TR/Crypt.ZPACK Bereinigung nicht erfolgreich

blaukiesel80 · 14.08.2010, 17:38

Hallo,

Antivir 10 Free hat bei mir gestern die Malware TR/Crypt.ZPACK festgestellt. Als ich auf "Details" in Antivir klickte, gab es zwar zusätzliche Informationen, aber Antivir 10 führt nun dieses Malware unter "Zugriff erlaubt". Ich wollte dass Antivir diesen beseitigt oder in Quarantäne nimmt, sehe aber nicht, wie ich das nachträglich ändern könnte.

Auszug Antivir 10 Ereignisse - Fund - Details:
"In der Datei 'C:\Windows\Temp\SBS_LIBNSIS_TEMP_20100713225807.968_ 19'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben"

Ich gehe davon aus, dass die Malware noch nicht beseitigt ist, da ich keine solche Information bisher gesehen habe (sh. Auffälligkeiten).

Mir ist nicht klar, welchen System Scan ich durchführen soll, der Schritt fehlt entsprechend nachstehend. Habe Vista 32 Bit Home Premium, achte auf aktuelle Versionen aller wesentlichen Anwendungen.

Die Infektion kam vermutlich über eine e-Mail, die ich von einem guten Bekannten erhielt, dessen Rechner wohl selbst befallen war.

Auffälligkeiten während der bisher m.E. gescheiterten Beseitigungsaktion:
- PC stürzte ab während Malwarebytes lief, sowohl bei einem Benutzerkonto als auch beim Administrator, auch nach Umbenennung. Start von einem weiteren Benutzerkonto in umbenannter Form funktionierte, aber kein Suchtreffer (Absturz: Bildschirm hat schwarze und bunte Querlinien)
- vor den Abstürzen fand Malwarebytes 10 infizierte Dateien; bei dem schliesslich erfolgten vollständigen Suchlauf (sh. unten) war kein Befall mehr zu erkennen
- Zusätzlich hatte ich noch den Rechner über F-Secure online prüfen lassen. F-Secure findet 0 Viren, aber 12 Spyware. Leider bekomme ich von F-Secure die Meldung, dass ein Teil des Rechners nicht durchsucht werden kann, da die entsprechenden Berechtigungen fehlen. Hm. Ich habe dieses Durchsuchen vom Administrator-Account gemacht, den ich sonst nicht für das Internet benutze. Nach Bestätigung dieses Hinweises beendete sich F-Secure online, so dass auch hier keine Beseitigung der Malware erfolgte.

Sorry falls die Formatierung etwas schief aussieht...

