Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Festplatte beschädigt, Probleme mit dem IDE/SATA

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.06.2011, 23:56   #16
kira
/// Helfer-Team
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Zitat:
Zitat von Jonzi Beitrag anzeigen
jBringt es was die Programme aus den Ordnern herauszukopieren? Kann ich noch irgendetwas tun?
geht es mit Rechtsklick-> Freigabe, kopieren, Ausschneiden, Senden, Umbenennen etc?
nachgucken:
Zitat:
Rechtsklick auf die Taskleiste Eigenschaften-> im Reiter das Startmenü -> auf Anpassen klicken-> " als Verknüpfung anzeigen" gesetzt ist?

1.
wird ungefragt (mit)installiert, kannst deinstallieren braucht kein Mensch:
Code:
ATTFilter
Conduit Engine
         
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=102871&l=dis&gct=hp
IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q="
[2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com
[2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar
[2011/05/20 17:44:08 | 000,002,399 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml
[2010/10/19 21:28:08 | 000,000,927 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml
[2010/11/05 02:12:51 | 000,001,583 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
[2011/06/01 13:41:11 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | -H-- | M] () -- C:\ProgramData\26795768
[2010/11/16 01:19:15 | 000,004,151 | -H-- | C] () -- C:\ProgramData\ojobkspa.ako
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
:Commands
[purity]
[REBOOT]
         
4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (08.06.2011 um 00:29 Uhr)

Alt 09.06.2011, 15:21   #17
Jonzi
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Mmh also die Programme kommen nicht wieder. Vielleicht fehlt mir da auch grad das Verständnis inwiefern ich die irgendwohin kopieren könnte oder umbennen soll. Kann zumindest eine Verknüpgung erstellen und somit vom Desktop zugreifen. Leider sind sie dadurch noch nicht in den Ordnern im Startmenü.

zu 1.:

Conduit Engine ist deinstalliert.

zu 2.:

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\windows\system32>C:\mbr.log
Der Befehl "C:\mbr.log" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.

C:\windows\system32>
C:\windows\system32>C:\mbr.log & C:\mbr.log
Der Befehl "C:\mbr.log" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.
Der Befehl "C:\mbr.log" ist entweder falsch geschrieben oder
konnte nicht gefunden werden.

C:\windows\system32>mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer
.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AJ1 -> Harddisk0\DR0 -> \Device\Ide\IAAStor
ageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Ma
nager driver
1 nt!IofCallDriver[0x8347FED0] -> \Device\Harddisk0\DR0[0x87154A38]
3 CLASSPNP[0x8C60B59E] -> nt!IofCallDriver[0x8347FED0] -> \Device\Ide\IAAStorage
Device-1[0x86354028]
kernel: MBR read successfully
user & kernel MBR OK

C:\windows\system32>C:\mbr.logCCCC

Meinst du das?

zu 3.:

siehe bitte Anhang.

zu 4.:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/9/2011 3:10:39 PM - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Jonsche\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.27% Memory free
5.93 Gb Paging File | 3.78 Gb Available in Paging File | 63.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.56 Gb Total Space | 43.26 Gb Free Space | 47.77% Space Free | Partition Type: NTFS
Drive D: | 192.43 Gb Total Space | 19.57 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
 
Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/06/02 16:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jonsche\Downloads\OTL(1).exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 21:55:08 | 002,301,752 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2011/05/23 17:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/15 11:53:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 18:41:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 21:52:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2010/03/25 19:22:06 | 003,622,912 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/06/02 16:27:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jonsche\Downloads\OTL(1).exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/06 20:49:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 18:41:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 21:52:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/28 04:10:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 19:22:06 | 003,622,912 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/16 21:52:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\AntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\AntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/06 06:07:10 | 009,923,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=102871&l=dis&gct=hp
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com?o=102871&l=dis&gct=hp"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 15:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 11:53:25 | 000,000,000 | ---D | M]
 
