Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ThinkPoint vollständig entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.11.2010, 20:34   #1
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Ich habe mir vor einigen Tagen den ThinkPoint eingefangen und ihm dann blöderweise auch erlaubt, sich auf meinem Rechner breit zu machen. Gemäß eurer Anleitung habe ich mit rkill und Malwarebytes Anti-Malware das Gröbste entfernen können.

Ein paar Tage später, fing der Computer dann aber an im Browser auf andere Seiten umzuleiten, die sofort vom Firefox oder Virenscanner blockiert wurden. Zudem kam immer wieder die Meldung "hostprozess für windows dienste funktioniert nicht mehr". Auch die Windows Updates funktionieren manchmal nicht. Der Virenscanner kam ständig mit einer Meldung hoch.

Ich habe dann gestern nochmal SUPERAntiSpyware laufen lassen, was auch nochmal über 50 Objekte gefunden hat. Der Browser verhält sich seitdem normal, die Hostprozesse stürzen weiterhin manchmal ab. Ein weiterer Quickscan mit Anti-Malware mir vorherigem kill aller Prozesse mit OTH brachte keine neuen Funde.

Log Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5054

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

05.11.2010 23:32:25
mbam-log-2010-11-05 (23-32-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 528465
Laufzeit: 3 Stunde(n), 9 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 23

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Gbot) -> Data: c:\users\jonas\appdata\local\temp\dwm.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> No action taken.
C:\Program Files\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> No action taken.
C:\Program Files\dektop-games\DESKTOP.EXE (Joke.Stressreducer) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\oovqlsahc[2].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNK0IRAM\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\3[1].exe (Rootkit.TDSS) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2HDPISA\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\ermtbvqls[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\erztbwqyg[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtbwqys[1].htm (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\gtovqub[1].htm (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\imdysnucxe[1].htm (Rootkit.MBR) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\aaick[1].htm (Spyware.Passwords.XGen) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\tkbvqkfdls[1].htm (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S1SHFA9B\2[1].exe (Trojan.Downloader) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\iyghyu.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\jehw.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Local\Temp\dwm.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\shell.exe (Backdoor.Gbot) -> No action taken.
C:\Users\Jonas\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> No action taken.
C:\Users\Jonas\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> No action taken.
         
Log SuperAntiSpyware:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/13/2010 at 09:35 PM

Application Version : 4.45.1000

Core Rules Database Version : 5857
Trace Rules Database Version: 3669

Scan type       : Complete Scan
Total Scan Time : 04:08:34

Memory items scanned      : 783
Memory threats detected   : 0
Registry items scanned    : 12196
Registry threats detected : 0
File items scanned        : 384540
File threats detected     : 55

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[4].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@edge.download.newmedia.nacamar[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.zanox-affiliate[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.zanox[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yn-ads[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@xiti[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad2.adfarm1.adition[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@microsoftsto.112.2o7[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@avgtechnologies.112.2o7[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.gruenderszene[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.youporn[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.medienhaus[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@data.coremetrics[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[6].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adc-serv[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@webmasterplan[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[3].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@imrworldwide[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[3].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.hannoversche[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@nacamar.adbureau[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.traffictrack[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@de.sitestat[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[9].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@youporn[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@4stats[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.quisma[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox-affiliate[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[3].txt
	atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	bc.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	files.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	icq.oberon-media.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	m.de.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	media1.break.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	multimedia.metacafe [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	richmedia.coolespiele.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	spe.atdmt.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	static.youporn.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]
	track.webgains.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UX3CVLMZ ]

Trojan.Agent/Gen-Deskryp
	C:\USERS\***\APPDATA\LOCAL\TEMP\3.EXE
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 14.11.2010 20:58:35 - Run 1
OTL by OldTimer - Version 3.2.17.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Miranda IM\miranda32.exe ( )
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe File not found
SRV - (AMService) -- C:\Windows\TEMP\ysin\setup.exe File not found
SRV - ({B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
SRV - ({1E4009C0-5F19-403F-B87270576C4E742B}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (cvslock) -- C:\Program Files\CVSNT\cvslock.exe ()
SRV - (cvsnt) -- C:\Program Files\CVSNT\cvsservice.exe (March Hare Software Ltd)
SRV - (Apache2) -- C:\Program Files\XAMPP\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (XAMPP) -- C:\Programme\XAMPP\xampp\service.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (VHidMinidrv) -- C:\Windows\System32\drivers\VHIDMini.sys File not found
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iMSPQMn) -- C:\Users\***\AppData\Local\Temp\iMSPQMn.sys File not found
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys File not found
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys File not found
DRV - (BlueletAudio) -- C:\Windows\System32\DRIVERS\blueletaudio.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hotcore2) -- C:\Windows\system32\drivers\hotcore2.sys (Paragon Software Group)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (qkbfiltr) -- C:\Windows\System32\drivers\qkbfiltr.sys (Quanta Computer Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron )
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.2
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.09 21:42:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.06 09:36:25 | 000,000,000 | ---D | M]
 