Danke im Voraus für eure Hilfe

CC-Cleaner Log (Temporäre Dateien o.ä. wurden beseitigt):
7-Zip 4.57 19.10.2008 2,86MB
Ad-Aware Lavasoft 06.08.2010 100,4MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 09.03.2010 10.0.45.2
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 12.06.2010 10.1.53.64
Adobe Reader 9.3.3 - Deutsch Adobe Systems Incorporated 29.06.2010 240,1MB 9.3.3
Adsen Image Grab Adsen Software 21.06.2008 0,92MB
ANNO 1602 Königs-Edition 03.06.2010 101,7MB 1.00
Apple Application Support Apple Inc. 26.06.2010 42,8MB 1.3.0
Apple Mobile Device Support Apple Inc. 26.06.2010 19,9MB 3.1.0.62
Apple Software Update Apple Inc. 12.11.2008 2,16MB 2.1.1.116
Ashampoo Magical Snap FREE ashampoo GmbH & Co. KG 19.08.2009 7,70MB 1.21
ATI Catalyst Install Manager ATI Technologies, Inc. 25.10.2009 13,8MB 3.0.745.0
Audiograbber 1.83 SE Audiograbber Deutschland 29.12.2008 1.83 SE
AutoUnpack 4.4.4 04.06.2009 4,95MB
AVIConverter Package Beta 04.01.2009 31,6MB Beta
Avira AntiVir Personal - Free Antivirus Avira GmbH 27.05.2010 75,2MB 10.0.0.567
AVS DVD Player version 2.4 Online Media Technologies Ltd. 14.04.2009 24,3MB
AVS Update Manager 1.0 Online Media Technologies Ltd. 17.04.2009 5,95MB
AVS4YOU Software Navigator 1.3 Online Media Technologies Ltd. 17.04.2009 3,54MB
BitTorrent 28.03.2009 1,00MB 6.4.0
Bloomberg, V.06.08.09 08.07.2009 633,5MB
Bonjour Apple Inc. 26.06.2010 0,76MB 2.0.2.0
Bus Simulator 2008 astragon Software GmbH 07.01.2010 836,5MB
C-Media USB Mass Storage Driver 10.08.2008
CCleaner Piriform 13.08.2010 2,91MB 2.34
CDBurnerXP CDBurnerXP 08.12.2009 11,2MB 4.2.7.1801
ClipGrab 3.0.4 Philipp Schmieder 22.01.2010 24,8MB
CloneCD SlySoft 07.11.2009 5,54MB
Colin McRae Rally 04 17.04.2009 2.549,4MB 1.00.000
COMPUTERBILD-Abzockschutz J3S 21.11.2009 2,17MB 1.0.24
ConsumerUpdate Fuzhou Rockchip 04.01.2009 1,19MB 2.61.0000
DHTML Editing Component Microsoft Corporation 15.06.2008 0,45MB 6.02.0001
Digital Camera Driver 22.05.2009 0,16MB
dm Fotowelt 30.11.2008 198,0MB
DNA BitTorrent Inc. 25.10.2009 0,41MB 2.2.4 (16502)
EASEUS Partition Master 4.0 Home Edition EASEUS 29.09.2009 32,5MB
EPSON Scan 24.01.2009 6,80MB
Exif Tag Remover 2.0 RL Vision 18.06.2010 3,75MB
FastStone Capture 5.3 FastStone Soft 20.03.2010 1,41MB 5.3
FinalBurner Free v2.14.0.166 25.10.2009 31,4MB
Firebird SQL Server - MAGIX Edition MAGIX AG 22.01.2010 10,1MB 2.1.27.0
Flickr Uploadr 3.0.5 11.10.2008 23,4MB
Framing Studio 1.91 AMS Software 31.03.2009 5,35MB
Free Video Zilla FreeVideoZilla.com 20.02.2010 2,29MB
Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 29.12.2008 2,84MB
FujiDirekt 2.6 24.10.2009 14,2MB
GIMP 2.4.7 20.09.2008 77,2MB
Google Earth Google 06.08.2010 85,4MB 5.2.1.1329
Google Toolbar for Internet Explorer Google Inc. 12.07.2010 10,3MB
Google Updater Google Inc. 24.03.2009 3,59MB 2.4.1536.6592
HachaPro 17.06.2009
Haihaisoft Universal Player Haihaisoft 17.05.2009 31,0MB 1.3.6.0
Hama Double Action Air Grip GASIA 13.03.2009 1,02MB 1.00.0000
ImgBurn LIGHTNING UK! 08.12.2009 2,30MB 2.5.0.0
iPhone-Konfigurationsprogramm Apple Inc. 26.09.2009 22,4MB 2.1.0.163
IrfanView (remove only) Irfan Skiljan 29.06.2010 11,5MB 4.27
iTunes Apple Inc. 26.06.2010 160,8MB 9.2.0.61
Janosch Vorschule Terzio Verlag 06.01.2009 91,8MB 1.00.0000
Janosch Vorschule Englisch Terzio Verlag 08.01.2009 66,4MB 1.00.0000
JAP JAP-Team 14.06.2008 5,49MB 00.09.003
Java(TM) 6 Update 20 Sun Microsystems, Inc. 27.03.2009 97,0MB 6.0.200
Java(TM) 6 Update 6 Sun Microsystems, Inc. 18.06.2008 136,2MB 1.6.0.60
JonDo 27.03.2009 7,59MB
K-Lite Mega Codec Pack 3.7.5 06.02.2008 21,0MB 3.7.5
Kantaris Media Player 0.5.8 Christofer Persson 05.12.2009 50,1MB
KONICA MINOLTA magicolor 2400W 15.03.2009
LightScribe System Software 1.10.16.1 hxxp://www.lightscribe.com 17.02.2009 19,2MB 1.10.16.1
Logitech Gaming Software 5.08 Logitech 27.10.2009 12,1MB 5.08.146
MAGIX Foto Manager 9 MAGIX AG 22.01.2010 106,3MB 7.0.0.97
MAGIX Online Druck Service MAGIX AG 22.01.2010 11,4MB 3.4.3.0
MAGIX Screenshare MAGIX AG 22.01.2010 2,00MB 4.3.6.1987
McDonald's Dragons Name of your company 10.01.2009 172,7MB
McDonald's Fairies Name of your company 05.01.2009 83,6MB
Microsoft .NET Framework 1.1 15.06.2008