[2010/04/03 14:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Extensions
[2011/05/26 20:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar
[2011/05/20 17:44:08 | 000,002,399 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml
[2010/10/19 21:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml
[2010/11/05 02:12:51 | 000,001,583 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JONSCHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCYARZGS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/15 11:53:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/15 11:53:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/15 11:53:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/15 11:53:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/15 11:53:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/15 11:53:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/15 11:53:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: x - C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/03 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/03 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/03 14:54:02 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\Desktop\hjt
[2011/06/02 15:49:37 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:54:13 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/01 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/01 19:12:28 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Malwarebytes
[2011/06/01 19:12:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/01 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/01 19:12:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/01 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\dvdcss
[2011/06/01 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/28 18:33:20 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\go
[2011/05/28 18:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/25 19:16:29 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/05/14 20:12:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/12 19:04:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/12 19:04:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 18:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/10 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/10 18:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/09 14:48:18 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2011/06/09 14:14:12 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 14:03:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:42:31 | 000,000,478 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Jonsche.job
[2011/06/08 15:14:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 14:37:18 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 17:23:09 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/06/07 17:23:09 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/07 17:23:09 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/06/07 17:23:09 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/03 15:11:15 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/02 15:49:37 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | M] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | M] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\26795768
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/28 18:33:20 | 000,001,656 | ---- | M] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/05/20 18:09:53 | 000,015,669 | ---- | M] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/09 14:49:24 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011/06/03 15:11:15 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/03 14:05:35 | 000,002,821 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 10.lnk
[2011/06/03 14:05:35 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\James Bond 007(TM) - Blood Stone.lnk
[2011/06/03 14:05:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2011/06/03 14:05:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2011/06/03 14:05:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/06/03 14:05:35 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:05:35 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/03 14:05:35 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk
[2011/06/03 14:05:35 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/06/03 14:05:35 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\User Guide.lnk
[2011/06/03 14:05:35 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk
[2011/06/03 14:05:35 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\Traktor.lnk
[2011/06/03 14:05:34 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk
[2011/06/03 14:05:34 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/03 14:05:34 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011/06/01 19:51:12 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | C] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | C] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | C] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\26795768
[2011/05/28 18:33:20 | 000,001,686 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 18:33:20 | 000,001,656 | ---- | C] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/20 18:09:52 | 000,015,669 | ---- | C] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/01/23 15:07:06 | 000,000,168 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJr
[2011/01/23 15:07:05 | 000,000,272 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJ
[2011/01/23 15:05:59 | 000,000,344 | ---- | C] () -- C:\ProgramData\3qHDVSBfJ
[2011/01/22 06:58:30 | 000,016,897 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\4F66.931
[2010/11/16 01:19:15 | 000,004,151 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010/11/12 19:12:54 | 000,032,523 | ---- | C] () -- C:\windows\SGTBoxf.INI
[2010/08/19 12:27:24 | 000,000,197 | ---- | C] () -- C:\windows\XLKG_Fr.ini
[2010/04/26 00:30:54 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/08 20:18:03 | 000,023,552 | ---- | C] () -- C:\Users\Jonsche\AppData\Local\WebpageIcons.db
[2010/04/03 11:36:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/04/03 11:21:18 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 19:37:24 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 19:37:23 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 19:37:23 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 19:37:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 02:36:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,440,816 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
 
========== LOP Check ==========
 
[2010/04/03 14:52:50 | 000,000,000 | -HSD | M] -- C:\Users\Jonsche\AppData\Roaming\.#
[2011/03/25 02:15:58 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Camfrog
[2011/05/02 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/28 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\go
[2011/06/01 15:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\gtk-2.0
[2010/05/22 00:23:50 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Hardcore
[2010/11/16 01:19:18 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\MOVAVI
[2010/05/23 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Propellerhead Software
[2010/04/08 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\TuneUp Software
[2011/04/26 17:32:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---

