Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.02.2011, 11:01   #1
Thormb
 
Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle - Standard

Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle



Guten Tag,

nachdem mein Laptop vom allseits bekannten "Systen Tool" befallen war habe ich dieses nach dieser Anleitung:

http://www.trojaner-board.de/92246-s...entfernen.html

entfernt und zeige euch nun meine Logfiles von Malwarebytes Anti Malware und OTL um zu prüfen ob mein System jetzt sauber ist.

Vielen Dank im Vorraus für eure Hilfe!

Mit freundlichen Grüßen
Thorben

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5825

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

21.02.2011 11:31:44
mbam-log-2011-02-21 (11-31-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152515
Laufzeit: 5 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\Users\Thorben\downloads\malwarebytes__anti-malware_1.46_final\malwarebytes' anti-malware 1.46 final\Keygen\mayday.exe (Dont.Steal.Our.Software.A) -> 3008 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kLoGaKd06504 (Trojan.FakeAlert) -> Value: kLoGaKd06504 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Thorben\downloads\malwarebytes__anti-malware_1.46_final\malwarebytes' anti-malware 1.46 final\Keygen\mayday.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
c:\programdata\klogakd06504\klogakd06504.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\jar_cache4473776011072701788.tmp (Rogue.Palladium) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\jar_cache5644550979477538453.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\jar_cache7869695794280854019.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\jar_cache8066247189194163086.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Zitat:
OTL Extras logfile created on: 21.02.2011 11:53:29 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Thorben\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,90 Gb Total Space | 10,47 Gb Free Space | 13,80% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 19,53 Gb Free Space | 13,19% Space Free | Partition Type: NTFS

Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0749E1E5-BD6B-474C-BD21-48891526113E}" = MAGIX Music Maker 17 Download-Version
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{300DFCBA-348B-4FD6-AE50-1D3CDFEE6314}" = MAGIX Speed burnR (MSI)
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{447E3935-A085-42D4-0001-8BE5E4034B40}" = freeTunes*3.0
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Bison WebCam
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F0EE12C-44B1-4FCB-87E3-4686C888774A}" = Hercules Classic Webcam Drivers
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{681F447D-49EC-4D5D-AE0A-145A8AA4E239}" = Nalu
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B593190B-F384-4DC3-BD20-E53931699250}" = XSign
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E04D1AC1-B3AF-4C1A-B7E0-B37A058271CE}" = MAGIX Screenshare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3D Mühle_is1" = 3D Mühle 2.1
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5644ABE56933E0164719C96F81859E74C1D14B2D" = Windows-Treiberpaket - SMSC (smscirrx) HIDClass (02/02/2007 6.1.6000.0)
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Akamai" = Akamai NetSession Interface
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bontago" = Bontago
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"ElsaWin" = ElsaWin
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"FrostWire" = FrostWire 4.21.3
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"JAFSetup" = JAF Setup
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_MSI_mm17" = MAGIX Music Maker 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia Ovi Suite" = Nokia Ovi Suite
"NSS" = NSS (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"Power Manager_is1" = Power Manager 2.1.7
"Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M230" = Pro/ENGINEER Mechanica Release Wildfire 3.0 Datecode M230
"Pro/ENGINEER Release Wildfire 3.0 Datecode M230" = Pro/ENGINEER Release Wildfire 3.0 Datecode M230
"PSPad editor_is1" = PSPad editor
"Schiffe-versenken_is1" = Schiffe-versenken 3.0.1
"STvcard gold_is1" = STvcard 4.0.0 gold
"TuneClone_is1" = TuneClone 1.40
"TVUPlayer" = TVUPlayer 2.5.3.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WebcamMax" = WebcamMax
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.02.2011 23:40:32 | Computer Name = Thorben-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 20.02.2011 18:58:47 | Computer Name = Thorben-PC | Source = VSGATE | ID = 1
Description =

Error - 20.02.2011 18:58:49 | Computer Name = Thorben-PC | Source = VSGATE | ID = 1
Description =

Error - 20.02.2011 19:03:18 | Computer Name = Thorben-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 20.02.2011 19:03:18 | Computer Name = Thorben-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error - 20.02.2011 19:03:18 | Computer Name = Thorben-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error - 20.02.2011 22:52:43 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17d8 Startzeit:
01cbd151f80cbe60 Endzeit: 14 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
a605cc81-3d65-11e0-b3fc-c941ef02726f