[2008.11.13 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions
[2010.03.04 08:32:05 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.10.09 15:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.26 07:50:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.03 22:48:28 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.04.16 18:09:04 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.03.04 08:32:04 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.03.04 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010.07.10 15:33:19 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.07.03 09:39:16 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.11.07 10:03:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.19 10:06:41 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008.05.08 22:42:16 | 000,000,000 | ---D | M] (Header Monitor) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648}
[2010.11.14 15:20:15 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.09.07 15:35:24 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010.05.07 23:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\firebug@software.joehewitt.com
[2009.06.28 22:08:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xpovfr37.default\extensions\LogMeInClient@logmein.com
[2010.11.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.03 14:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.03 14:17:25 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.09.24 11:01:00 | 002,650,112 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npRACtrl.dll
[2007.08.06 11:07:00 | 000,008,784 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007.07.18 13:54:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\unicows.dll
[2010.03.13 12:11:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 12:11:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.13 12:11:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.13 12:11:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.13 12:11:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Keyboard Manager Utility] c:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk = C:\Programme\Miranda IM\miranda32.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\PartyPoker\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: j-breuer.de ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (setuid) - C:\Windows\System32\setuid.dll (March-Hare Software Ltd)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000.12.21 15:54:08 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2000.12.21 15:54:08 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\Shell\AutoRun\command - "" = F:\starter.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 15:21:55 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr
[2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2010.11.13 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.11.13 17:23:41 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.11.10 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.11.10 21:10:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.11.10 21:10:00 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.10 21:10:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.11.10 21:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.11.10 21:09:05 | 000,000,000 | ---D | C] -- C:\Programme\QLandkarteGT
[2010.11.10 21:08:32 | 000,000,000 | ---D | C] -- C:\Programme\FWTools2.4.7
[2010.11.05 20:48:23 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.11.05 19:58:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.05 19:51:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.05 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.05 19:50:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.03 19:52:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\QuickPar
[2010.11.03 19:51:20 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar
[2010.10.31 14:31:30 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2010.10.31 14:31:30 | 000,000,000 | ---D | C] -- C:\Programme\LAWICEL
[2010.10.31 14:29:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.10.31 14:29:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.10.31 11:27:42 | 000,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll
[2010.10.31 11:27:42 | 000,185,664 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\FTLang.dll
[2010.10.31 11:27:42 | 000,120,128 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftbusui.dll
[2010.10.31 11:27:42 | 000,072,000 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys
[2010.10.31 11:27:42 | 000,057,536 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys
[2010.10.31 11:27:42 | 000,051,528 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftserui2.dll
[2010.10.31 11:18:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Received Files
[2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\skins
[2010.10.29 22:34:22 | 000,000,000 | ---D | C] -- C:\docs
[2010.10.29 22:18:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda
[2010.10.29 22:18:19 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM
[2010.10.29 16:37:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010.10.29 16:36:45 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.25 20:41:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 20:03:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job
[2010.11.14 17:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.14 17:07:16 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.14 16:03:38 | 000,002,753 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
[2010.11.14 16:03:19 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.14 16:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 16:02:42 | 2137,169,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 16:01:35 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.14 15:23:10 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTH.scr
[2010.11.11 17:21:08 | 000,680,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.11 17:21:08 | 000,643,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.11 17:21:08 | 000,133,088 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.11 17:21:08 | 000,116,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.06 00:18:54 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.11.05 23:40:22 | 197,318,901 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.11.05 20:51:33 | 003,903,424 | ---- | M] () -- C:\Users\***\Desktop\cofi.exe
[2010.11.05 20:49:51 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.11.05 19:51:30 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.05 18:59:36 | 000,000,006 | ---- | M] () -- C:\Users\***\AppData\Roaming\start
[2010.11.05 18:19:45 | 000,071,168 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.04 22:15:31 | 000,000,865 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk
[2010.11.04 16:02:19 | 000,000,956 | ---- | M] () -- C:\Users\***\AppData\Roaming\gnuplot_history