[/Code]

und

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/9/2011 3:10:39 PM - Run 3
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Jonsche\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.27% Memory free
5.93 Gb Paging File | 3.78 Gb Available in Paging File | 63.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.56 Gb Total Space | 43.26 Gb Free Space | 47.77% Space Free | Partition Type: NTFS
Drive D: | 192.43 Gb Total Space | 19.57 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
 
Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EED4E76-6A8D-4A43-9049-F08F029B9B51}" = Movavi Video Converter 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon ScanGear Toolbox FAU" = Canon ScanGear Toolbox FAU 2.5
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Expresskurs Französisch" = Expresskurs Französisch
"FL Studio 9" = FL Studio 9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"xxx" = xxx
"Google Chrome" = Google Chrome
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NSS" = Norton Security Scan
"Numark Cue LE (Atomix Productions)" = Numark Cue LE (Atomix Productions)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"Reason4Demo_is1" = Reason Demo 4.0.1
"RocketDock_is1" = RocketDock 1.3.5
"Sakura" = Sakura
"Sawer" = Sawer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 50280" = Mafia II - Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"VLMC" = VideoLAN Movie Creator
"VueScan" = VueScan
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/3/2011 1:46:33 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7098
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8143
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9157
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9157
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10155
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10155
 
[ System Events ]
Error - 6/6/2011 7:29:44 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/6/2011 7:29:44 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/6/2011 2:47:26 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/6/2011 2:47:26 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/6/2011 2:50:43 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 6/6/2011 2:50:43 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 6/7/2011 2:40:12 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/7/2011 2:40:12 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/8/2011 8:37:29 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/8/2011 8:37:29 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---

[/Code]

Ich hoffe das bringt was!
Angehängte Dateien
Dateityp: txt OTL.Txt (66,2 KB, 173x aufgerufen)
__________________


Alt 09.06.2011, 15:43   #18
kira
/// Helfer-Team
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Zitat:
Zitat von Jonzi Beitrag anzeigen
Kann zumindest eine Verknüpgung erstellen und somit vom Desktop zugreifen. Leider sind sie dadurch noch nicht in den Ordnern im Startmenü.
Ziehe die ausgewählte Verknüpfung mit der Maus auf das Vista Icon/Startsymbol einfach rein. Lass dann die Maus einfach dort los und schaue nach, ob das Programm im Startmenü vorhanden ist und ob funktioniert?

zu Punk 3. - Ergebnis des OTL-Fixes bitte posten

zu Punkt 4. - mit Datum etwas stimmt nicht... erstelle bitte ein neues logfile:
Wichtig!:
alle Anwendungn mit Rchtsklick als Administrator ausführen!
__________________
__________________

Geändert von kira (09.06.2011 um 15:53 Uhr)

Alt 09.06.2011, 15:52   #19
Jonzi
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/9/2011 2:59:27 PM - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Jonsche\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 41.53% Memory free
5.93 Gb Paging File | 3.78 Gb Available in Paging File | 63.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.56 Gb Total Space | 43.26 Gb Free Space | 47.77% Space Free | Partition Type: NTFS
Drive D: | 192.43 Gb Total Space | 19.57 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
 
Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jonsche\Downloads\OTL(1).exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - D:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jonsche\Downloads\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASKUTIL) -- D:\Program Files\AntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- D:\Program Files\AntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=102871&l=dis&gct=hp
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com?o=102871&l=dis&gct=hp"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 15:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 11:53:25 | 000,000,000 | ---D | M]
 
