Trojaner-Board - "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - "Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile (https://www.trojaner-board.de/102152-offizielle-mitteilung-bundeskriminalamtes-trojaner-otlpe-logfile.html)

"Die offizielle Mitteilung des Bundeskriminalamtes" Trojaner - OTLPE Logfile

Hallo zusammen,

vor ca. 10 Tagen hat sich auf dem Laptop eines Verwandten der zur Zeit grassierende Bundespolizei-Virus gezeigt. (Vgl. hxxp://www.nölsch.de/wp-content/uploads/Bundespolizei-Virus-Screenshot.png)

Ich habe anhand der Anleitung auf hxxp://www.pctipp.ch/forum/showthread.php?t=23424 eine OTLPE CD erstellt, sowie versucht, die Dateien C:\OTL.txt und Extras.txt zu erstellen. Hierbei war ich jedoch nur teilweise erfolgreich - nur die OTL.txt Datei wurde erstellt. (Keine Ahnung weshalb, habe eigentlich alles so gemacht, wie es beschrieben wurde..)

Anbei findet ihr die OTL.txt Datei. Falls dies nicht genügt und die Extras.txt Datei eine essentielle Rolle spielt wäre ich dankbar für einen Tipp, wie ich an die Extras.txt Datei rankomme.

Vielen Dank im Voraus!

Beginn der OTL.txt Datei:

OTL logfile created on: 8/6/2011 7:42:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 59.66 Gb Free Space | 42.71% Space Free | Partition Type: NTFS
Drive D: | 7.80 Gb Total Space | 0.70 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 85.04% Space Free | Partition Type: NTFS
Drive F: | 1.96 Gb Total Space | 1.96 Gb Free Space | 99.93% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (LiveUpdate Notice Ex)
SRV - File not found [On_Demand] -- -- (getPlusHelper)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/08 09:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/08/02 22:50:15 | 000,316,888 | ---- | M] (Protection Technology) [Auto] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/10/15 08:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 08:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/01/29 12:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 03:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/26 05:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/26 05:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007/06/08 04:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/05/08 03:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/15 21:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/03/05 05:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/06 02:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 13:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (upperdev)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2010/08/02 22:50:15 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009/05/27 11:40:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 11:40:13 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 11:40:11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/14 11:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/18 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 03:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/05/24 10:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/15 21:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 05:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 21:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/06/28 05:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\***_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/07 18:17:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/12/14 15:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011/06/22 03:40:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/12/26 11:07:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/12/14 15:32:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011/06/22 03:40:40 | 000,000,000 | ---D | M]

[2011/06/20 13:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2gh41srr.default\extensions
[2009/08/13 12:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2gh41srr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/12 13:24:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2gh41srr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/01/07 18:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/07 18:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/07 18:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009/01/07 18:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/01/07 18:17:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2009/01/07 18:16:41 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/01/07 18:16:41 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/01/07 18:16:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/01/07 18:16:41 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.png
[2009/01/07 18:16:41 | 000,000,804 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.src
[2009/01/07 18:16:41 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.gif
[2009/01/07 18:16:41 | 000,001,075 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.src
[2009/01/07 18:16:41 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.gif
[2009/01/07 18:16:41 | 000,000,879 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.src
[2009/01/07 18:16:41 | 000,000,232 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.png
[2009/01/07 18:16:41 | 000,001,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.src
[2009/01/07 18:16:41 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.gif
[2009/01/07 18:16:41 | 000,001,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.src