[2010.10.31 14:59:34 | 000,000,854 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.10.31 14:31:47 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.10.31 14:31:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.16 19:11:02 | 000,000,553 | ---- | M] () -- C:\Users\***\Desktop\MapSource.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.14 17:11:34 | 000,000,396 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job
[2010.11.05 20:49:40 | 003,903,424 | ---- | C] () -- C:\Users\***\Desktop\cofi.exe
[2010.11.05 19:51:30 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.05 19:45:40 | 197,318,901 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.11.05 18:44:30 | 000,000,006 | ---- | C] () -- C:\Users\***\AppData\Roaming\start
[2010.11.04 22:15:31 | 000,000,865 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.exe - Verknüpfung.lnk
[2010.11.02 19:50:13 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.10.31 14:31:31 | 000,077,824 | ---- | C] () -- C:\Windows\System32\canusbdrv.dll
[2010.10.29 22:34:22 | 000,200,704 | ---- | C] () -- C:\tipper.dll
[2010.10.16 19:11:02 | 000,000,553 | ---- | C] () -- C:\Users\***\Desktop\MapSource.lnk
[2010.10.12 13:12:18 | 000,000,101 | ---- | C] () -- C:\Users\***\AppData\Roaming\wgnuplot.ini
[2010.10.10 11:49:36 | 000,000,369 | ---- | C] () -- C:\Windows\Sim7.ini
[2010.10.10 08:47:15 | 000,000,956 | ---- | C] () -- C:\Users\***\AppData\Roaming\gnuplot_history
[2010.08.18 11:50:14 | 000,001,771 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.Exception.log
[2010.08.13 08:43:50 | 000,001,602 | ---- | C] () -- C:\Users\***\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2009.07.06 23:07:19 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.06.05 20:18:39 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2009.06.05 19:46:18 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.05.28 16:31:46 | 000,000,049 | ---- | C] () -- C:\Windows\SW_Win2000X24.DLL
[2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2009.05.28 16:31:18 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009.05.28 16:31:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2009.04.26 14:47:39 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2009.04.26 14:47:39 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2008.11.10 13:18:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2008.09.25 13:21:34 | 000,000,040 | ---- | C] () -- C:\Windows\RUNAWAY2.INI
[2008.06.25 17:45:56 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.06.25 17:45:56 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.06.25 17:45:56 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.06.05 18:42:11 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.06.05 18:42:09 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.05 18:42:09 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.06.05 18:42:09 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.06.05 18:42:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 09:47:59 | 000,000,069 | ---- | C] () -- C:\Windows\EasyCash.ini
[2008.04.12 09:40:49 | 000,000,137 | ---- | C] () -- C:\Windows\EasyCT.INI
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2007.11.22 17:37:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.11.02 23:52:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007.11.02 23:17:24 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2007.10.19 20:00:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007.10.06 19:48:32 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007.09.23 16:06:54 | 000,004,863 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007.09.20 06:32:39 | 000,000,854 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.20 06:32:38 | 000,001,638 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007.09.19 20:33:40 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe
[2007.09.19 20:33:23 | 000,071,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.19 17:28:49 | 004,239,360 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2007.09.19 17:28:49 | 000,008,192 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2007.08.30 21:06:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.30 21:06:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.08.30 21:03:05 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007.08.30 14:10:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007.08.24 18:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1999.01.23 02:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2008.09.25 10:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2010.10.10 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ansoft
[2010.06.09 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blackberry Desktop
[2010.08.02 15:55:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broken Sword 2.5
[2010.11.14 16:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.05.15 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EditPlus 2
[2010.03.03 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2010.10.28 19:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.05.13 23:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2008.05.28 22:14:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron
[2010.10.09 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2008.12.01 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2007.10.06 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg
[2010.10.30 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.10.29 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2010.09.15 21:03:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBackup
[2007.11.02 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.08.18 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion
[2008.08.20 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Soldat
[2010.03.14 10:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2009.07.05 19:05:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2007.10.06 15:42:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\winpt
[2010.11.14 17:27:35 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.14 17:27:14 | 000,000,396 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C04EBF1-25B7-4EAB-8156-EFE3FCEC50C1}.job
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2010 20:58:35 - Run 1
OTL by OldTimer - Version 3.2.17.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,37 Gb Total Space | 3,83 Gb Free Space | 5,69% Space Free | Partition Type: NTFS
Drive D: | 32,70 Gb Total Space | 7,85 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
Drive E: | 641,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FUJITSUSIEMENSS | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2911781667-3860858085-696909929-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D036F1-7CBF-4D73-BE65-0AE69EEA6570}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0FD90608-2AB8-414B-8755-5FC10AE335D3}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{12D09895-0E50-4AA4-878B-6B3DA42CB2AA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{263371CB-457F-4A88-9F21-5223CD5495F1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2A6B6118-A588-460B-B1D7-F08AE0C8D3B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{34325D21-122B-4D4F-96C6-A2CF8BC3C49A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3F8BB26F-2178-4939-AEF0-968BE5BEF451}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{5FE616D9-950E-4365-B35C-EEF5CEA9028B}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery | 