[2010/04/03 14:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Extensions
[2011/05/26 20:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar
[2011/05/20 17:44:08 | 000,002,399 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml
[2010/10/19 21:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml
[2010/11/05 02:12:51 | 000,001,583 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JONSCHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCYARZGS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/15 11:53:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/15 11:53:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/15 11:53:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/15 11:53:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/15 11:53:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/15 11:53:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/15 11:53:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/03 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/03 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/03 14:54:02 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\Desktop\hjt
[2011/06/02 15:49:37 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:54:13 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/01 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/01 19:12:28 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Malwarebytes
[2011/06/01 19:12:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/01 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/01 19:12:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/01 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\dvdcss
[2011/06/01 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/28 18:33:20 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\go
[2011/05/28 18:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/25 19:16:29 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/05/14 20:12:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/12 19:04:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/12 19:04:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 18:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/10 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/10 18:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/09 14:48:18 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2011/06/09 14:14:12 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 14:03:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:42:31 | 000,000,478 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Jonsche.job
[2011/06/08 15:14:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 14:37:18 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 17:23:09 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/06/07 17:23:09 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/07 17:23:09 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/06/07 17:23:09 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/03 15:11:15 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/02 15:49:37 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | M] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | M] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\26795768
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/28 18:33:20 | 000,001,656 | ---- | M] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/05/20 18:09:53 | 000,015,669 | ---- | M] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/09 14:49:24 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011/06/03 15:11:15 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/03 14:05:35 | 000,002,821 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 10.lnk
[2011/06/03 14:05:35 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\James Bond 007(TM) - Blood Stone.lnk
[2011/06/03 14:05:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2011/06/03 14:05:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2011/06/03 14:05:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/06/03 14:05:35 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:05:35 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/03 14:05:35 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk
[2011/06/03 14:05:35 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/06/03 14:05:35 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\User Guide.lnk
[2011/06/03 14:05:35 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk
[2011/06/03 14:05:35 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\Traktor.lnk
[2011/06/03 14:05:34 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk
[2011/06/03 14:05:34 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/03 14:05:34 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011/06/01 19:51:12 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | C] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | C] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | C] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\26795768
[2011/05/28 18:33:20 | 000,001,686 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 18:33:20 | 000,001,656 | ---- | C] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/20 18:09:52 | 000,015,669 | ---- | C] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/01/23 15:07:06 | 000,000,168 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJr
[2011/01/23 15:07:05 | 000,000,272 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJ
[2011/01/23 15:05:59 | 000,000,344 | ---- | C] () -- C:\ProgramData\3qHDVSBfJ
[2011/01/22 06:58:30 | 000,016,897 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\4F66.931
[2010/11/16 01:19:15 | 000,004,151 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010/11/12 19:12:54 | 000,032,523 | ---- | C] () -- C:\windows\SGTBoxf.INI
[2010/08/19 12:27:24 | 000,000,197 | ---- | C] () -- C:\windows\XLKG_Fr.ini
[2010/04/26 00:30:54 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/08 20:18:03 | 000,023,552 | ---- | C] () -- C:\Users\Jonsche\AppData\Local\WebpageIcons.db
[2010/04/03 11:36:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/04/03 11:21:18 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 19:37:24 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 19:37:23 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 19:37:23 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 19:37:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 02:36:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,440,816 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) >
 
< IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=102871&l=dis&gct=hp >
Invalid Switch: eu.ask.com?o=102871&l=dis&gct=hp

 
< IE - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) >
 
< FF - prefs.js..browser.search.defaultengine: "Ask.com" >
 
< FF - prefs.js..browser.search.defaultenginename: "Ask.com" >
 
< FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" >
 
< FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" >
 
< FF - prefs.js..browser.search.order.1: "Ask.com" >
 
< FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q=" >
 
< [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com >
Invalid Switch: 01 15:27:18 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com

 
< [2011/06/01 15:27:18 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar >
Invalid Switch: 01 15:27:18 | 000,000,000 | -H-D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar

 
< [2011/05/20 17:44:08 | 000,002,399 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml >
Invalid Switch: 20 17:44:08 | 000,002,399 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml

 
< [2010/10/19 21:28:08 | 000,000,927 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml >
Invalid Switch: 19 21:28:08 | 000,000,927 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml

 
< [2010/11/05 02:12:51 | 000,001,583 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml >
Invalid Switch: 05 02:12:51 | 000,001,583 | -H-- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml

 
< O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) >
 
< O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) >
 
< O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) >
 
< O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) >
 
< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >
 
< O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) >
 
< O3 - HKU\S-1-5-21-1072828290-3828818215-1948454868-1001\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) >
 
< [2011/06/01 13:41:11 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~26795768r >
Invalid Switch: 01 13:41:11 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~26795768r

 
< [2011/06/01 13:41:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~26795768 >
Invalid Switch: 01 13:41:11 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~26795768

 
< [2011/06/01 13:35:57 | 000,000,635 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk >
Invalid Switch: 01 13:35:57 | 000,000,635 | -H-- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk

 
< [2011/06/01 13:35:46 | 000,000,336 | -H-- | M] () -- C:\ProgramData\26795768 >
Invalid Switch: 01 13:35:46 | 000,000,336 | -H-- | M] () -- C:\ProgramData\26795768

 
< [2010/11/16 01:19:15 | 000,004,151 | -H-- | C] () -- C:\ProgramData\ojobkspa.ako >
Invalid Switch: 16 01:19:15 | 000,004,151 | -H-- | C] () -- C:\ProgramData\ojobkspa.ako

 
< @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 >
 
< :Commands >
 
< [purity] >
 
< [REBOOT] >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---

[/Code]

Alt 09.06.2011, 16:04   #20
kira
/// Helfer-Team
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Punkt 3. von hier ausgeführt?:-> http://www.trojaner-board.de/99876-f...tml#post669271

Post #18 bitte machen

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 09.06.2011, 16:47   #21
Jonzi
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Voilà

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/9/2011 3:53:58 PM - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Jonsche\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.77% Memory free
5.93 Gb Paging File | 3.75 Gb Available in Paging File | 63.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.56 Gb Total Space | 43.18 Gb Free Space | 47.68% Space Free | Partition Type: NTFS
Drive D: | 192.43 Gb Total Space | 19.57 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
 
Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/06/01 19:17:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jonsche\Downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 21:55:08 | 002,301,752 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2011/05/23 17:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/15 11:53:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/28 18:41:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/16 21:52:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2010/03/25 19:22:06 | 003,622,912 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/05 02:23:04 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/06/01 19:17:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jonsche\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/06/06 20:49:29 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 18:41:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/16 21:52:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/28 04:10:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 19:22:06 | 003,622,912 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/16 21:52:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:15 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\AntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\AntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/06 06:07:10 | 009,923,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com?o=102871&l=dis&gct=hp
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://eu.ask.com?o=102871&l=dis&gct=hp"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.1.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CS-ST&o=102871&locale=de_EU&apn_uid=b06c4211-8645-41f5-977c-a76da0e71fe8&apn_ptnrs=5L&apn_sauid=272300F1-4540-400C-855A-FC6CB2B6771C&apn_dtid=YYYYYYYYBE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 15:17:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 11:53:25 | 000,000,000 | ---D | M]
 