Microsoft .NET Framework 1.1 German Language Pack Microsoft 15.06.2008 3,02MB 1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 06.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.02.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319
Microsoft Flight Simulator 2002 13.03.2009 1.767,7MB
Microsoft Office Home and Student 2007 Microsoft Corporation 29.04.2009 314,6MB 12.0.6425.1000
Microsoft Silverlight Microsoft Corporation 03.06.2010 66,9MB 4.0.50524.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 10.08.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 30.11.2008 0,41MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 10.08.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 18.03.2009 2,06MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.06.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.04.2010 0,58MB 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft 15.06.2008 11,4MB 1.1.4322
Mozilla Firefox (3.6.8) Mozilla 06.08.2010 30,2MB 3.6.8 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.03.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 27.11.2009 1,34MB 4.20.9876.0
Nero 8 Essentials Nero AG 17.02.2009 1.644,5MB 8.10.135
Nero PhotoShow Express 5 Simple Star, Inc. 17.02.2009 78,3MB 5.0
O&O MediaRecovery O&O Software GmbH 27.10.2009 6,39MB 4.1.1322
OpenOffice.org Installer 1.0 Sun Microsystems 18.06.2008 2,40MB 1.0.9221
Opera 10.60 Opera Software ASA 10.07.2010 23,3MB 10.60
Orbit Downloader www.orbitdownloader.com 05.04.2010 8,82MB
Phoenix Backup Professional SYDATEC 27.10.2009 13,5MB 3.5.000
PhotoResampling 9.2 05.12.2009 5,48MB
PrimoPDF activePDF 19.10.2008 11,9MB 4.1.0.9
Protect Disc License Helper 1.0.118 Protect Disc 07.07.2009 0,84MB 1.0.118
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 07.07.2009 96,00KB 11.0.0.11
QuickTime Apple Inc. 12.06.2010 73,8MB 7.66.71.0
Quintessential Media Player Quinnware 10.07.2010 15,0MB Version 5.0
Race Driver 3 Codemasters 15.03.2009 7.112,3MB 1.00.0000
RarZilla Free Unrar Philipp Winterberg 09.04.2010 1,70MB 2.55
RealPlayer RealNetworks 09.04.2010 79,2MB
Recuva (remove only) Piriform 25.06.2009 1,80MB
Sceneo AbsolutTV 18.03.2009 7,02MB
Schiff-Simulator 2008 29.05.2010 660,4MB
SecondLife (remove only) 04.09.2009 86,5MB
Serif PhotoPlus 11 Serif (Europe) Ltd 05.12.2009 120,5MB 11.1.1.019
SiSoftware Sandra Lite 2009.SP4 SiSoftware 12.10.2009 36,9MB 15.124.2009.9
Skype™ 4.2 Skype Technologies S.A. 20.04.2010 31,1MB 4.2.158
SPEEDLINK TiltWheel Mouse 4.0 03.01.2009 5,00MB
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 18.02.2010 29,7MB 9.0.0
Steganos Safe OEM Steganos GmbH 27.10.2009 64,3MB 10.0.2
Steganos Shredder 11 Steganos GmbH 09.12.2009 51,7MB 11.0
Steuer-Spar-Erklärung 2008 Akademische Arbeitsgemeinschaft 15.10.2008 158,5MB 13.13.0000
Streamripper (Remove only) 11.07.2010 6,68MB
SUPER © Version 2010.bld.37 (Jan 2, 2010) eRightSoft 13.02.2010 32,3MB Version 2010.bld.37 (Jan 2, 2010)
T-Online 6.0 15.06.2008 250,5MB
T-Online WLAN-Access Finder 15.06.2008 0,95MB
Tobit.Software clipinc.fx Tobit.Software 27.10.2009 991,8MB
TomTom HOME 2.7.3.1894 TomTom 21.11.2009 50,8MB 2.7.3.1894
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 27.03.2009 1,88MB 1.0.2
Tube Explorer Lite 3.0.0 VOWSoft,Ltd. *TE Studio* 28.12.2008 2,55MB 3.0.0
TUGZip 3.5 Christian Kindahl 19.10.2008 12,7MB
Ultra Defragmenter 14.06.2008
Video Converter S.A.D. 05.12.2009 36,1MB 2.1.8.1225
VLC media player 1.1.2 VideoLAN 06.08.2010 91,5MB 1.1.2
WebMate KYE 24.09.2009 17,2MB 3.2.1.4
Winamp Nullsoft, Inc 10.07.2010 34,5MB 5.58
Winamp Erkennungs-Plug-in Nullsoft, Inc 10.07.2010 0,13MB 1.0.0.1
Winamp Toolbar AOL LLC 10.07.2010 2,20MB 5.1.28.2
Winamp Toolbar for Firefox AOL LLC 28.11.2008 5.5.1.1
Windows Media Player Firefox Plugin Microsoft Corp 29.01.2010 0,29MB 1.0.0.8
WinHTTrack Website Copier 3.43-3 HTTrack 12.03.2009 11,3MB 3.43.2
WISO Sparbuch 2009 Buhl Data Service GmbH 13.07.2009 456,3MB 16.00.6228
WISO Sparbuch 2010 Buhl Data Service GmbH 27.06.2010 304,9MB 17.00.6531
Wissen für Kinder - Atlas 08.05.2009 3,62MB
YouTube Downloader 2.5.6 BienneSoft 29.06.2010 6,75MB
YouTube Downloader Toolbar v1.0 Spigot, Inc. 05.04.2010 5,02MB 1.1.2
Zipeg 19.10.2008 2,92MB