"{612F93E0-46D5-40A6-84E6-A435AE0E08D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{62EF8489-007E-4387-90F7-EBD2F852F0B3}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer | 
"{80686A3C-100F-4B2B-87B9-6D459B871B55}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9EFD9157-244C-4828-8FE5-D8FAF0607A38}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BEA04196-565C-4FEE-AF6F-761893DF75FE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6372AE6-AD0A-4E0A-BB83-92E54F8605EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09426128-B9B3-4DC4-8B28-8ACDC6AE907B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0FF0A11E-FBAD-4AAB-BD81-5E9D1AC60723}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{177452C9-349A-4EFF-A0E4-4635BE6C09C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{19A744EB-7B7E-4BB7-88C5-67E04AAD7EFE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1B778EF4-14E8-41AD-BC4A-CAEAC6F0913C}" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe | 
"{1E193193-99EC-42F0-B4A4-292661885E05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23CD5DBF-C897-496B-9E2B-F15C1B3366E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39DFE761-CFAF-4ABB-930B-A7C2DF6893A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3DC2DF6C-E3C1-42EF-944A-97A2DD01BBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{47A87006-DE44-4587-AAC3-903D6B77980E}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4CA28414-8CFD-441E-BD99-8C4F4F1C45A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54ABE352-6465-46B2-8A63-605EEBDABF93}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54EC5F90-80AB-4738-ACB0-51738C71D452}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{602E396A-7C41-4F91-A3E7-F389423A52ED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6318D706-CCC7-490A-B27E-7EBD1117D8F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66FFDC1D-ED3C-4762-8C50-3EB94C0877FD}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{733ED17F-BA61-41DF-B016-390DECDC169F}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{739DFCFD-9B1D-48D6-B109-7CDF73D5A105}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78F52C73-4BFF-4419-81A0-6310A9311C82}" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio 8\common7\ide\devenv.exe | 
"{7C13F438-8F88-4C1B-B3EC-B9AA4691F425}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7EC8C090-E40B-4C1D-B2CA-F4E053AF45E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8117545A-224D-48FA-AAC2-05B004AAB5DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{831A408A-EB2E-4BCD-9E1F-DA0B275ABD18}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{83837233-078D-4DE3-89C3-8BC13B5A7C28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8AEDEF1D-96CA-4D08-B3FB-15EFD05B561B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EAB2253-D020-4510-AA5E-3F43BAC19EA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{929315D2-CE58-4C74-906B-48F3CEA5405D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9B54184C-50E5-47D4-9C9C-42521E7CA6EF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9E845B14-96C1-4856-B322-87F85F08CD11}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A3BCAA6B-44E9-4CF2-9838-0830FFCEDAEB}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A66D3810-06C9-4C33-BF9E-467EC85204F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B09CD212-E88C-4CE2-BEE5-CD30865A3E4E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B4041EAB-AEED-46D5-B9B3-CC48E8E14994}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB512344-7C03-4E01-AF71-CBB56B1F4C0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BF7FF65B-9169-4A1B-97CA-B03DE6A43C91}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFC14F0B-23C6-4DAB-A290-5012559EB89D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CD93F300-3200-419B-A3FE-E1DC0D5865A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D40C6460-6B91-4A5E-AC36-E9170F309929}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA2580D5-80D4-4B9F-AD90-0D8E9A229A03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB04835A-DA47-4F37-8316-56CB575582B4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{DEAB8E26-68BC-4F22-A6EB-27BF9D71A254}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{DF5CF967-8FC6-4D2D-AD03-E44B871222C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4D7E6B1-4C12-4FD6-B0E7-00347BC95075}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC4BAFE7-EC00-41F2-BB82-611065FCF90D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FC553F34-DA40-4048-9A90-B33CA2F979CA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FDC580F0-707E-40C2-8435-B70425ED6BFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE4E689C-1D87-413C-A318-0860856836DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{064D80D7-7A5D-4FAE-A9F2-936C2F9521F3}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{12EB4298-FEB6-4BDF-BCCC-384739180E86}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{2252F906-2DBC-4590-AE88-C6267D33BC1D}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{7394A7ED-7FD6-46C8-87E7-1C3AEC873E9D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7DC80366-36D6-4A25-8A0D-DE3859B9F3F4}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe | 
"TCP Query User{7DE3A78F-0FD1-42EA-BA35-4BB1A2BE8E0D}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{81BE67CF-428C-4C29-8D49-EBA403237FD1}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{95E79264-D437-4356-81FB-5FFD015885B4}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{981810D4-54B5-4149-80E9-4B4B6AEF3B5B}C:\program files\phped\debugger\dbglistener.exe" = protocol=6 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe | 
"TCP Query User{A11B30D5-D160-4ECF-8CA3-C9CB6A313D27}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{A619A55F-D1B5-4ABE-B427-3F915B709374}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B64F4854-9F7C-4917-A69D-B683B611F7E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CCA38C5C-1B80-4C3F-A57A-5E152FB671F8}C:\program files\editplus 2\editplus.exe" = protocol=6 | dir=in | app=c:\program files\editplus 2\editplus.exe | 
"TCP Query User{D629DD94-6984-48E2-88D7-4A46E887261F}D:\blubspace\blubspace.exe" = protocol=6 | dir=in | app=d:\blubspace\blubspace.exe | 
"TCP Query User{D6453B87-B728-4F93-B351-08869848384C}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{DEEF91D5-7774-4CFE-BB0F-197D78B9126B}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"TCP Query User{F10BC9BF-8063-432A-AC4A-C101E042CCFE}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"UDP Query User{08E66D1A-DE84-4A07-A7FD-2D97D83E63BF}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
"UDP Query User{21B6EC6C-09F4-49EF-8C4B-625957584A80}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{267EE2CC-129E-4E2D-B412-782FE6F68507}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe | 