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\***_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\***_ON_C..\Run: [] File not found
O4 - HKU\***_ON_C..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKU\***_ON_C..\Run: [AsyncAuthenticationdll32] File not found
O4 - HKU\***_ON_C..\Run: [fcacls] File not found
O4 - HKU\***_ON_C..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\***_ON_C..\Run: [Txtcsc] C:\Users\***\AppData\Roaming\Userdvd\newcat.exe ()
O4 - HKU\***_ON_C..\Run: [userinit] File not found
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Program Files\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\***_ON_C Winlogon: Shell - (C:\Users\***\Desktop\0.5435339398469355.exe) - C:\Users\***\Desktop\0.5435339398469355.exe ()
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 12:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{92b83f20-d25b-11dd-9512-00218670eaca}\Shell\AutoRun\command - "" = G:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2011/08/06 10:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/06 10:41:27 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/06 10:41:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 10:41:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 10:41:08 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 10:39:26 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/06 09:35:34 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/06 07:44:11 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/02 18:55:48 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 10:14:57 | 000,111,104 | ---- | M] () -- C:\Users\***\Desktop\0.5435339398469355.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/06 10:39:20 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/01 10:14:56 | 000,111,104 | ---- | C] () -- C:\Users\***\Desktop\0.5435339398469355.exe
[2011/05/04 15:09:11 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010/10/01 09:00:58 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\80843.cfg
[2009/08/08 06:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 06:10:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 10:31:48 | 000,000,303 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2009/03/20 17:23:22 | 000,017,089 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009/01/07 18:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/07 18:16:41 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat
[2008/12/22 13:45:17 | 000,008,959 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/11/21 05:08:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/20 20:15:35 | 000,044,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/25 10:08:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/25 10:08:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/25 10:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/25 10:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/25 10:08:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/25 10:08:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/24 08:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 08:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 08:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/24 08:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/06/08 04:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007/03/29 06:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/09 12:42:33 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/09 12:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:38:05 | 000,696,626 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:38:05 | 000,155,102 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,433,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,651,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,126,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 06:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997/06/14 04:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/02/12 07:23:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10566
[2010/09/12 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2008/10/25 10:09:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett Packard
[2008/12/25 05:13:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2010/05/10 17:19:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2008/12/08 09:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010/12/28 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010/09/10 08:44:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pro Cycling Manager 2010
[2008/12/28 08:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ROUTE 66 Sync
[2008/12/25 04:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\SampleView
[2011/05/05 18:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Userdvd
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/10/28 14:44:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Napster
[2010/12/26 10:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2010/12/26 11:23:42 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2008/12/22 13:42:25 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2009/08/11 08:13:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2006/11/09 12:46:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/05/29 19:17:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007/12/14 20:10:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/12/11 06:29:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/08/06 10:41:28 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1165 bytes -> C:\Users\***\Documents\Fw_ E-Mail schreiben an_ 01 Titel 1_mp3.eml:OECustomProperty
< End of report >

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.
Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:

WICHTIG: Die **** mit dem richtigen Pfad ergänzen.

Code:

:OTL O4 - HKU\***_ON_C..\Run: [] File not found O4 - HKU\***_ON_C..\Run: [4E3E0230AEBB4E96] File not found O4 - HKU\***_ON_C..\Run: [AsyncAuthenticationdll32] File not found O4 - HKU\***_ON_C..\Run: [fcacls] File not found O4 - HKU\***_ON_C..\Run: [Txtcsc] C:\Users\***\AppData\Roaming\Userdvd\newcat.exe () O4 - HKU\***_ON_C..\Run: [userinit] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O20 - HKU\***_ON_C Winlogon: Shell - (C:\Users\***\Desktop\0.5435339398469355.exe) - C:\Users\***\Desktop\0.5435339398469355.exe () O32 - AutoRun File - [2004/04/30 12:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{92b83f20-d25b-11dd-9512-00218670eaca}\Shell\AutoRun\command - "" = G:\start.exe [2011/08/01 10:14:57 | 000,111,104 | ---- | M] () -- C:\Users\***\Desktop\0.5435339398469355.exe [2011/08/01 10:14:56 | 000,111,104 | ---- | C] () -- C:\Users\***\Desktop\0.5435339398469355.exe :Commands [purity] [emptytemp]
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
Schließe alle Programme.
Klicke auf den Fix Button.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Schritt 2

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hallo Swiss,

Habe Schritt 1 wie beschrieben durchgeführt. Den Laptop kann ich jedoch noch immer nicht booten. Hier ist der Text aus dem File:

Code:

========== OTL ==========

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

C:\Users\***\AppData\Roaming\Userdvd\newcat.exe moved successfully.

Registry key HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.

C:\Users\***\Desktop\0.5435339398469355.exe moved successfully.

D:\Autorun.inf moved successfully.

File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92b83f20-d25b-11dd-9512-00218670eaca}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92b83f20-d25b-11dd-9512-00218670eaca}\ not found.

File G:\start.exe not found.

File C:\Users\***\Desktop\0.5435339398469355.exe not found.

File C:\Users\***\Desktop\0.5435339398469355.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: ***

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 353384653 bytes

 

Total Files Cleaned = 337.00 mb

 

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 08082011_123227

Zitat:

WICHTIG: Die **** mit dem richtigen Pfad ergänzen.

Hast Du das gemacht??

Ja eigentlich schon, oder kann es sein, dass die *** in "Registry key HKEY_USERS\***_ON_C\" etwas anderes bedeuten als weiter unten bei "C:\Users\***\Desktop" ?

Danke und Gruß

Ich weiss nicht was Du da rausgelöscht hast. Mach nochmals einen Scan und schau nach.

So ich habe nochmal nachgeprüft und das ganze nun - so hoffe ich - korrekt ausgeführt. Hier ist der "neue" Bericht:

Code:

========== OTL ==========

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\AsyncAuthenticationdll32 deleted successfully.

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\fcacls deleted successfully.

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Txtcsc deleted successfully.

File C:\Users\***\AppData\Roaming\Userdvd\newcat.exe not found.