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4426

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14.08.2010 09:15:28
mbam-log-2010-08-14 (09-15-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 348619
Time elapsed: 1 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:36, on 14.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\MSTMON_S.EXE
C:\Windows\System32\CmWatch.exe
C:\Program Files\Anwendungen\VideoAudio\Winamp\winampa.exe
C:\Program Files\SPEEDLINK Wheel Mouse\ACQTMAPP.exe
C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\ODSBC\ODSBCApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\KYE\WebMate\BM.exe
C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Adminaccount\Program Files\DNA\btdna.exe
C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe
C:\Program Files\SYDATEC\Phoenix Backup Professional\pbtray.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\Windows\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [CmCardRun] C:\Windows\system32\CmWatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Anwendungen\VideoAudio\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\SPEEDLINK Wheel Mouse\ACQTMAPP.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SAFEOEM HotKeys] "C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Anwendungen\VideoAudio\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Adminaccount\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Phoenix Backup] C:\PROGRA~1\SYDATEC\PHOENI~1\pbtray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user')
O4 - Global Startup: WISO Mein Sparbuch heute.lnk = C:\Program Files\WISO\Sparbuch 2010\meinsparbuchheute.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Anwendungen\Internet\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Anwendungen\Internet\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c989fad961a9b2) (gupdate1c989fad961a9b2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\PVR\PVRService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 13589 bytes

--- --- ---

cosinus · 15.08.2010, 19:46

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

blaukiesel80 · 18.08.2010, 21:06

Hallo Arne,

danke.