Error - 21.02.2011 06:45:43 | Computer Name = Thorben-PC | Source = SignInAssistant | ID = 0
Description =

Error - 21.02.2011 06:52:24 | Computer Name = Thorben-PC | Source = VSGATE | ID = 1
Description =

Error - 21.02.2011 06:52:27 | Computer Name = Thorben-PC | Source = VSGATE | ID = 1
Description =

[ System Events ]
Error - 03.02.2011 10:56:50 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "KMService" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 03.02.2011 10:57:10 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TOSHIBA Bluetooth Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 03.02.2011 13:16:00 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 04.02.2011 13:48:30 | Computer Name = Thorben-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 04.02.2011 13:48:31 | Computer Name = Thorben-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 04.02.2011 13:48:31 | Computer Name = Thorben-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 04.02.2011 13:48:32 | Computer Name = Thorben-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 05.02.2011 02:55:08 | Computer Name = Thorben-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 05.02.2011 11:26:40 | Computer Name = Thorben-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 06.02.2011 10:19:40 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.


< End of report >
Zitat:
OTL logfile created on: 21.02.2011 11:53:29 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Thorben\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,90 Gb Total Space | 10,47 Gb Free Space | 13,80% Space Free | Partition Type: NTFS
Drive E: | 148,09 Gb Total Space | 19,53 Gb Free Space | 13,19% Space Free | Partition Type: NTFS

Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Thorben\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\TuneClone\TuneClone.exe (TuneClone.COM)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\ElsaWin\bin\VSGate.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG)
PRC - C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
PRC - C:\Programme\Power Manager\PM.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Thorben\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (VSGate) -- C:\ElsaWin\bin\VSGate.exe (Volkswagen AG)
SRV - (LcSvrAdm) -- C:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG)
SRV - (LcSvrHis) -- C:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG)
SRV - (LcSvrSaz) -- C:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG)
SRV - (LcSvrAuf) -- C:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG)
SRV - (LcSvrPAS) -- C:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG)
SRV - (LcSvrDba) -- C:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\system32\DRIVERS\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (tclondrv) -- C:\Windows\system32\DRIVERS\tclondrv.sys (TuneClone Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NSHE) -- C:\Windows\System32\drivers\NSHE.SYS (T0r0 2008)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (vserial) -- C:\Windows\System32\drivers\vserial.sys ()
DRV - (vsbus) -- C:\Windows\System32\drivers\vsb.sys ()
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (smscirrx) -- C:\Windows\System32\drivers\smscirrx.sys (SMSC)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (PRODIGY) -- C:\Windows\System32\drivers\prodigy.sys (B-phreaks)
DRV - (ovt530) -- C:\Windows\System32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 20 43 FD 67 CB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {75e19832-90c0-4553-91a0-e5d0ac5d99fd}:1.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {51154b97-c607-43f0-ad88-dda01a32a1e3}:9.1.50.18
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..network.proxy.http: "199.105.112.170"
FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.06 08:37:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.16 11:23:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.16 11:23:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.06 08:37:29 | 000,000,000 | ---D | M]