"UDP Query User{26D95935-5D45-4D97-92EC-F55F29906A89}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3B2FEF94-9D87-4F23-9120-1FC8BA0FB5A1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{4DB6816E-3F7B-4CC3-8DD4-2A18025C080C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{5B36212E-1879-41FA-AC2A-B22CE7BAE645}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{77FB3FE4-A261-4270-BD5E-05C978809737}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{7E1C9E02-EAA2-458F-A69C-00A15AAA2194}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe | 
"UDP Query User{9339CE29-DD65-4D85-B126-6E7107EF6AA0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A96985E5-D76B-4916-9DA7-CFBB3F043764}C:\program files\phped\debugger\dbglistener.exe" = protocol=17 | dir=in | app=c:\program files\phped\debugger\dbglistener.exe | 
"UDP Query User{B073D489-0DC3-45F1-9442-B4ED81C2060A}C:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{C46D644F-E333-41A8-A629-6E32CEF4BFA8}C:\program files\editplus 2\editplus.exe" = protocol=17 | dir=in | app=c:\program files\editplus 2\editplus.exe | 
"UDP Query User{D03D9358-B9D6-479E-8A25-298BF9235D38}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{D70D5A58-70B3-4AA3-B263-82233A7E601B}D:\blubspace\blubspace.exe" = protocol=17 | dir=in | app=d:\blubspace\blubspace.exe | 
"UDP Query User{ECB3511D-A902-435D-AE13-A1340E50B54C}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{F1CFF249-E7B9-41B6-9067-120557E63C52}C:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\xampp\apache\bin\httpd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00610407-7C6C-486A-BB1D-80CEAC7E076B}" = Microsoft Visual Studio 2005 Professional Edition - DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DA6AADA-F91D-4852-946E-19AE6B8111FF}_is1" = shonkymaps
"{1DA750F9-797D-469C-A45C-215E656D7307}" = MSDN Library for Visual Studio 2005 - German
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43DDC07F-2867-4407-B4FF-28EB7BA6A846}" = Steganos Live Encryption Engine 15
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{488AB4C7-6D77-4435-BF9F-94611B851552}" = Microsoft SQL Server Native Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6E1EA9-4704-4750-868A-AEB398168DA6}" = Microsoft Document Explorer 2005 Language Pack - DEU
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6EF59C2E-E355-4AA8-B18A-3E19A7B8EDE9}" = UltraEdit 16.10
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{797A536D-7F3A-4FC8-94FB-B36E108BF33A}" = TheWesterner
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88F93A2E-A2F3-4C36-B3D3-EEB274AA2C1C}" = Microsoft Device Emulator Version 1.0 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{93FD6568-A974-4292-B02E-AA9D90AEC13B}" = RUNAWAY 2 - The dream of the turtle
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A6F6725C-12C3-42B5-9647-8668E1BEE2D2}" = Microsoft SQL Server 2005 Mobile [DEU] Developer Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}" = MySQL Connector/ODBC 3.51
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BBE45D37-2D2E-426F-8EF6-5075CE4D382B}" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"{C1A887F3-0A50-455C-9292-1988E1A209C1}" = Microsoft SQL Server VSS Writer
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 8.0 Professional Demo
"{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E435B765-A8C2-4DDA-BBFD-2FD08B50EADC}" = WinIQSIM
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15
"{F51BA406-C885-4163-A3E4-056F951DE2FE}" = SIMPLORER 7.0 Student Version
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"Blobby Volley 2.0 Alpha 6_is1" = Blobby Volley 2.0 Alpha 6
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CDex" = CDex extraction audio
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045" = HDAUDIO Soft Data Fax Modem with SmartCP
"Convert Image To PDF_is1" = Convert Image To PDF
"CSELITE65_is1" = CSE HTML Validator Lite v6.52
"CuteMAP" = CuteMAP 1.0
"Deluxe Menus Trial" = Deluxe Menus Trial
"Derive5" = Derive 5
"Deus Ex" = Deus Ex
"Diablo II" = Diablo II
"DMS-FTP V2" = DMS-FTP V2
"doxygen_is1" = doxygen 1.5.9
"EasyCash&Tax_is1" = EasyCash&Tax 1.35
"EAX Unified" = EAX Unified
"EditPlus 2" = EditPlus 2
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free Download Manager_is1" = Free Download Manager 2.5
"FWTools247" = FWTools 2.4.7
"Gish Demo_is1" = Gish Demo 1.52
"Google Updater" = Google Updater
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"GPG4Win" = GnuPG For Windows
"GSiteCrawler" = GSiteCrawler
"GyroMeter" = GyroMeter
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"iecollection_is1" = Internet Explorer Collection 1.4.0.2
"InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Lawicel canusb driver" = Lawicel canusb driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2005 Language Pack - DEU" = Microsoft Document Explorer 2005 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Language Pack - DEU" = Microsoft Visual J# 2.0 Redistributable Language Pack - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - DEU" = Microsoft Visual Studio 2005 Professional Edition - DEU
"Miranda IM" = Miranda IM 0.9.10
"mIRC" = mIRC
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Testversion)
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.4.9
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 2.0
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSDN Library für Visual Studio 2005 - Deutsch" = MSDN Library für Visual Studio 2005 - Deutsch
"MultipleIEs_is1" = MultipleIEs
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NHL 2000" = NHL 2000
"NuSphere PhpED_is1" = NuSphere PhpED version 5.0
"OpenAL" = OpenAL
"PHP Documentor_is1" = Php Documentor version 1.3.0 for NuSphere PhpED
"PHP_is1" = php-4.4.6 for NuSphere PhpED
"PHP5_is1" = php-5.2.1 for NuSphere PhpED
"POLYSTYLE_is1" = Polystyle 2.0zo (trial) for NuSphere PhpED
"PuTTY_is1" = PuTTY version 0.60
"QuickPar" = QuickPar 0.9
"Rainbow Sentinel Driver" = Sentinel System Driver
"RMX Automation" = RMX Automation (remove only)
"SmartFTP Client 2.5 Setup Files" = SmartFTP Client 2.5 Setup Files (remove only)
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Soldat_is1" = Soldat 1.4.2
"ST6UNST #1" = bbkCANCtrl
"ST6UNST #2" = bbkCANCtrl (c:\develop\CAN\CANio\activex\vb6\)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"TortoiseCVS_is1" = TortoiseCVS 1.10.9
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"Wascana C/C++ IDE for Windows" = Wascana C/C++ IDE for Windows
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"xampp" = XAMPP 1.5.3a
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape Streaming Services" = Octoshape Streaming Services
"QLandkarte GT" = QLandkarte GT (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.08.2008 06:13:53 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 31.08.2008 14:48:14 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 31.08.2008 16:02:21 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 01.09.2008 03:15:25 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 03.09.2008 05:03:33 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.09.2008 05:01:16 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.09.2008 15:45:29 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.09.2008 17:03:51 | Computer Name = FujitsuSiemensSi1520 | Source = WerSvc | ID = 5007
Description = 
 