Log 1:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2010 21:35:38 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\XXX\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,94 Gb Total Space | 116,90 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX-PC
Current User Name: Adminaccount
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\Anwendungen\Foto\Irfan View\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\Anwendungen\Foto\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Anwendungen\VideoAudio\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Anwendungen\VideoAudio\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Anwendungen\VideoAudio\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programe\Anwendungen\Internet\BitTorrent\bittorrent.exe" = C:\Programe\Anwendungen\Internet\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{62CD0A05-F4AE-4BDA-8C29-7E4B0409A0E1}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | 
"{8E620092-97BC-4352-8DB7-E60196BFE384}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\rpcagentsrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F9F5AA-6E62-46E4-83A7-0329194A7190}" = protocol=6 | dir=in | app=c:\programe\anwendungen\internet\bittorrent\bittorrent.exe | 
"{0E225739-801B-426A-BF52-30B61BE843D0}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{1F47F6B3-10CD-46D1-AC01-C9A26779A8D9}" = protocol=17 | dir=in | app=c:\program files\anwendungen\internetbrowser\opera\opera.exe | 
"{2909ABC7-71F5-4632-B0EE-7F55BC017947}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{2CCCFC95-BDF0-4F87-866E-F9003B630DB9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\rpcagentsrv.exe | 
"{3F53A746-8FC2-4FDF-9AC6-91E1A4FC2A7F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{42BF41A8-2B37-401F-992E-79A3DC591307}" = protocol=6 | dir=in | app=c:\program files\anwendungen\internetbrowser\opera\opera.exe | 
"{4A0CF484-C8C1-48AB-9CA3-AA9B0B94967E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{54397BA9-C1ED-4D31-8B97-20682F8E11DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{560AFB6B-FED7-4E98-958E-69987DBE645F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AF73B3E-4B3A-4DBF-9F1A-0E5F0A27E87D}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{5B7A7123-86EE-4AC9-BE37-0C1D550EA744}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{5C305303-E715-450B-A881-26C8C5D9A40C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{60294DA9-6AF6-45B5-8F40-D5D2504C5351}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp4\wnt500x86\rpcsandrasrv.exe | 
"{71E020B1-D9C3-4DC1-A896-8B81C021FCBD}" = protocol=17 | dir=in | app=c:\programe\anwendungen\internet\bittorrent\bittorrent.exe | 
"{7230CB4F-FB6B-4263-9110-858687FD1195}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{85CAAB42-DDD6-4099-9480-667DE4BF892D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{87BA0E8A-1123-463A-8355-D58CFDB4EF54}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{9FAACBC6-B728-448D-B723-BF624C360AC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0C281E9-4EF2-472F-AF5B-0E0DF098DF9C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E39E8289-B533-438B-9A57-725C47F3737D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{E4B1E2B2-BA00-4E0B-8A84-8A5032E60DA0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{ECD642D1-E2A9-42CD-B9D1-3B90302DA1B5}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"TCP Query User{1B0117A2-1746-4CA0-8585-1B76E9C0A076}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{1B08A49B-EC51-47B2-9DEE-E066608A6E34}C:\users\xxx\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\XXX\program files\dna\btdna.exe | 
"TCP Query User{457727C3-4F8C-4354-9DB1-A01CB23EEFC3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{7CBA8E7C-CB9A-4875-A11A-E379224E2F7C}C:\users\xxx\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\XXX\program files\bittorrent\bittorrent.exe | 
"TCP Query User{8C4F1E7E-AA64-4DD8-B5EC-93BCC9C99B0E}C:\program files\anwendungen\bloomberg\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\program files\anwendungen\bloomberg\blp\wintrv\wintrv.exe | 
"TCP Query User{8ED1EAD9-5FCF-4CD8-8165-4A3107832761}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{A98B6281-6985-4FC6-A31D-4F9159B25899}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AACE253D-6B84-40DC-8D4F-F3F4B8E8F3B5}C:\users\adminaccount\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\adminaccount\program files\dna\btdna.exe | 
"TCP Query User{D47B84E7-64AA-4772-8BED-A811E94379FD}C:\program files\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files\free video zilla\fvzilla.exe | 
"TCP Query User{E423D282-3858-4228-AABA-4D6C65F35E02}C:\program files\anwendungen\internet\2ndlife\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\anwendungen\internet\2ndlife\secondlife\slvoice.exe | 
"TCP Query User{F3AB1AC3-01F0-463A-9AC1-AAF0CDC936DC}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{FE53535D-8481-4F8F-87A6-D17516152882}C:\users\xxx\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\xxx\program files\dna\btdna.exe | 
"UDP Query User{064087BB-629C-4A87-809E-32F92E6501DB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{07C51161-4613-4CC2-A8B5-37BADFB07012}C:\users\xxx\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\xxx\program files\bittorrent\bittorrent.exe | 
"UDP Query User{33AA80D5-7B3C-4A16-919F-5102552AE6F5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3CC66CC0-D763-490F-ABF9-70D581934944}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{416B213E-CB45-4A3A-B23C-41068BE06CBF}C:\users\adminaccount\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\adminaccount\program files\dna\btdna.exe | 
"UDP Query User{4A1F2289-C4C3-4AC5-905D-9648531B2DC0}C:\users\xxx\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\xxx\program files\dna\btdna.exe | 
"UDP Query User{7200150F-6659-40A3-9550-2188E519E155}C:\program files\anwendungen\internet\2ndlife\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\anwendungen\internet\2ndlife\secondlife\slvoice.exe | 
"UDP Query User{8DA8F520-0E54-4732-BF85-9DDE0D13FD7C}C:\program files\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files\free video zilla\fvzilla.exe | 
"UDP Query User{9F1EEA3D-BBEF-492E-9913-C3302B81E96B}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{E309E8D8-5AEE-4FC4-B4AE-8EE6B84D48EE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{E42CAD34-42D2-4F04-9A42-B9262C35B424}C:\users\xxx\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\xxx\program files\dna\btdna.exe | 
"UDP Query User{F97F11C4-7BD5-49C3-A598-FDBED9194B61}C:\program files\anwendungen\bloomberg\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\program files\anwendungen\bloomberg\blp\wintrv\wintrv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{034F8B84-40DE-EBB5-4B7E-07E719B1271B}" = Catalyst Control Center HydraVision Full
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{09E4C6A0-AB81-4ADA-9163-DD7B724E0BB6}" = Janosch Vorschule
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1089C72B-8D02-1C2A-1832-B0007D8AA963}" = Catalyst Control Center Core Implementation
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DC1F9A-15B9-4707-A9CD-C2F66239261E}" = COMPUTERBILD-Abzockschutz
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.14.0.166
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2573A5FB-0352-4B85-E948-10FFCDD28731}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B152D2E-039D-BDD5-DAB8-F9E715CF5FCA}" = Catalyst Control Center Graphics Light
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AA1DCD6-CEE9-DAD4-79E3-6BF1F5D4744C}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C8D3E94-9DFB-4A2F-9A74-35CB06697576}" = TV DIGITAL OnGuide
"{4115D40F-3E40-8D0B-F2B7-5FE20E7D711C}" = Catalyst Control Center Graphics Previews Vista
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E609F4B-4B10-6DD8-C47D-9703044AC5EF}" = Catalyst Control Center Graphics Full New
"{6783BD80-A5DB-10A6-9F03-CE0B406BB982}" = Catalyst Control Center Graphics Previews Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C2CD35D-FEC4-0272-9D16-CB1585C44FA6}" = ccc-utility
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EAB15F0-5857-A3B6-565F-F5A27EC4FD91}" = ATI Catalyst Install Manager
"{83253574-98CB-404C-0001-8DDC85F59E5D}" = Video Converter
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.0.4
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9102836A-D390-415F-45B2-27C9B3680303}" = ccc-core-static
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{960F8836-A5E6-4801-B889-69A9777660E4}" = Steganos Shredder 11
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4F72EE-8378-49BD-8C10-301E25907B5B}" = Steganos Safe OEM
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3795283-6113-42A2-9963-B33C26FB5D24}" = WebMate
"{D4A70F1B-2046-AEBD-9F25-844BECFB163A}" = CCC Help English
"{D5E409E8-3AF3-4B19-A291-E27AECC905B3}" = Janosch Vorschule Englisch
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software  1.10.16.1
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8718F95-21A1-44B9-97EC-679C93020BAE}" = Colin McRae Rally 04
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}" = Serif PhotoPlus 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adsen Image Grab_is1" = Adsen Image Grab
"Ashampoo Magical Snap FREE_is1" = Ashampoo Magical Snap FREE
"Audiograbber" = Audiograbber 1.83 SE 
"AutoUnpack_is1" = AutoUnpack 4.4.4
"AVIConverter Package" = AVIConverter Package Beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BitTorrent" = BitTorrent
"Bloomberg, V.06.08.09" = Bloomberg, V.06.08.09
"Bus Simulator 2008_is1" = Bus Simulator 2008
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"C-Media Card Reader Driver" = C-Media USB Mass Storage Driver
"Digital Camera Driver" = Digital Camera Driver
"dm Fotowelt" = dm Fotowelt
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EPSON Scanner" = EPSON Scan
"Exif Tag Remover_is1" = Exif Tag Remover 2.0
"FastStone Capture" = FastStone Capture 5.3
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Framing Studio_is1" = Framing Studio 1.91
"Free Video Zilla_is1" = Free Video Zilla
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FujiDirekt_is1" = FujiDirekt 2.6
"Google Updater" = Google Updater
"HachaPro" = HachaPro
"Haihaisoft Universal Player" = Haihaisoft Universal Player
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JonDoUninstall" = JonDo
"Kantaris_is1" = Kantaris Media Player 0.5.8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Dragons " = McDonald's Dragons
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nero PhotoShow Express 5" = Nero PhotoShow Express 5
"Orbit_is1" = Orbit Downloader
"PhotoResampling_is1" = PhotoResampling 9.2
"PrimoPDF4.1.0.9" = PrimoPDF
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Quintessential Media Player" = Quintessential Media Player
"RarZilla Free Unrar" = RarZilla Free Unrar
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva (remove only)
"SecondLife" = SecondLife (remove only)
"ShipSim2008" = Schiff-Simulator 2008
"SPEEDLINK TiltWheel Mouse_is1" = SPEEDLINK TiltWheel Mouse 4.0
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Tube Explorer Lite" = Tube Explorer Lite 3.0.0
"TUGZip_is1" = TUGZip 3.5
"UltraDefrag" = Ultra Defragmenter
"VLC media player" = VLC media player 1.1.2
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-3
"Wissen für Kinder - Atlas" = Wissen für Kinder - Atlas
"Zipeg" = Zipeg
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.08.2010 01:52:17 | Computer Name = xxx-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\kernel32.dll"
 zugegriffen werden:   Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten   Speichertreibern;
 oder der Datenträger fehlt.   Das Programm Java(TM) Update Scheduler wurde wegen 
dieses Fehlers geschlossen.    Programm: Java(TM) Update Scheduler  Datei: C:\Windows\System32\kernel32.dll