Registry value HKEY_USERS\***_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\userinit deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)\ not found.

Registry value HKEY_USERS\***_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\Desktop\0.5435339398469355.exe deleted successfully.

File C:\Users\***\Desktop\0.5435339398469355.exe not found.

File D:\Autorun.inf not found.

File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92b83f20-d25b-11dd-9512-00218670eaca}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92b83f20-d25b-11dd-9512-00218670eaca}\ not found.

File G:\start.exe not found.

File C:\Users\***\Desktop\0.5435339398469355.exe not found.

File C:\Users\***\Desktop\0.5435339398469355.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: ***

->Temp folder emptied: 2022 bytes

->Temporary Internet Files folder emptied: 315971803 bytes

->Java cache emptied: 28723751 bytes

->FireFox cache emptied: 5547076 bytes

->Google Chrome cache emptied: 6418916 bytes

->Apple Safari cache emptied: 2234368 bytes

->Flash cache emptied: 108023 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

 

Total Files Cleaned = 342.00 mb

 

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 08112011_014912

Viele Grüße

Perfekt. Nun Schritt 2.

Ich habe probiert das ganze im vorgegebenen Pfad zu installieren, kriege jedoch die Fehlermeldung es stünde nicht genügend Speicherplatz für die Installation zur Verfügung. An der Festplatte kann es nicht liegen, die ist nicht voll. Was mache ich falsch? :confused:

Es muss aber daran liegen?!? Wieviel hast Du noch auf C?

Sooo, hab das ganze versucht in C: zu installieren, bekomme jedoch kurz vor Ende der Installation folgende Fehlermeldung:

"X:\i386\system32\drivers\mbamswissarmy.sys

Fehler beim Erstellen einer Datei im Ziel-Ordner:
Access is denied."

Ist dir diese Fehlermeldung vielleicht bekannt und kannst du mir weiterhelfen?

Entschuldige, dass das Ganze so schwerfällig läuft ;)

Grüße

Hast Du wieder vollen Zugriff auf das System?

Nein, ich bin immer noch in der reatogo-oberfläche. sollte das bereits anders sein?

LG

Ja...

Downloade dir bitte srep.exe und speichere diese auf einen USB Stick. Wichtig: Nicht in einen Ordner speichern.

Starte den infizierten Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter ** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
Logge dich nun in das infizierte Benutzerkonto ein.
Schließe den USB Stick an den infizierten Rechner an.
Nun ist etwas Handarbeit gefragt.
- Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
- Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
  
  Zitat:
  
  Das System kann das angegeben Laufwerk nicht finden
  
  versuche einen anderen Laufwerksbuchstaben. ( zB F: )
Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
start srep.exe
Bestätige den Disclaimer mit OK.
Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.

Nun solltest Du wieder auf dein System zugreifen können. Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hallo Swiss,

Bitte entschuldige die lange Funkstille. Ich hatte einen Unfall und konnte mich deshalb in den vergangenen Wochen nicht um das Computer-Problem kümmern.

Ich habe alles wie beschrieben durchgeführt und kann nun tatsächlich wieder auf das System zugreifen.

Hier ist die shell.txt Datei:

Code:

WIN_VISTA X86
 

HKLM\..\Winlogon; Shell = explorer.exe

No action taken

HKCU\..\Winlogon; Shell not found

No action taken
 
 

HKLM\..\Run[Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide

HKLM\..\Run[IgfxTray] = C:\Windows\system32\igfxtray.exe

HKLM\..\Run[HotKeysCmds] = C:\Windows\system32\hkcmd.exe

HKLM\..\Run[Persistence] = C:\Windows\system32\igfxpers.exe

HKLM\..\Run[PDF Complete] = "C:\Program Files\PDF Complete\pdfsty.exe"

HKLM\..\Run[PTHOSTTR] = C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

HKLM\..\Run[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKLM\..\Run[hpWirelessAssistant] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

HKLM\..\Run[WAWifiMessage] = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

HKLM\..\Run[HP Health Check Scheduler] = c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM\..\Run[SunJavaUpdateSched] = "C:\Program Files\Java\jre6\bin\jusched.exe"

HKLM\..\Run[QlbCtrl] = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

HKLM\..\Run[Symantec PIF AlertEng] = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

HKLM\..\Run[NapsterShell] = C:\Program Files\Napster\napster.exe /systray

HKLM\..\Run[avgnt] = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKLM\..\Run[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

HKLM\..\Run[ArcSoft Connection Service] = C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKLM\..\Run[SoundMAXPnP] = C:\Program Files\Analog Devices\Core\smax4pnp.exe

HKLM\..\Run[HP Software Update] = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

HKLM\..\Run[] = 

HKLM\..\Run[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKLM\..\Run[AppleSyncNotifier] = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