[ OSession Events ]
Error - 09.07.2008 07:10:11 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2796
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 16.07.2008 16:01:50 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 496 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 25.02.2010 05:57:44 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2010 14:37:51 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 961
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 04.04.2010 09:17:16 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session 
lasted 2224 seconds with 1380 seconds of active time.  This session ended with a
 crash.
 
Error - 18.08.2010 05:40:26 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 246250
 seconds with 9840 seconds of active time.  This session ended with a crash.
 
Error - 14.10.2010 09:24:36 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 163599
 seconds with 7620 seconds of active time.  This session ended with a crash.
 
Error - 02.11.2010 15:11:17 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 302031
 seconds with 9840 seconds of active time.  This session ended with a crash.
 
Error - 06.11.2010 16:53:38 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79925
 seconds with 3000 seconds of active time.  This session ended with a crash.
 
Error - 11.11.2010 02:38:31 | Computer Name = FujitsuSiemensSi1520 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52380
 seconds with 4260 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.11.2010 10:41:32 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.11.2010 11:04:23 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.11.2010 11:06:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 14.11.2010 11:20:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 14.11.2010 11:27:01 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 14.11.2010 12:11:13 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 14.11.2010 12:35:11 | Computer Name = FujitsuSiemensSi1520 | Source = Service Control Manager | ID = 7031
Description = 
 
 
< End of report >
         

Geändert von Jonas66 (14.11.2010 um 21:11 Uhr) Grund: ergänzende Information

Alt 15.11.2010, 21:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Zitat:
[2010.11.05 20:51:33 | 003,903,424 | ---- | M] () -- C:\Users\***\Desktop\cofi.exe
Sag nicht du hast schon auf eigene Faust CF ausgeführt!
__________________

__________________

Alt 15.11.2010, 21:52   #3
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Nein, nur heruntergeladen, dann aber noch rechtzeitig die Warnung gelesen, es nicht ohne Anweisung auszuführen.