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. 
Öffnen Sie die Datei erneut.   Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.   Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000185  Datenträgertyp: 3
 
Error - 14.08.2010 02:11:06 | Computer Name = xxx-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 03:11:07 | Computer Name = xxx-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 04:11:06 | Computer Name = xxx-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 05:11:05 | Computer Name = xxx-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 10:42:12 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
 0x4c25813d, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18943, Zeitstempel 
0x4c259878, Ausnahmecode 0xc0000005, Fehleroffset 0x000d96a7,  Prozess-ID 0x24b4, 
Anwendungsstartzeit 01cb3b9c4a7bc228.
 
Error - 14.08.2010 10:43:07 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fsonlinescanner.exe, Version 4.2.16010.0, Zeitstempel
 0x4b62459e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000043, Fehleroffset 0x00009eed,  Prozess-ID 0x95c8, Anwendungsstartzeit
 01cb3bbefe592c78.
 
Error - 14.08.2010 17:08:35 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3,
 fehlerhaftes Modul vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3, Ausnahmecode
 0xc0000005, Fehleroffset 0x000016ee,  Prozess-ID 0x14208, Anwendungsstartzeit 01cb3bf4d8ebb4f8.
 
Error - 14.08.2010 17:09:04 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3,
 fehlerhaftes Modul vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3, Ausnahmecode
 0xc0000005, Fehleroffset 0x000016ee,  Prozess-ID 0x13d64, Anwendungsstartzeit 01cb3bf4e822c529.
 
Error - 14.08.2010 17:27:50 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3,
 fehlerhaftes Modul vlc.exe, Version 1.1.0.0, Zeitstempel 0x4c52eef3, Ausnahmecode
 0xc0000005, Fehleroffset 0x000016ee,  Prozess-ID 0x14518, Anwendungsstartzeit 01cb3bf50be57529.
 
[ System Events ]
Error - 14.08.2010 01:51:45 | Computer Name = xxx-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
 
Error - 14.08.2010 01:51:45 | Computer Name = xxx-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
 
Error - 14.08.2010 01:51:45 | Computer Name = xxx-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
 
Error - 14.08.2010 01:51:45 | Computer Name = xxx-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
 
Error - 14.08.2010 01:51:45 | Computer Name = xxx-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort4 gefunden.
 
Error - 14.08.2010 01:52:07 | Computer Name = xxx-PC | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 14.08.2010 01:55:02 | Computer Name = xxx-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.08.2010 um 07:52:25 unerwartet heruntergefahren.
 
Error - 14.08.2010 01:55:35 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.08.2010 06:00:17 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.08.2010 15:29:04 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

Log 2:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.08.2010 21:35:38 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxx\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,94 Gb Total Space | 116,90 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx-PC
Current User Name: Adminaccount
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Internet xxx\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Anwendungen\VideoAudio\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
PRC - C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Program Files\KYE\WebMate\BM.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AAV\aavus.exe ()
PRC - C:\Program Files\SPEEDLINK Wheel Mouse\ACQTMAPP.exe ()
PRC - C:\Windows\System32\CmWatch.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Internet xxx\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (srvcPVR) -- C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files\Common Files\AAV\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (pohci13F) -- C:\Users\ADMINA~1\AppData\Local\Temp\pohci13F.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ultradfg) -- C:\Windows\System32\drivers\ultradfg.sys (DASoft Development Team)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTOnlPktAlyX) -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (UMSSSTOR) -- C:\Windows\System32\drivers\Umss.SYS (C-Media Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 AF 68 4A 9C 3B CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.10 02:04:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.07 18:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.07 18:20:36 | 000,000,000 | ---D | M]
 