HKLM\..\Run[NokiaMServer] = C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

HKLM\..\Run[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"

HKLM\..\Run[Adobe ARM] = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 

HKCU\..\Run[Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

HKCU\..\Run[LightScribe Control Panel] = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

HKCU\..\Run[swg] = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKCU\..\Run[NokiaOviSuite2] = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
 

HKU\.DEFAULT\Winlogon; Shell = 

HKU\S-1-5-19\Winlogon; Shell = 

HKU\S-1-5-20\Winlogon; Shell = 

HKU\S-1-5-21-3374201691-2096040940-2258843284-1006\Winlogon; Shell = c:\users\bernd dransfeld\desktop\0.5435339398469355.exe

HKU\S-1-5-21-3374201691-2096040940-2258843284-1006_Classes\Winlogon; Shell = 

HKU\S-1-5-18\Winlogon; Shell =

Viele Grüße

Schritt 1

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Kann ich das Ganze wieder am infizierten Rechner machen, sprich darauf ins Netz gehen oder soll ich das besser auf nem sauberen Rechner runterladen und über nen Stick auf den anderen ziehen?

Nein alles am infizierten Rechner. Einfach noch kein Ebanking.

Gesagt, probiert. Da tat sich jedoch ein neues Problem auf: Nach ca. 1-2 min Scan wurde plötzlich der Bildschirm blau, es stand jede Menge Zeug da (ich habs nicht lesen können, da ich es nur im Augenwinkel gesehen habe) und dann hat der Laptop ohne mein Zutun neu gestartet...

Soll ich es einfach nochmal mit dem Scan versuchen?

Ja einfach nochmals.

So jetzt hat es im fünften Anlauf endlich geklappt!

Ich poste einfach mal die Gmer.txt Datei, du kannst mir dann bestimmt sagen, wie es weitergeht:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-09-11 15:37:40

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.12.0

Running: eoihd3ew.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kxtdyfoc.sys
 
 

---- Registry - GMER 1.0.15 ----
 

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6                                                         

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73                                                         

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218670eaca                                                         

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218670eaca@001cd6071962                                            0xFC 0x23 0x0B 0xB1 ...

Reg   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)                                     

Reg   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)                                     

Reg   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218670eaca (not active ControlSet)                                     

Reg   HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218670eaca@001cd6071962                                                0xFC 0x23 0x0B 0xB1 ...

Reg   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5000068082256FB448E59E9A75FACD4B\Usage@Product  1059816917

Reg   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval                                      86400
 

---- Files - GMER 1.0.15 ----
 

File  C:\Users\***\AppData\Local\Temp\~DFD208.tmp                                                                             360448 bytes

File  C:\Users\***\AppData\Local\Temp\~DFD213.tmp                                                                             512 bytes

File  C:\Users\***\AppData\Local\Temp\~DFD22E.tmp                                                                             540672 bytes

File  C:\Users\***\AppData\Local\Temp\~DFD23C.tmp                                                                             512 bytes

File  C:\Windows\winsxs\Catalogs\c51db1225623ff4d01c4fe16af981a86f52fa76c928f70907d940d3631ec10c7.cat                                     14756 bytes

File  C:\Windows\winsxs\Catalogs\c5763cff28dc342ff52c73023f20f4ad94e277bead6465b91e8cb14f7c01e0a8.cat                                     10535 bytes

File  C:\Windows\winsxs\Catalogs\c5e7478c64f7d2c08c0b147dd4f0704e6cbcd0b6b4e2ed52da4c6bcec976d97b.cat                                     10649 bytes

File  C:\Windows\winsxs\Catalogs\c67ff437d35b8890bda9e14fb409cfff8d84b0c09997f78ab4695022d0b64665.cat                                     9658 bytes

File  C:\Windows\winsxs\Catalogs\c6a14510867ecac0f10d1773225015fa2481ed0b0cf02838ac97e6c24b7671c9.cat                                     7367 bytes

File  C:\Windows\winsxs\Catalogs\c6da0c3622523b00f22608b44a0ede88f174b83fc8bc1e5ee5f11997011587f1.cat                                     11228 bytes
 

---- EOF - GMER 1.0.15 ----

Melde mich Morgen, sorry.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

explorer.exe

regedit.exe

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Guten Abend,

dies sind die Dateien - zunächst das OTL-File und dann das Extras-File:

Code:

OTL logfile created on: 17.09.2011 19:33:53 - Run 1

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,58% Memory free

4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,69 Gb Total Space | 59,26 Gb Free Space | 42,42% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS

Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS

 

Computer Name: HEADOFHOUSE-PC | User Name: ***| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010.12.20 13:03:50 | 000,697,856 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe

PRC - [2010.11.23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010.11.16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