Kleiner Nachtrag zum PC-Verhalten, weiß nich ob es wichtig ist: Der "Gatewaydienst auf Anwendungsebene" verabschiedet sich ebenfalls ab und zu. Zudem funktionieren die tollen(?) Grafikeffekte von Vista nicht mehr und auch der Firefox sieht irgendwie altbacken aus.
__________________

Alt 15.11.2010, 22:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Zitat:
Datenbank Version: 5054

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

05.11.2010 23:32:25
Der letzte Vollscan ist ja schon etwas her - mach mal bitte einen neuen Vollscan mit malwarebytes, achte auf die Aktualisierung der Datenbank vorher!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2010, 22:20   #5
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Sorry, ich hab noch einen Vollscan-Log vergessen, den noch laufen lassen habe und der auch was gefunden hat.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5105

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

13.11.2010 17:12:25
mbam-log-2010-11-13 (17-12-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 487836
Laufzeit: 3 Stunde(n), 4 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
C:\Windows\Temp\ysin\setup.exe (Spyware.Passwords.XGen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Temp\ysin\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
         

Ich mache dann morgen nochmal einen Vollscan.


Alt 15.11.2010, 22:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Den Vollscan machen wir später eh nochmal, brauchst du jetzt nicht nochmal zu machen.

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
SRV - (AMService) -- C:\Windows\TEMP\ysin\setup.exe File not found
SRV - ({B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
SRV - ({1E4009C0-5F19-403F-B87270576C4E742B}) -- C:\Users\***\AppData\Local\Temp\D9D5.tmp File not found
DRV - (iMSPQMn) -- C:\Users\***\AppData\Local\Temp\iMSPQMn.sys File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2000.12.21 15:54:08 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2000.12.21 15:54:08 | 000,032,768 | R--- | M] ()
O33 - MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell - "" = AutoRun
O33 - MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029129-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell - "" = AutoRun
O33 - MountPoints2\{89029137-523e-11df-a898-001b24454c70}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\Shell\AutoRun\command - "" = F:\starter.exe -- File not found
[2010.10.31 14:31:30 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2010.10.31 14:29:42 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> ThinkPoint vollständig entfernt?

Alt 15.11.2010, 23:12   #7
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Das war unheimlich. OTL hat alle Prozesse gekillt, dann etwa 10 Minuten gewerkelt und mir anschließend mitgeteilt, dass zum vollständigen Löschen der Dateien ein Systemneustart notwendig ist. Das habe ich mit ok bestätigt. Der PC startete neu. Nach der Windows-Passworteingabe blieb der Bildschirm schwarz, aber ein Mauszeiger sichtbar. Taskmanager ließ sich auch aufrufen. Ich habe dann nochmal neu gestartet und beim Neustart den externen Monitor abgeschaltet. Diesmal wurde der Desktop wieder angezeigt und folgender Log geöffnet:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service AMService stopped successfully!
Service AMService deleted successfully!
File  C:\Windows\TEMP\ysin\setup.exe File not found not found.
Service {B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E} stopped successfully!
Service {B00E02E6-1FDA-4C40-A5B9529A6FBEFE1E} deleted successfully!
File  C:\Users\Jonas\AppData\Local\Temp\D9D5.tmp File not found not found.
Service {1E4009C0-5F19-403F-B87270576C4E742B} stopped successfully!
Service {1E4009C0-5F19-403F-B87270576C4E742B} deleted successfully!
File  C:\Users\Jonas\AppData\Local\Temp\D9D5.tmp File not found not found.
Service iMSPQMn stopped successfully!
Service iMSPQMn deleted successfully!
File  C:\Users\Jonas\AppData\Local\Temp\iMSPQMn.sys File not found not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd3502e-6609-11dc-865f-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73d6bb72-d01a-11dd-b7f7-0011e2fc3aa1}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290cd-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290cd-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290cd-523e-11df-a898-001b24454c70}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{890290f4-523e-11df-a898-0011e2fc3aa1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029129-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029129-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029129-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029129-523e-11df-a898-001b24454c70}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029137-523e-11df-a898-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029137-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89029137-523e-11df-a898-001b24454c70}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89029137-523e-11df-a898-001b24454c70}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e784292b-c29b-11dc-b24e-001b24454c70}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e784292b-c29b-11dc-b24e-001b24454c70}\ not found.
File F:\starter.exe not found.
C:\Windows\System32\temp.001 moved successfully.
C:\Windows\Setup1.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 1575835449 bytes
->Temporary Internet Files folder emptied: 145754240 bytes
->Java cache emptied: 16092021 bytes
->FireFox cache emptied: 104814774 bytes
->Flash cache emptied: 144728 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 232450293 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1543028192 bytes
RecycleBin emptied: 191291531 bytes
 
Total Files Cleaned = 3.633,00 mb
 
 
OTL by OldTimer - Version 3.2.17.2 log created on 11152010_234815

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Der Firefox sieht wieder wie früher aus und meine Festplatte bedankt sich schon mal mit deutlich mehr Platz.