[2010/04/03 14:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Extensions
[2011/05/26 20:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\engine@conduit.com
[2011/06/01 15:27:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Jonsche\AppData\Roaming\mozilla\Firefox\Profiles\pcyarzgs.default\extensions\vshare@toolbar
[2011/05/20 17:44:08 | 000,002,399 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\askcom.xml
[2010/10/19 21:28:08 | 000,000,927 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\conduit.xml
[2010/11/05 02:12:51 | 000,001,583 | ---- | M] () -- C:\Users\Jonsche\AppData\Roaming\Mozilla\Firefox\Profiles\pcyarzgs.default\searchplugins\web-search.xml
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/05/10 18:03:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JONSCHE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PCYARZGS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/15 11:53:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/15 11:53:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/15 11:53:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/15 11:53:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/15 11:53:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/15 11:53:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/15 11:53:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] D:\Program Files\AntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/03 15:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/06/03 15:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/03 14:54:02 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\Desktop\hjt
[2011/06/02 15:49:37 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:54:13 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/01 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/01 19:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/01 19:12:28 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Malwarebytes
[2011/06/01 19:12:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/01 19:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/01 19:12:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/01 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\dvdcss
[2011/06/01 13:35:56 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/28 18:33:20 | 000,000,000 | ---D | C] -- C:\Users\Jonsche\AppData\Roaming\go
[2011/05/28 18:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/25 19:16:29 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\Diskdump.sys
[2011/05/14 20:12:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2011/05/12 19:04:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/12 19:04:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 18:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/10 18:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/10 18:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/09 15:14:02 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 15:14:02 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/09 14:48:18 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2011/06/09 14:03:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:52:09 | 000,014,736 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 15:42:31 | 000,000,478 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Jonsche.job
[2011/06/08 14:37:18 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 17:23:09 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/06/07 17:23:09 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/07 17:23:09 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/06/07 17:23:09 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/03 15:11:15 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/02 15:49:37 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/01 19:51:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | M] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | M] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | M] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | M] () -- C:\ProgramData\26795768
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/28 18:33:20 | 000,001,656 | ---- | M] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/05/20 18:09:53 | 000,015,669 | ---- | M] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2 C:\Users\Jonsche\*.tmp files -> C:\Users\Jonsche\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Jonsche\Desktop\*.tmp files -> C:\Users\Jonsche\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/09 14:49:24 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2011/06/03 15:11:15 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/03 14:05:35 | 000,002,821 | ---- | C] () -- C:\Users\Public\Desktop\Movavi Video Converter 10.lnk
[2011/06/03 14:05:35 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\James Bond 007(TM) - Blood Stone.lnk
[2011/06/03 14:05:35 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Support Center.lnk
[2011/06/03 14:05:35 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2011/06/03 14:05:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/06/03 14:05:35 | 000,001,550 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/03 14:05:35 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/06/03 14:05:35 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk
[2011/06/03 14:05:35 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/06/03 14:05:35 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\User Guide.lnk
[2011/06/03 14:05:35 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution 4.lnk
[2011/06/03 14:05:35 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\Traktor.lnk
[2011/06/03 14:05:34 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk
[2011/06/03 14:05:34 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/06/03 14:05:34 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk
[2011/06/01 19:51:12 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/01 19:12:22 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 13:41:11 | 000,000,152 | ---- | C] () -- C:\ProgramData\~26795768r
[2011/06/01 13:41:11 | 000,000,136 | ---- | C] () -- C:\ProgramData\~26795768
[2011/06/01 13:35:57 | 000,000,635 | ---- | C] () -- C:\Users\Jonsche\Desktop\Windows 7 Recovery.lnk
[2011/06/01 13:35:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\26795768
[2011/05/28 18:33:20 | 000,001,686 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 18:33:20 | 000,001,656 | ---- | C] () -- C:\Users\Jonsche\Desktop\Play games (EasyBits GO).lnk
[2011/05/20 18:09:52 | 000,015,669 | ---- | C] () -- C:\Users\Jonsche\Desktop\Praktikumsbericht_PoWi_Dominik Völlmecke.pdf
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/01/23 15:07:06 | 000,000,168 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJr
[2011/01/23 15:07:05 | 000,000,272 | ---- | C] () -- C:\ProgramData\~3qHDVSBfJ
[2011/01/23 15:05:59 | 000,000,344 | ---- | C] () -- C:\ProgramData\3qHDVSBfJ
[2011/01/22 06:58:30 | 000,016,897 | ---- | C] () -- C:\Users\Jonsche\AppData\Roaming\4F66.931
[2010/11/16 01:19:15 | 000,004,151 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010/11/12 19:12:54 | 000,032,523 | ---- | C] () -- C:\windows\SGTBoxf.INI
[2010/08/19 12:27:24 | 000,000,197 | ---- | C] () -- C:\windows\XLKG_Fr.ini
[2010/04/26 00:30:54 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/08 20:18:03 | 000,023,552 | ---- | C] () -- C:\Users\Jonsche\AppData\Local\WebpageIcons.db
[2010/04/03 11:36:15 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/04/03 11:21:18 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 19:37:24 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/12/05 19:37:23 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/12/05 19:37:23 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/12/05 19:37:23 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/12/05 02:36:55 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,440,816 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
 
