
sim :: SIMPC2 [Administrator]

Schutz: Aktiviert

27.07.2012 17:37:16
mbam-log-2012-07-27 (23-30-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410039
Laufzeit: 2 Stunde(n), 11 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\program files\comodo\comodo internet security\quarantine\cfff7f3a-d15b-47e3-b8c3-86df61d76b7b.data (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Nun hoffe ich inständig, dass sich mal ein Wissender die Zeit nimmt, um sich das alles anzuschauen. Ich fürchte langsam, ich muss sonst den Rechner neu installieren. Davor graust es mir ziemlich.
__________________


Alt 31.07.2012, 07:38   #3
TowerPower
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Das Gmer-File vielleicht gezippt...?
__________________

Alt 31.07.2012, 07:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Ist das rein zufällig ein Büro-PC?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.07.2012, 07:59   #5
TowerPower
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Ich hatte mal eine Firma, ja. Und die ganzen verbundenen Laufwerke und so, die da noch aufscheinen, nutze ich noch, solange es funktioniert. Aber das geht ja langsam zu Ende, wie man sieht. Hab ich jetzt verloren? Ich weiss nicht, wie ich mit dem Problem umgehen soll :-(


Alt 31.07.2012, 08:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________
--> MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)

Alt 31.07.2012, 09:06   #7
TowerPower
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Na ok. Wenn ich es recht verstehe, ist da nichts zu retten. Eine IT-Abteilung habe ich auch nicht :-( Formatieren und Neuaufsetzen dann also... Trotzdem vielen Dank.

Alt 31.07.2012, 09:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Standard

MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)



Vergiss die Ausnahme nicht

Zitat:
Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Aber da du auf diesem Rechner wohl einen Banker drauf hast, wäre eine Neuinstallation schon angebracht
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)
.dll, 7-zip, abstürze, adobe, adware.agent, bho, bluescreen, easybox, entfernen, error, excel, expert pdf, explorer, firefox, flash player, fontcache, format, ftp, helper, installation, internet browser, logfile, ntdll.dll, office 2007, problem, realtek, registry, rundll, searchscopes, security, server, spyware.banker.gen, staropen, system, temp, udp, windows, windows internet



Ähnliche Themen: MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)


  1. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  2. Windows 7: Avira findet Trojaner TR/MSIL.Agent.cfgz und ADWARE/DomaIQ.AD
    Log-Analyse und Auswertung - 08.11.2013 (11)
  3. Antivir findet 3 infizierte Dateien 'EXP/Pidief.ej ; 'EXP/Java.HLP.A.1197; ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 09.08.2013 (9)
  4. Avira findet adware/Agent.aece.269
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (54)
  5. mbam findet C:\Program Files (x86)\DVBViewer TE2\update.exe (Spyware.Zbot)
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (37)
  6. Antivir findet ADWARE/Agent.Gaba.peg und TR/Agent.370144
    Log-Analyse und Auswertung - 09.07.2012 (5)
  7. Eset findet Win32/Adware Toolbar Dealio+35 funde von mbam
    Log-Analyse und Auswertung - 01.03.2012 (11)
  8. avira findet 'ADSPY/Agent.326608.1' [adware]
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (25)
  9. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  10. Malwarebytes findet Adware.Agent
    Log-Analyse und Auswertung - 19.12.2011 (1)
  11. MBAM findet "Adware.RelevantKnowledge"
    Log-Analyse und Auswertung - 01.10.2011 (5)
  12. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  13. Malwarebytes Antimalware findet "Trojan.Agent", MBAM/OTL Logs mit dabei
    Log-Analyse und Auswertung - 24.06.2011 (1)
  14. MBAM findet Trojan.Agent in C:\Windows\System32\WinSys2.exe
    Log-Analyse und Auswertung - 04.05.2009 (7)
  15. Spyware.banker ??
    Log-Analyse und Auswertung - 27.08.2008 (1)
  16. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  17. eScan findet powerreg scheduler Spyware/Adware (norton disk doctor.lnk)!
    Plagegeister aller Art und deren Bekämpfung - 29.05.2006 (1)

Zum Thema MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) - Hallo, ich habe in letzter Zeit mit steigender Frequenz ein Problem beim Hochfahren meines Windows XP-Rechners (x86). Meist kurz nach dem Einloggen kommt BlueScreen und der Rechner startet neu. Oft - MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt)...
Archiv
Du betrachtest: MBAM findet Spyware.Banker.Gen+Adware.Agent (Abstürze, Ereignis: StarOpen fehlt) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.