PRC - [2010.05.11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.08 00:17:16 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe

PRC - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

PRC - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

PRC - [2008.09.30 17:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2008.09.30 17:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

PRC - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe

PRC - [2007.05.08 09:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsty.exe

PRC - [2007.04.16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007.01.12 20:36:40 | 000,323,216 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe

PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.12.20 13:17:18 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll

MOD - [2010.12.20 13:17:18 | 002,551,808 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll

MOD - [2010.12.20 13:17:18 | 002,277,888 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll

MOD - [2010.12.20 13:17:18 | 000,912,384 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll

MOD - [2010.12.20 13:17:18 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll

MOD - [2010.12.20 13:17:18 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll

MOD - [2010.12.20 13:17:16 | 008,151,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll

MOD - [2010.12.20 13:17:16 | 002,186,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll

MOD - [2010.12.20 13:17:16 | 001,283,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll

MOD - [2010.12.20 13:17:16 | 000,675,840 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll

MOD - [2010.12.20 13:17:16 | 000,339,456 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll

MOD - [2010.12.20 13:17:16 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll

MOD - [2010.12.20 13:17:16 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll

MOD - [2010.12.20 13:17:16 | 000,120,832 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Plugins\nps.dll

MOD - [2010.12.20 12:57:12 | 000,790,016 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll

MOD - [2010.12.20 12:55:12 | 000,345,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll

MOD - [2010.12.20 12:55:12 | 000,180,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\noaipcclient.dll

MOD - [2010.12.20 12:55:12 | 000,028,040 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll

MOD - [2010.12.20 12:54:14 | 000,680,448 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll

MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll

MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe

MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

MOD - [2007.02.16 18:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll

MOD - [2007.02.16 18:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll

MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll

MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll

MOD - [2005.06.28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)

SRV - File not found [Unknown | Stopped] --  -- (getPlusHelper)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.08.03 04:50:15 | 000,316,888 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008.10.15 14:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)

SRV - [2008.10.15 14:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)

SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)

SRV - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2007.04.16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2010.08.03 04:50:15 | 003,333,808 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)

DRV - [2009.05.27 17:40:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.05.27 17:40:13 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)

DRV - [2009.05.27 17:40:11 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)

DRV - [2007.05.24 16:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2007.04.16 03:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.01.08 00:17:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.26 17:07:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M]

 

[2011.09.11 23:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions

[2009.08.13 18:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.12 19:24:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2009.01.08 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REALPLAYER@PARTNERS.MOZILLA.COM

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

[2009.01.08 00:17:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

[2009.01.08 00:16:41 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll

[2009.01.08 00:16:41 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll

[2009.01.08 00:16:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll

[2009.01.08 00:16:41 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.png

[2009.01.08 00:16:41 | 000,000,804 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.src

[2009.01.08 00:16:41 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.gif

[2009.01.08 00:16:41 | 000,001,075 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.src

[2009.01.08 00:16:41 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.gif

[2009.01.08 00:16:41 | 000,000,879 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.src

[2009.01.08 00:16:41 | 000,000,232 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.png

[2009.01.08 00:16:41 | 000,001,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.src

[2009.01.08 00:16:41 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.gif

[2009.01.08 00:16:41 | 000,001,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.src

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF93A730-B904-4CBB-8AF7-25AEBB9396DC}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (c:\users\bernd dransfeld\desktop\0.5435339398469355.exe) - File not found

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.17 19:24:37 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.09.15 16:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Susanne und Frank 50

[2011.08.19 10:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.17 19:35:10 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.09.17 19:19:31 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.17 19:19:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.17 19:19:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.17 19:18:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.17 19:18:54 | 2136,305,664 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.15 23:07:45 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.09.15 22:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.15 13:21:14 | 000,696,626 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.15 13:21:14 | 000,651,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.15 13:21:14 | 000,155,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.15 13:21:14 | 000,126,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.11 14:20:38 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2011.09.07 05:04:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\eoihd3ew.exe

 
 ========== Files Created - No Company Name ==========

 

[2011.09.11 20:01:40 | 2136,305,664 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.07 05:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\eoihd3ew.exe

[2011.05.04 21:09:11 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2010.10.01 15:00:58 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\80843.cfg

[2009.08.08 12:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.08 12:10:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.07.10 16:31:48 | 000,000,303 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini

[2009.03.20 23:23:22 | 000,017,089 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png

[2009.01.08 00:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.01.08 00:16:41 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat

[2008.12.22 19:45:17 | 000,008,959 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2008.11.21 11:08:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.21 02:15:35 | 000,044,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.25 16:08:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008.10.25 16:08:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008.10.25 16:08:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008.10.25 16:08:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007.08.24 14:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2007.08.24 14:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.08.24 14:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007.08.24 14:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.06.08 10:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll

[2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.11.09 18:42:33 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2006.11.09 18:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 17:38:05 | 000,696,626 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:38:05 | 000,155,102 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:44:53 | 000,433,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 12:33:01 | 000,651,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,126,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2011.02.12 13:23:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10566

[2010.09.12 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2008.10.25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett Packard

[2008.12.25 11:13:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo

[2010.05.10 23:19:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec

[2008.12.08 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2010.12.28 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2010.09.10 14:44:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pro Cycling Manager 2010

[2008.12.28 14:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ROUTE 66 Sync

[2008.12.25 10:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SampleView

[2011.08.08 18:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Userdvd

[2011.09.15 23:07:44 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2008.10.25 16:20:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2009.08.21 19:40:26 | 000,000,000 | -HSD | M] -- C:\boot

[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2007.12.15 02:00:10 | 000,000,000 | -H-D | M] -- C:\hp

[2007.12.15 02:01:56 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.11.19 23:46:59 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.08.19 10:24:53 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.06.21 14:42:14 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2006.11.09 18:46:51 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.06.19 10:53:22 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin

[2011.08.07 18:44:20 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2008.10.25 16:20:08 | 000,000,000 | ---D | M] -- C:\SwSetup

[2008.11.08 19:07:59 | 000,000,000 | -HSD | M] -- C:\System Recovery

[2011.09.17 19:40:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2008.10.25 16:20:08 | 000,000,000 | -H-D | M] -- C:\System.sav

[2008.10.25 16:05:33 | 000,000,000 | R--D | M] -- C:\Users

[2011.09.12 00:10:27 | 000,000,000 | ---D | M] -- C:\Windows

[2009.07.16 23:51:41 | 000,000,000 | ---D | M] -- C:\WorkTemp

[2011.08.08 18:32:27 | 000,000,000 | ---D | M] -- C:\_OTL

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2008.10.25 18:29:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe

[2008.10.25 18:29:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe

[2008.01.19 09:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-17 17:40:44

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1165 bytes -> C:\Users\***\Documents\Fw_ E-Mail schreiben an_ 01 Titel 1_mp3.eml:OECustomProperty
 

< End of report >

Code:

OTL Extras logfile created on: 17.09.2011 19:33:53 - Run 1

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,58% Memory free

4,21 Gb Paging File | 2,46 Gb Available in Paging File | 58,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,69 Gb Total Space | 59,26 Gb Free Space | 42,42% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS

Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS

 

Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{018444CB-09A7-45FB-8AA5-0320383DC7E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{1869FE36-A7A2-486F-A716-E6BEFB8583DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1AD664F0-2AE0-4D78-8DF6-667B728A930C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{40F8301A-51BF-4681-A89B-15726C243D79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{415B3F72-15C6-4F6A-9820-121589407F91}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4C9484BD-146E-4FDC-A45D-102B7FFFCAFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5CDF0832-8BDA-47AA-B6DC-3E05818372A6}" = rport=139 | protocol=6 | dir=out | app=system | 

"{645F100E-C1A3-4973-A7D7-04563FC0B3FF}" = rport=137 | protocol=17 | dir=out | app=system | 

"{6AF072F8-7E04-435D-B66B-E729C1790CDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{6BAD45F7-4F71-4F36-AEA2-6624AF44C269}" = rport=445 | protocol=6 | dir=out | app=system | 

"{6D688217-0AAD-40AE-A74F-CA0453D94F65}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{78AEAB7C-BC07-482C-A210-43B83525A36B}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7E0BAD23-EEB7-4482-BFAB-509320F57123}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{A13E5260-560E-4176-AF8E-C3694EB69C45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AE0AA5D5-AE97-4A29-BF5E-9ED7DDADE035}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B0735E09-0737-4EAC-8C3F-5704E8635D60}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D084A41C-84E4-4DA8-B913-0DBD99F1B5F3}" = lport=138 | protocol=17 | dir=in | app=system | 

"{D118593E-954F-4FB1-8EC5-F9F49A1BFC40}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{DE94384A-A2D2-4705-9A03-D7F18F87EC61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03506F47-5947-4C03-AFC3-E0C9EBF5D59B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{0E46DF45-E229-4819-943A-B45A47B68156}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{164EB954-331D-4D57-9D1D-10FE3B79B12C}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 

"{17CCD86E-7891-4C7E-BF03-016175537696}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 

"{34286FB9-E463-4D55-BC79-741366D5C922}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{56A60D83-9C0A-45D4-B832-9E8497AD119C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 

"{617BCF45-AFB3-420A-84FF-33CC3E3BABFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{7F47E493-C24A-4A52-ABD1-9F49A99F9291}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 