========== LOP Check ==========
 
[2010/04/03 14:52:50 | 000,000,000 | -HSD | M] -- C:\Users\Jonsche\AppData\Roaming\.#
[2011/03/25 02:15:58 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Camfrog
[2011/05/02 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/28 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\go
[2011/06/01 15:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\gtk-2.0
[2010/05/22 00:23:50 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Hardcore
[2010/11/16 01:19:18 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\MOVAVI
[2010/05/23 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\Propellerhead Software
[2010/04/08 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\Jonsche\AppData\Roaming\TuneUp Software
[2011/04/26 17:32:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         
--- --- ---


und

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 6/9/2011 3:53:58 PM - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Jonsche\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.77% Memory free
5.93 Gb Paging File | 3.75 Gb Available in Paging File | 63.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 90.56 Gb Total Space | 43.18 Gb Free Space | 47.68% Space Free | Partition Type: NTFS
Drive D: | 192.43 Gb Total Space | 19.57 Gb Free Space | 10.17% Space Free | Partition Type: NTFS
 
Computer Name: JONSCHE-PC | User Name: Jonsche | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EED4E76-6A8D-4A43-9049-F08F029B9B51}" = Movavi Video Converter 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon ScanGear Toolbox FAU" = Canon ScanGear Toolbox FAU 2.5
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Expresskurs Französisch" = Expresskurs Französisch
"FL Studio 9" = FL Studio 9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Google Chrome" = Google Chrome
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NSS" = Norton Security Scan
"Numark Cue LE (Atomix Productions)" = Numark Cue LE (Atomix Productions)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"Reason4Demo_is1" = Reason Demo 4.0.1
"RocketDock_is1" = RocketDock 1.3.5
"Sakura" = Sakura
"Sawer" = Sawer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 50280" = Mafia II - Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"VLMC" = VideoLAN Movie Creator
"VueScan" = VueScan
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/3/2011 1:46:33 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7098
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8143
 
Error - 6/3/2011 1:46:34 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9157
 
Error - 6/3/2011 1:46:35 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9157
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10155
 
Error - 6/3/2011 1:46:36 PM | Computer Name = Jonsche-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10155
 
[ System Events ]
Error - 6/6/2011 7:29:44 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/6/2011 7:29:44 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/6/2011 2:47:26 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/6/2011 2:47:26 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/6/2011 2:50:43 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 6/6/2011 2:50:43 PM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 6/7/2011 2:40:12 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/7/2011 2:40:12 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 6/8/2011 8:37:29 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Apple Mobile Device erreicht.
 
Error - 6/8/2011 8:37:29 AM | Computer Name = Jonsche-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---




Stimmt das so?

Alt 09.06.2011, 18:11   #22
kira
/// Helfer-Team
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Zitat:
Kann zumindest eine Verknüpgung erstellen und somit vom Desktop zugreifen. Leider sind sie dadurch noch nicht in den Ordnern im Startmenü.
hast Du mein Vorschlag gefolgt? wenn nicht, mache das bitte:
-> Ziehe die ausgewählte Verknüpfung mit der Maus auf das Vista Icon/Startsymbol einfach rein. Lass dann die Maus einfach dort los und schaue nach, ob das Programm im Startmenü vorhanden ist und ob funktioniert?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 05.07.2011, 13:36   #23
Jonzi
 
Festplatte beschädigt, Probleme mit dem IDE/SATA - Standard

Festplatte beschädigt, Probleme mit dem IDE/SATA



Ja das funktioniert... Etwas aufwendig, aber dann werde ich mal in einer freien Minute alle Programme rüberziehen.