Geändert von Jonas66 (15.11.2010 um 23:26 Uhr)

Alt 16.11.2010, 07:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2010, 09:01   #9
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



CCleaner habe ich mehrfach durchlaufen lassen, bis alle Registry-Probleme bereinigt waren. Combofix hat dann gemeldet, dass Rootkotaktivitäten im Boot-Sektor festgestellt wurden und neu gestartet werden muss. Nach dem Neustart kam nach wenigen Sekunden ein Bluescreen und der Computer startete neu. Ich habe es noch zwei Mal probiert und immer der Neustart nach ein paar Sekunden, unabhängig davon, ob ich das Passwort eingegeben habe oder nicht. Der Boot im abgesicherten Modus funktioniert noch. Was jetzt?

Alt 16.11.2010, 09:39   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Hast du das Log von CF da?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2010, 09:57   #11
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Nein, es wurde keine Datei C:\ComboFix.txt angelegt. Auch sonst gibt es nirgens eine ComboFix.txt. Es wurde lediglich ein Verzeichnis c:\cofi\ angelegt mit einem Haufen Dateien drin.

Alt 16.11.2010, 11:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Das ist sch...lecht. So kann ich nicht sehen was CF da gefixt hat. Der abgesicherte Modus geht aber der normale nicht?

Ein Versuch, es ging ja um den Bootsektor - Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2010, 22:19   #13
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Hab ich mit der bei meinem Computer mitgelieferten DVD gemacht, hat leider nichts gebracht, gleiches Verhalten.
Ein anderes OS habe ich nicht installiert.

Alt 16.11.2010, 23:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Die Befehle liefen aber einwandfrei durch?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2010, 23:03   #15
Jonas66
 
ThinkPoint vollständig entfernt? - Standard

ThinkPoint vollständig entfernt?



Ja, es kam jeweils nach ein paar Sekunden eine kürze Rückmeldung "Die Operation wurde ausgeführt" oder so ähnlich.

Antwort

Themen zu ThinkPoint vollständig entfernt?
0x00000001, 32 bit, ad-aware, ad.yieldmanager, antivir, avgntflt.sys, avira, backdoor.gbot, blockiert, bonjour, browser, computer, corp./icp, dropbox, dwm.exe, entfernen, entfernt?, error, excel, firefox, firefox.exe, flash player, free download, funktioniert nicht mehr, google, google earth, hijack.shell, home, home premium, iastor.sys, iexplore.exe, install.exe, joke.stressreducer, location, logfile, malware.packer, microsoft office word, nvstor.sys, oldtimer, otl logfile, otl.exe, programdata, pup.keylogger, saver, scan, sched.exe, searchplugins, security, senden, shell32.dll, skype.exe, software, start menu, studio, symantec, teamspeak, thinkpoint, updates, visual studio, vlc media player, windows, windows updates



Ähnliche Themen: ThinkPoint vollständig entfernt?


  1. crossbrowse u.ä. vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2015 (46)
  2. Adware nicht vollständig entfernt
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (13)
  3. PC Optimizer Pro vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (14)
  4. Windows 7: Lyrixeeker vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (27)
  5. GVU-Virus vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (18)
  6. GVU Trojaner - vollständig entfernt?
    Log-Analyse und Auswertung - 01.11.2012 (6)
  7. GVU-Trojaner - vollständig entfernt?
    Log-Analyse und Auswertung - 18.09.2012 (17)
  8. MyStart Incredibar vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 16.09.2012 (18)
  9. Incrdibar vollständig entfernt?
    Log-Analyse und Auswertung - 27.04.2012 (1)
  10. Windows Recovery - Vollständig entfernt?
    Log-Analyse und Auswertung - 04.05.2011 (9)
  11. TR/Dropper.Gen vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.01.2011 (6)
  12. Thinkpoint lt. Anleitung entfernt - Bin ich ihn wirklich los?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (3)
  13. ThinkPoint komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (18)
  14. Virus vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2010 (1)
  15. Virus entfernt vollständig?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2009 (6)
  16. Spylocked 3.3 vollständig entfernt?
    Log-Analyse und Auswertung - 19.04.2007 (15)
  17. Spyware vollständig entfernt???
    Log-Analyse und Auswertung - 01.03.2006 (12)

Zum Thema ThinkPoint vollständig entfernt? - Ich habe mir vor einigen Tagen den ThinkPoint eingefangen und ihm dann blöderweise auch erlaubt, sich auf meinem Rechner breit zu machen. Gemäß eurer Anleitung habe ich mit rkill und - ThinkPoint vollständig entfernt?...
Archiv
Du betrachtest: ThinkPoint vollständig entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.