"{AC656E6F-A19C-4059-9E5D-B9BCBD6E5BED}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 

"{BF57AD51-EC5E-4633-A6C7-4366834C5A96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D96B7394-5206-4C80-BD77-E8D3C7FDCF31}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{DF718838-E0C2-44CE-9EEA-1F624D56EFB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{E042BBA2-211B-407F-8A0D-65C2117938E1}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 

"{F4D51F75-3402-4B92-A40A-99EE55801BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{28F8B573-93C1-49E9-AB28-5289794CFAC4}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"TCP Query User{493F5EFD-0FAF-49F9-BE7C-EB151C387A42}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{4DCC0DCB-2B98-43EB-B31F-DDA68690906F}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=6 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe | 

"TCP Query User{704ABA8A-3563-49F1-87DE-66D2E59B5BB7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{281012E1-14F5-43F8-BD3C-F6005B312AEE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"UDP Query User{8CC04355-E31F-48FB-9CB8-6D305594E24E}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=17 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe | 

"UDP Query User{9710598C-51A4-4400-99A2-A022FB4F276C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{CC6C73F8-6834-4146-AFA3-85A46064A55F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2

"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite

"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme

"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings

"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour

"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV Ts

"{557696ED-2543-4D5D-9F53-0BDAAF8D5FB8}" = ArcSoft VideoImpression 2

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support

"{59E1EEA6-EDBC-45C1-9754-A88119760547}" = ArcSoft MediaConverter 2.5

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 

"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend

"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution

"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library

"{E629851A-1B1A-4671-961A-A9AF549E03A2}" = ArcSoft PhotoImpression 5

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"AOL Toolbar" = AOL Toolbar 5.0

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"BurnAware Free_is1" = BurnAware Free 2.3.7

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"GameCenter_is1" = GameCenter 1.3.0.5

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Luchterhand - BGB-Kommentar" = Luchterhand - BGB-Kommentar

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)

"Nokia Ovi Suite" = Nokia Ovi Suite

"PDF Complete" = PDF Complete

"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1

"PROHYBRIDR" = 2007 Microsoft Office system

"PROSet" = Intel(R) PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.1

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"309a46b1dc89b774" = Dell Driver Download Manager

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.09.2011 08:20:29 | Computer Name = Headofhouse-PC | Source = Perflib | ID = 1010

Description = 

 

Error - 11.09.2011 08:21:19 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 11.09.2011 08:45:44 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 13.09.2011 14:36:18 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 15.09.2011 07:11:30 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 15.09.2011 10:23:15 | Computer Name = Headofhouse-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Roxio_Central33.exe, Version 3.50.6.0, Zeitstempel

 0x46577268, fehlerhaftes Modul CDDBUIRoxio.dll, Version 2.0.0.20, Zeitstempel 0x404ced8f,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00003440,  Prozess-ID 0x1418, Anwendungsstartzeit

 01cc73b2efbb1550.

 

Error - 17.09.2011 13:24:04 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 17.09.2011 13:32:43 | Computer Name = Headofhouse-PC | Source = Application Hang | ID = 1002

Description = Programm OTL.exe, Version 3.2.28.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 12b4  Anfangszeit: 01cc755eb8f9f0ff  Zeitpunkt der Beendigung:

 5

 

Error - 17.09.2011 13:38:57 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 17.09.2011 13:40:13 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

[ OSession Events ]

Error - 06.01.2009 14:39:46 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 159 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 06.01.2009 14:40:31 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 10.01.2009 16:26:43 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 99 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 18.02.2009 15:51:36 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 235 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 18.02.2009 15:52:02 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 26.12.2010 11:32:14 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 06.09.2011 23:12:32 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 11.09.2011 08:16:12 | Computer Name = Headofhouse-PC | Source = WinDefend | ID = 2004

Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.

 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte

 Signaturen: %%824     Fehlercode: 0x8050a001     Fehlerbeschreibung: Das Programm kann keine

 Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen. 

Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen

 Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie

 unter "Hilfe und Support".      Ladende Signaturen: %%825     Ladene Signaturversion: 1.109.1136.0
 

        Ladende

 Modulversion: 1.1.7104.0

 

Error - 11.09.2011 12:20:39 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 13.09.2011 14:33:42 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 15.09.2011 07:11:14 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >

Gruß

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ich versteh es nicht, ich habe alle firewalls etc ausgeschaltet - auch den Microsoft Defender - und trotzdem kann ich den Scan nicht starten da angeblich der Microsoft Defender aktiviert ist. Ist er aber nicht.. Hast du eine Idee was ich falsch gemacht habe?

Danke es hat dann doch geklappt.