[2010.07.27 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions
[2011.02.21 00:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions
[2010.11.22 00:11:07 | 000,000,000 | ---D | M] (ProductView Version Checker) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\{51154b97-c607-43f0-ad88-dda01a32a1e3}
[2010.07.28 00:37:36 | 000,000,000 | ---D | M] ("Controle de Scripts") -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\{75e19832-90c0-4553-91a0-e5d0ac5d99fd}
[2010.08.08 14:54:02 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.01.07 15:49:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.16 00:58:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.11 19:12:37 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\ojk8uz7e.default\extensions\firefox@tvunetworks.com
[2011.02.21 00:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.28 21:45:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.08.05 23:44:58 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.02.21 11:29:51 | 000,001,796 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BisonAPP] C:\Windows\BisonCam\BisonAPP.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe (TuneClone.COM)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.21 11:47:43 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe
[2011.02.21 03:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\kLoGaKd06504
[2011.02.16 20:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011.02.16 20:00:57 | 000,000,000 | ---D | C] -- C:\Programme\Free M4a to MP3 Converter
[2011.02.16 13:55:57 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Engelmann Media
[2011.02.16 13:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engelmann Media
[2011.02.16 13:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Engelmann Media
[2011.02.16 13:55:18 | 000,000,000 | ---D | C] -- C:\Programme\Engelmann Media
[2011.02.16 13:55:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HDX4
[2011.02.16 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone
[2011.02.16 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.02.16 13:36:07 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\My Music
[2011.02.16 13:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneClone
[2011.02.16 13:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneClone
[2011.02.16 13:35:29 | 000,020,352 | ---- | C] (TuneClone Software) -- C:\Windows\System32\drivers\tclondrv.sys
[2011.02.16 13:35:28 | 000,000,000 | ---D | C] -- C:\Programme\TuneClone
[2011.02.16 11:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.02.16 11:24:48 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.02.16 11:23:57 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.02.16 11:23:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.02.16 11:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.02.16 11:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.02.16 11:22:59 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.02.16 11:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.02.16 11:22:08 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.02.15 11:11:40 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Desktop\fz3-12977646993000
[2011.02.15 11:10:23 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\FileZilla
[2011.02.15 11:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.02.15 11:10:16 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2011.02.14 02:03:11 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\FrostWire
[2011.02.14 01:35:22 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Incomplete
[2011.02.14 01:35:12 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\FrostWire
[2011.02.14 01:34:50 | 000,000,000 | ---D | C] -- C:\Programme\FrostWire
[2011.02.13 11:42:30 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Malwarebytes
[2011.02.13 11:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.13 11:41:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.13 11:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.13 11:41:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.13 11:41:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.13 11:40:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Thorben\Desktop\herbert.exe
[2011.02.13 11:36:40 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.02.13 03:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eJdMpLl06504
[2011.02.09 03:29:27 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ODEON
[2011.02.09 03:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODEON
[2011.02.09 03:27:52 | 000,000,000 | ---D | C] -- C:\Programme\ODEON
[2011.02.09 02:47:57 | 000,032,377 | ---- | C] (B-phreaks) -- C:\Windows\System32\drivers\prodigy.sys
[2011.02.09 02:47:57 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NSS
[2011.02.09 02:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[2011.02.09 02:47:52 | 000,000,000 | ---D | C] -- C:\Programme\NSS
[2011.02.09 02:00:18 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Desktop\c6cfw
[2011.02.04 03:17:19 | 000,000,000 | ---D | C] -- C:\Users\Thorben\.pdfsam
[2011.02.04 03:02:28 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2011.02.04 03:02:26 | 000,000,000 | ---D | C] -- C:\Programme\pdfsam
[2011.02.02 09:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011.02.02 04:54:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Control Panels
[2011.02.02 04:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011.01.30 23:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor
[2011.01.30 23:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011.01.30 23:12:13 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2011.01.30 12:08:35 | 000,000,000 | ---D | C] -- C:\Users\Thorben\eclipse film
[2011.01.30 12:03:56 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\NVIDIA
[2011.01.30 12:03:56 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\DVDFab
[2011.01.30 12:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8
[2011.01.30 12:00:55 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 8
[2011.01.29 19:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.01.29 19:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2011.01.29 19:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011.01.29 19:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.01.29 19:35:27 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft

========== Files - Modified Within 30 Days ==========

[2011.02.21 11:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.21 11:52:01 | 2415,120,384 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.21 11:29:51 | 000,001,796 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.21 00:03:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.21 00:03:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.21 00:03:22 | 002,005,378 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.21 00:03:22 | 001,018,382 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.21 00:03:22 | 000,559,838 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.21 00:03:22 | 000,494,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.16 20:01:02 | 000,001,027 | ---- | M] () -- C:\Users\Thorben\Desktop\Free M4a to MP3 Converter.lnk
[2011.02.16 20:01:02 | 000,001,022 | ---- | M] () -- C:\Users\Thorben\Desktop\My Music Tools.lnk
[2011.02.16 19:12:44 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI
[2011.02.16 19:11:44 | 001,186,862 | ---- | M] () -- C:\Users\Thorben\Desktop\jessi lisa alex.jpg
[2011.02.16 13:55:26 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\freeTunes 3.lnk
[2011.02.16 13:35:54 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\TuneClone.lnk
[2011.02.15 11:13:26 | 000,441,325 | ---- | M] () -- C:\Users\Thorben\Desktop\Versuche_Aerodynamik_10.11.2010.pptx
[2011.02.15 11:10:21 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.02.13 11:55:19 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.13 11:40:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Thorben\Desktop\herbert.exe
[2011.02.13 11:37:30 | 000,721,199 | ---- | M] () -- C:\Users\Thorben\Desktop\iExplore.exe
[2011.02.13 04:29:52 | 277,826,359 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.13 04:28:08 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011.02.12 09:56:23 | 003,289,657 | ---- | M] () -- C:\Users\Thorben\Desktop\kennzeichen lkw.psd
[2011.02.12 09:55:39 | 004,072,295 | ---- | M] () -- C:\Users\Thorben\Desktop\schild lkw.psd
[2011.02.12 09:51:03 | 003,175,286 | ---- | M] () -- C:\Users\Thorben\Desktop\kennzeichen petra.psd
[2011.02.12 09:50:16 | 003,307,341 | ---- | M] () -- C:\Users\Thorben\Desktop\kennzeichen holger.psd
[2011.02.12 09:49:44 | 003,306,983 | ---- | M] () -- C:\Users\Thorben\Desktop\kennzeichen papa.psd
[2011.02.12 09:49:19 | 003,257,697 | ---- | M] () -- C:\Users\Thorben\Desktop\kennzeichen Thorben.psd
[2011.02.10 01:53:03 | 000,004,005 | ---- | M] () -- C:\Users\Thorben\Desktop\94887783947ffa3845125f.jpg
[2011.02.09 12:22:05 | 000,001,119 | ---- | M] () -- C:\Users\Thorben\Desktop\OGM_JAF_PKEY_Emulator_v 5.exe - Verknüpfung.lnk
[2011.02.09 03:29:27 | 000,001,944 | ---- | M] () -- C:\Users\Thorben\Desktop\Launch JAF COM Emulator.lnk
[2011.02.09 03:29:27 | 000,001,909 | ---- | M] () -- C:\Users\Thorben\Desktop\Launch JAF Logger.lnk
[2011.02.09 03:29:27 | 000,001,863 | ---- | M] () -- C:\Users\Thorben\Desktop\Launch JAF.lnk
[2011.02.09 03:10:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011.02.09 02:47:58 | 000,001,064 | ---- | M] () -- C:\Users\Thorben\Desktop\F1Upgrade.lnk
[2011.02.09 02:47:58 | 000,000,967 | ---- | M] () -- C:\Users\Thorben\Desktop\NSS.lnk
[2011.02.05 15:21:52 | 000,021,154 | ---- | M] () -- C:\Users\Thorben\Desktop\Alex und Laura Bierboerse2.jpg
[2011.02.05 15:18:51 | 000,035,994 | ---- | M] () -- C:\Users\Thorben\Desktop\Alex und Laura Bierboerse.jpg
[2011.01.30 23:13:12 | 000,001,115 | ---- | M] () -- C:\Users\Thorben\Desktop\Foxit PDF Editor.lnk
[2011.01.30 23:12:34 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.30 12:01:01 | 000,000,957 | ---- | M] () -- C:\Users\Thorben\Desktop\DVDFab 8.lnk
[2011.01.29 19:46:43 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.01.29 19:36:22 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2011.01.29 19:35:36 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.01.26 05:58:47 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2011.02.16 20:01:02 | 000,001,027 | ---- | C] () -- C:\Users\Thorben\Desktop\Free M4a to MP3 Converter.lnk
[2011.02.16 20:01:02 | 000,001,022 | ---- | C] () -- C:\Users\Thorben\Desktop\My Music Tools.lnk
[2011.02.16 19:11:33 | 001,186,862 | ---- | C] () -- C:\Users\Thorben\Desktop\jessi lisa alex.jpg
[2011.02.16 13:55:26 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\freeTunes 3.lnk
[2011.02.16 13:35:54 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\TuneClone.lnk
[2011.02.15 11:13:24 | 000,441,325 | ---- | C] () -- C:\Users\Thorben\Desktop\Versuche_Aerodynamik_10.11.2010.pptx