Der Trojaner sceint jedoch immer noch auf meinem Computer aktiv zu sein. Vor ein paar Tagen gab es einen Anzeigefehler. Daraufhin ist mein Desktop kurz schwarz geworden. Ein Zustand wurde dann nach wenigen Sekunden von alleine wiederhergestellt.

Wie kann ich den Trojaner schlußendlich von der Festplatte kriegen?

Vielen Dank im Voraus und für die bisherige Unterstützung!

Antwort

Themen zu Festplatte beschädigt, Probleme mit dem IDE/SATA
4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivir, autorun, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, conduit, converter, desktop, extension.mismatch, festplatte, firefox, home, hängen, logfile, malware, mbamservice.exe, mozilla, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, registry, scan, sched.exe, searchplugins, security scan, senden, software, spyware, start menu, super, taskhost.exe, trojan.fakems, trojaner, usb, webcheck, windows



Ähnliche Themen: Festplatte beschädigt, Probleme mit dem IDE/SATA


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. auch "ide/sata festplatte beschädigt" - aber systemwiederherstellung gelungen!
    Log-Analyse und Auswertung - 28.04.2012 (26)
  3. Festplatte Ide/Sata fehler
    Log-Analyse und Auswertung - 14.07.2011 (15)
  4. Festplatte beschädigt, Problem mit IDE/ SATA-Festplatten erkannt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2011 (2)
  5. Festplatte IDE SATA problem festgestellt
    Log-Analyse und Auswertung - 10.06.2011 (27)
  6. Festplatte beschädigt, Problem mit IDE/ SATA-Festplatten erkannt
    Log-Analyse und Auswertung - 10.06.2011 (1)
  7. festplatte IDE SATA problem festgestellt, OTL.exe
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (5)
  8. Festplatte beschädigt, Probleme mit dem IDE/SATA
    Log-Analyse und Auswertung - 01.06.2011 (29)
  9. Fehlermeldung "Festplatte defekt", "Probleme mit IDE / SATA- Festplatten", Dateien weg
    Log-Analyse und Auswertung - 28.05.2011 (1)
  10. Probleme mit XP IDE-/Sata Festplatten seien beschädigt nach Recovery schwarzer Monitor
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (12)
  11. trojaner ''festplatte beschädigt - durch problem mit IDE/ SATA festplatte''
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (3)
  12. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  13. Neue SATA - Festplatte im IDE-System
    Netzwerk und Hardware - 11.02.2010 (6)
  14. Festplatte an PCI-SATA Controller nicht erkannt
    Netzwerk und Hardware - 08.12.2009 (6)
  15. IDE und SATA Festplatte gleichzeitig?
    Netzwerk und Hardware - 15.02.2009 (2)
  16. SATA Festplatte wurde nicht erkannt.
    Netzwerk und Hardware - 13.01.2009 (25)
  17. Sata Festplatte installieren
    Netzwerk und Hardware - 28.12.2005 (2)

Zum Thema Festplatte beschädigt, Probleme mit dem IDE/SATA - Zitat: Zitat von Jonzi jBringt es was die Programme aus den Ordnern herauszukopieren? Kann ich noch irgendetwas tun? geht es mit Rechtsklick-> Freigabe, kopieren, Ausschneiden, Senden, Umbenennen etc? nachgucken: Zitat: - Festplatte beschädigt, Probleme mit dem IDE/SATA...
Archiv
Du betrachtest: Festplatte beschädigt, Probleme mit dem IDE/SATA auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.