[2010.01.30 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Extensions
[2010.08.07 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions
[2010.07.11 23:55:13 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.06.28 01:43:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.28 01:43:33 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010.06.28 01:43:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.28 01:43:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.06.28 01:43:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.28 01:43:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.28 01:43:45 | 000,000,000 | ---D | M] -- C:\Users\Adminaccount\AppData\Roaming\mozilla\Firefox\Profiles\8xvahqnc.default\extensions\piclens@cooliris.com
[2010.08.07 18:16:28 | 000,001,196 | ---- | M] () -- C:\Users\Adminaccount\AppData\Roaming\Mozilla\FireFox\Profiles\8xvahqnc.default\searchplugins\winamp-search.xml
[2010.04.18 08:21:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.18 08:21:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.08.07 18:20:32 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.07 18:20:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.07 18:20:32 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.07 18:20:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.07 18:20:33 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files\SPEEDLINK Wheel Mouse\ACQTMAPP.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe ()
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CmCardRun] C:\Windows\System32\CmWatch.exe ()
O4 - HKLM..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\Windows\System32\MSTMON_S.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Anwendungen\VideoAudio\TV Programm Sceneo\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Anwendungen\VideoAudio\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Adminaccount\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKCU..\Run: [Nero PhotoShow Media Manager] C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe (Nero AG / Nero Inc.)
O4 - HKCU..\Run: [Phoenix Backup] C:\Program Files\SYDATEC\Phoenix Backup Professional\pbtray.exe (SYDATEC)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\Anwendungen\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Anwendungen\Internet\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Anwendungen\Internet\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c9545644-3ac5-11dd-9fc6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9545644-3ac5-11dd-9fc6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.14 18:06:24 | 000,000,000 | ---D | C] -- C:\Users\Adminaccount\AppData\Roaming\Avira
[2010.08.14 12:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.14 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\Adminaccount\AppData\Roaming\Google
[2010.08.14 01:15:53 | 000,000,000 | ---D | C] -- C:\Users\Adminaccount\AppData\Roaming\Malwarebytes
[2010.08.14 01:15:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.14 01:15:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.14 01:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.14 01:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.14 01:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.13 23:09:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.13 23:09:32 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 23:09:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.13 23:09:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.13 23:09:31 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 23:09:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 23:09:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.13 23:09:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.13 23:09:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.13 23:09:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.13 23:09:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.13 23:09:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.13 23:09:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 23:09:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 23:09:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.13 23:09:23 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 23:09:05 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 23:08:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 23:08:13 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 23:08:12 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.07 18:52:42 | 000,000,000 | ---D | C] -- C:\Users\Adminaccount\AppData\Roaming\vlc
[2010.08.07 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Adminaccount\AppData\Local\Sunbelt Software
[2010.08.07 18:30:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[1999.09.22 21:49:22 | 000,099,840 | R--- | C] ( ) -- C:\Windows\System32\Zipdll.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 21:35:13 | 002,359,296 | -HS- | M] () -- C:\Users\Adminaccount\ntuser.dat
[2010.08.18 21:35:00 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70241351-808E-493C-BB49-9C4CD775B29C}.job
[2010.08.18 21:35:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2334DD7E-D575-4334-9071-2DE76F41C965}.job
[2010.08.18 21:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27763A0B-035C-4FB3-97DF-0284E522E391}.job
[2010.08.18 21:35:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D68EDF94-50F3-424A-9754-60C0F4B8BD4D}.job
[2010.08.18 21:35:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF7CCD4A-E4A4-46CA-A94A-88F688D7FCE5}.job
[2010.08.18 21:34:38 | 000,524,288 | -HS- | M] () -- C:\Users\Adminaccount\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.18 21:34:38 | 000,065,536 | -HS- | M] () -- C:\Users\Adminaccount\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 21:28:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.18 21:28:55 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 21:28:55 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 21:28:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 21:28:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 21:28:44 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.16 05:11:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.16 04:59:02 | 003,715,288 | -H-- | M] () -- C:\Users\Adminaccount\AppData\Local\IconCache.db
[2010.08.14 03:32:24 | 000,289,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.14 01:15:27 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 01:07:45 | 000,000,764 | ---- | M] () -- C:\Users\Adminaccount\Desktop\CCleaner.lnk
[2010.08.07 18:52:31 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.07 18:43:26 | 019,461,015 | ---- | M] () -- C:\Users\Adminaccount\Documents\vlc-1.1.2-win32.exe
[2010.08.07 18:40:10 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.08.07 18:30:50 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.14 01:15:27 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 01:07:45 | 000,000,764 | ---- | C] () -- C:\Users\Adminaccount\Desktop\CCleaner.lnk
[2010.08.07 18:52:31 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.07 18:42:58 | 019,461,015 | ---- | C] () -- C:\Users\Adminaccount\Documents\vlc-1.1.2-win32.exe
[2010.08.07 18:40:10 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.08.07 18:30:50 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.09 20:28:08 | 000,001,032 | ---- | C] () -- C:\ProgramData\tmp227F.log
[2010.01.23 01:40:30 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.12.09 23:12:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.06 18:37:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\GBGraphics.dll
[2009.11.08 16:15:49 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.10.28 11:49:00 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.10.28 11:37:03 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.10.13 00:22:26 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2009.10.13 00:18:34 | 011,808,768 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.09.30 16:38:17 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.09.30 16:38:17 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.09.30 16:38:17 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.07.18 10:19:57 | 000,000,669 | ---- | C] () -- C:\Windows\wiso.ini
[2009.06.08 05:00:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.09 11:37:34 | 000,000,052 | ---- | C] () -- C:\Windows\rsgame.ini
[2009.05.09 11:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.04.19 12:02:43 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.04.15 23:48:40 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.15 23:48:40 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.19 21:23:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2009.03.19 21:23:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.03.08 13:51:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.01.06 02:52:54 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.12.03 12:32:08 | 001,019,904 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter2.dll
[2008.11.20 16:41:24 | 000,258,048 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2008.10.20 06:16:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2008.10.20 06:16:31 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2008.10.20 04:50:41 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008.10.16 23:27:05 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.09.17 13:12:48 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HDX4MediaReveal.dll
[2008.09.13 00:44:32 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.20 03:29:22 | 000,204,288 | ---- | C] () -- C:\Users\Adminaccount\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 00:13:49 | 000,000,100 | ---- | C] () -- C:\Users\Adminaccount\AppData\Local\fusioncache.dat
[2008.06.15 12:40:10 | 000,001,356 | ---- | C] () -- C:\Users\Adminaccount\AppData\Local\d3d9caps.dat
[2008.04.28 18:13:33 | 000,000,330 | ---- | C] () -- C:\Windows\primopdf.ini
[2008.03.21 22:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.03.09 13:26:20 | 000,091,648 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2007.09.04 18:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.23 01:00:00 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2006.08.23 01:00:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2006.08.23 01:00:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.08.23 01:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2006.05.26 15:29:14 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.04.03 14:26:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2005.07.23 12:55:00 | 000,021,747 | ---- | C] () -- C:\Windows\MSTMON_S.INI
[2005.07.23 12:55:00 | 000,019,253 | ---- | C] () -- C:\Windows\MSUMLT_S.INI
[2003.05.30 15:27:46 | 000,032,768 | ---- | C] () -- C:\Windows\System32\CmCardRm.dll
[2002.11.29 04:56:34 | 000,065,024 | ---- | C] () -- C:\Windows\System32\sfx.dll
[2000.07.18 07:01:56 | 000,230,912 | R--- | C] () -- C:\Windows\System32\Zipit.dll
 