[2011.02.15 11:10:21 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.02.13 11:44:31 | 000,000,130 | ---- | C] () -- C:\Users\Thorben\Desktop\hosts-perm.bat
[2011.02.13 11:41:52 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.13 11:37:25 | 000,721,199 | ---- | C] () -- C:\Users\Thorben\Desktop\iExplore.exe
[2011.02.13 04:28:08 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011.02.10 01:53:02 | 000,004,005 | ---- | C] () -- C:\Users\Thorben\Desktop\94887783947ffa3845125f.jpg
[2011.02.09 12:22:05 | 000,001,119 | ---- | C] () -- C:\Users\Thorben\Desktop\OGM_JAF_PKEY_Emulator_v 5.exe - Verknüpfung.lnk
[2011.02.09 03:29:27 | 000,001,944 | ---- | C] () -- C:\Users\Thorben\Desktop\Launch JAF COM Emulator.lnk
[2011.02.09 03:29:27 | 000,001,909 | ---- | C] () -- C:\Users\Thorben\Desktop\Launch JAF Logger.lnk
[2011.02.09 03:29:27 | 000,001,863 | ---- | C] () -- C:\Users\Thorben\Desktop\Launch JAF.lnk
[2011.02.09 03:10:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011.02.09 02:47:58 | 000,001,064 | ---- | C] () -- C:\Users\Thorben\Desktop\F1Upgrade.lnk
[2011.02.09 02:47:58 | 000,000,967 | ---- | C] () -- C:\Users\Thorben\Desktop\NSS.lnk
[2011.02.07 01:12:08 | 003,307,341 | ---- | C] () -- C:\Users\Thorben\Desktop\kennzeichen holger.psd
[2011.02.07 01:11:26 | 003,175,286 | ---- | C] () -- C:\Users\Thorben\Desktop\kennzeichen petra.psd
[2011.02.07 01:08:49 | 004,072,295 | ---- | C] () -- C:\Users\Thorben\Desktop\schild lkw.psd
[2011.02.07 00:47:39 | 003,289,657 | ---- | C] () -- C:\Users\Thorben\Desktop\kennzeichen lkw.psd
[2011.02.07 00:47:05 | 003,306,983 | ---- | C] () -- C:\Users\Thorben\Desktop\kennzeichen papa.psd
[2011.02.07 00:46:44 | 003,257,697 | ---- | C] () -- C:\Users\Thorben\Desktop\kennzeichen Thorben.psd
[2011.02.05 15:21:50 | 000,021,154 | ---- | C] () -- C:\Users\Thorben\Desktop\Alex und Laura Bierboerse2.jpg
[2011.02.05 15:18:50 | 000,035,994 | ---- | C] () -- C:\Users\Thorben\Desktop\Alex und Laura Bierboerse.jpg
[2011.01.30 23:13:12 | 000,001,115 | ---- | C] () -- C:\Users\Thorben\Desktop\Foxit PDF Editor.lnk
[2011.01.30 23:12:34 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.30 12:01:01 | 000,000,957 | ---- | C] () -- C:\Users\Thorben\Desktop\DVDFab 8.lnk
[2011.01.29 19:37:40 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.01.29 19:36:22 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2011.01.29 19:35:36 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.11.29 15:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2010.11.26 16:07:19 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2010.11.23 08:49:46 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2010.11.22 10:31:34 | 000,001,456 | ---- | C] () -- C:\Users\Thorben\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.11.18 09:06:46 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2010.11.17 07:50:49 | 000,000,556 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 01:33:25 | 000,063,488 | ---- | C] () -- C:\Windows\System32\EZTW32.DLL
[2010.08.09 14:05:53 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.08.09 13:38:11 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.07.28 00:19:37 | 000,008,704 | ---- | C] () -- C:\Users\Thorben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.06.23 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.12 15:09:06 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.08.31 13:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2009.08.16 09:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.23 23:29:16 | 000,047,744 | ---- | C] () -- C:\Windows\System32\drivers\vserial.sys
[2008.07.23 23:29:16 | 000,015,264 | ---- | C] () -- C:\Windows\System32\drivers\vsb.sys
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.06.30 23:44:59 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2006.02.23 17:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll
[2006.02.23 16:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll
[2006.02.23 16:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll
[2006.02.23 16:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll
[2006.02.23 16:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll
[2006.02.23 16:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll
[2006.02.23 16:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll
[2006.02.23 16:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll
[2006.02.23 16:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll
[2006.02.23 16:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.02.23 16:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll
[2006.02.23 16:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE

< End of report >

Alt 21.02.2011, 11:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle - Standard

Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle



Zitat:
c:\Users\Thorben\downloads\malwarebytes__anti-malware_1.46_final\malwarebytes' anti-malware 1.46 final\Keygen\mayday.exe


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!
__________________

__________________

Antwort

Themen zu Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle
7-zip, adblock, akamai, alternate, audacity, avgntflt.sys, avira, bho, browser, conduit, converter, corp./icp, document, downloader, error, excel, excel.exe, fehler, flash player, fontcache, format, ftp, gerätetreiber, helper, home, indesign, install.exe, installation, jar_cache, jdownloader, keygen, langs, launch, location, microsoft office word, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, programdata, programm, realtek, registry, rundll, saver, schattenkopien, sched.exe, searchplugins, security, senden, server, shell32.dll, sptd.sys, start menu, taskhost.exe, webcheck, youtube downloader



Ähnliche Themen: Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle


  1. Windows 8.1 PUP.Optional.RGMUpdater.A Meldungen - Logfiles hier
    Log-Analyse und Auswertung - 07.01.2015 (8)
  2. hier der log von Farbar Recovery Scan Tool
    Mülltonne - 08.05.2014 (1)
  3. bizcoaching und buildathome pop ups...Logfiles zur Kontrolle
    Log-Analyse und Auswertung - 18.07.2013 (13)
  4. Trojaner TR/Reveton.R.240 und Trojan.Agent.Gen gefunden ... hier die Logfiles
    Log-Analyse und Auswertung - 13.05.2013 (9)
  5. Bundestrojaner oder Ähnliches, hier OTL-Logfiles
    Log-Analyse und Auswertung - 31.08.2012 (1)
  6. Ukash Verschlüsselungstrojaner hier: logfiles
    Log-Analyse und Auswertung - 03.06.2012 (5)
  7. thealltimes.com entfernt logfiles prüfen
    Log-Analyse und Auswertung - 05.03.2012 (1)
  8. Suche ein Tool welches ich vor jahren hier gefunden habe.
    Diskussionsforum - 04.03.2012 (4)
  9. RiskWare.Tool.CK in ..sytem volume information..
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (0)
  10. Ist System Tool vom PC entfernt?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (36)
  11. System Tool entfernt- und nun ?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2011 (20)
  12. Antivir Solution Pro, Fraud.Sysguard entfernt nach Anleitung - nun Kontrolle
    Log-Analyse und Auswertung - 31.07.2010 (46)
  13. Logfiles - Tool.EmailCracker und Ähnliches gefunden
    Log-Analyse und Auswertung - 30.06.2010 (19)
  14. Bitte um Kontrolle meines LogFiles wegen Verdacht auf Virus befall
    Log-Analyse und Auswertung - 02.08.2009 (15)
  15. Bitte um Kontrolle meines Logfiles nach Portschliessung
    Log-Analyse und Auswertung - 30.12.2007 (2)
  16. SpyAxe besiegt? Hier die Logfiles:
    Plagegeister aller Art und deren Bekämpfung - 13.12.2005 (4)
  17. Bitte um Kontrolle des Logfiles
    Log-Analyse und Auswertung - 28.06.2004 (14)

Zum Thema Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle - Guten Tag, nachdem mein Laptop vom allseits bekannten "Systen Tool" befallen war habe ich dieses nach dieser Anleitung: http://www.trojaner-board.de/92246-s...entfernen.html entfernt und zeige euch nun meine Logfiles von Malwarebytes Anti Malware - Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle...
Archiv
Du betrachtest: Sytem Tool Entfernt! Hier nun die Logfiles zur Kontrolle auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.