========== Files - Unicode (All) ==========
[2009.11.18 23:56:07 | 000,528,716 | ---- | M] ()(C:\Users\Adminaccount\Documents\YYY1.pdf) -- C:\Users\Adminaccount\Documents\YYY1.pdf
[2009.11.18 23:56:07 | 000,528,716 | ---- | C] ()(C:\Users\Adminaccount\Documents\YYY1.pdf) -- C:\Users\Adminaccount\Documents\YYY1.pdf
[2009.09.11 14:08:03 | 001,698,816 | ---- | M] ()(C:\Users\Adminaccount\Documents\YYY2.htm) -- C:\Users\Adminaccount\Documents\YYY2.htm
[2009.09.11 14:08:01 | 001,698,816 | ---- | C] ()(C:\Users\Adminaccount\Documents\YYY2.htm) -- C:\Users\Adminaccount\Documents\YYY2.htm
[2009.03.19 21:53:34 | 003,411,968 | ---- | M] ()(C:\Users\Adminaccount\Documents\YYY3.doc) -- C:\Users\Adminaccount\Documents\YYY3.doc
[2009.03.19 21:53:28 | 003,411,968 | ---- | C] ()(C:\Users\Adminaccount\Documents\YYY3.doc) -- C:\Users\Adminaccount\Documents\YYY3.doc
[2009.03.19 21:53:01 | 001,611,776 | ---- | M] ()(C:\Users\Adminaccount\Documents\YYY4.doc) -- C:\Users\Adminaccount\Documents\YYY4.doc
[2009.03.19 21:52:59 | 001,611,776 | ---- | C] ()(C:\Users\Adminaccount\Documents\YYY4.doc) -- C:\Users\Adminaccount\Documents\YYY4.doc
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:D96E22F3F45A9235
< End of report >

--- --- ---

cosinus · 19.08.2010, 09:44

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (pohci13F) -- C:\Users\ADMINA~1\AppData\Local\Temp\pohci13F.sys File not found
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe]  File not found
O33 - MountPoints2\{c9545644-3ac5-11dd-9fc6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c9545644-3ac5-11dd-9fc6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- File not found
@Alternate Data Stream - 24 bytes -> C:\Windows:D96E22F3F45A9235
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

TR/Crypt.ZPACK Bereinigung nicht erfolgreich

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK Bereinigung nicht erfolgreich