Hier ist das Logfile:

Code:

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

esets_scanner_update returned -1 esets_gle=12

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=12efa7975da505458422947027cf3a0f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-24 12:44:28

# local_time=2011-09-24 02:44:28 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 86562375 86562375 0 0

# compatibility_mode=5892 16776574 100 100 231 154393374 0 0

# compatibility_mode=8192 67108863 100 0 96405 96405 0 0

# scanned=204144

# found=1

# cleaned=0

# scan_time=7665

C:\_OTL\MovedFiles\08082011_123227\C_Users\***\Desktop\0.5435339398469355.exe        a variant of Win32/Kryptik.SOE trojan (unable to clean)        00000000000000000000000000000000        I

Gruss

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Alles klar,

wieder zunächst das OTL-file und dann die Extras-Datei:

OTL:

Code:

OTL logfile created on: 25.09.2011 20:34:58 - Run 2

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,06% Memory free

4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,69 Gb Total Space | 57,93 Gb Free Space | 41,47% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS

Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS

 

Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

PRC - C:\Windows\SMINST\Scheduler.exe ()

PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

PRC - C:\Programme\Napster\napster.exe (Napster)

PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\Plugins\nps.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\noaipcclient.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Windows\System32\igfxTMM.dll ()

MOD - C:\Windows\System32\flcdlmsg.dll ()

MOD - C:\Windows\SMINST\Scheduler.exe ()

MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\Windows\System32\btwhidcs.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Windows\SMINST\naspp.dll ()

MOD - C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll ()

MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (LiveUpdate Notice Ex) --  File not found

SRV - (getPlusHelper) --  File not found

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (appdrvrem01) Application Driver Auto Removal Service (01) -- C:\Windows\System32\appdrvrem01.exe (Protection Technology)

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)

SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)

SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)

SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)

SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (appdrv01) Application Driver (01) -- C:\Windows\System32\drivers\appdrv01.sys (Protection Technology)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.01.08 00:17:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.26 17:07:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010.12.14 21:32:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011.06.22 09:40:40 | 000,000,000 | ---D | M]

 

[2011.09.23 09:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions

[2009.08.13 18:38:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.12 19:24:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2gh41srr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2009.01.08 00:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2009.01.08 00:16:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REALPLAYER@PARTNERS.MOZILLA.COM

[2009.01.08 00:16:43 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

[2009.01.08 00:17:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

[2009.01.08 00:16:41 | 000,060,526 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll

[2009.01.08 00:16:41 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll

[2009.01.08 00:16:41 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll

[2009.01.08 00:16:41 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.png

[2009.01.08 00:16:41 | 000,000,804 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-de.src

[2009.01.08 00:16:41 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.gif

[2009.01.08 00:16:41 | 000,001,075 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.src

[2009.01.08 00:16:41 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.gif

[2009.01.08 00:16:41 | 000,000,879 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-de.src

[2009.01.08 00:16:41 | 000,000,232 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.png

[2009.01.08 00:16:41 | 000,001,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.src

[2009.01.08 00:16:41 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.gif

[2009.01.08 00:16:41 | 000,001,147 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.src

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF93A730-B904-4CBB-8AF7-25AEBB9396DC}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (c:\users\bernd dransfeld\desktop\0.5435339398469355.exe) - File not found

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.23 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.09.23 09:49:44 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2011.09.17 19:24:37 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.09.15 16:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Susanne und Frank 50

[2011.09.11 14:36:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.09.11 14:35:59 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.09.11 14:35:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.09.11 14:35:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.09.11 14:35:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.09.07 05:08:07 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2011.09.07 05:07:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2011.09.07 05:05:46 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011.09.07 05:05:46 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.25 20:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011.09.25 20:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.25 20:16:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.25 18:58:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.25 18:58:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.25 18:58:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.24 12:22:13 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.23 18:55:15 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011.09.23 09:49:43 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2011.09.17 19:24:34 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2011.09.15 13:21:14 | 000,696,626 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.15 13:21:14 | 000,651,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.15 13:21:14 | 000,155,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.15 13:21:14 | 000,126,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.11 14:20:38 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2011.09.07 05:04:08 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\eoihd3ew.exe

 
 ========== Files Created - No Company Name ==========

 

[2011.09.24 12:22:13 | 2138,365,952 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.07 05:04:16 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\eoihd3ew.exe

[2011.05.04 21:09:11 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2010.10.01 15:00:58 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Local\80843.cfg

[2009.08.08 12:10:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.08.08 12:10:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.07.10 16:31:48 | 000,000,303 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini

[2009.03.20 23:23:22 | 000,017,089 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png

[2009.01.08 00:19:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.01.08 00:16:41 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat

[2008.12.22 19:45:17 | 000,008,959 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2008.11.21 11:08:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.11.21 02:15:35 | 000,044,032 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.10.25 16:08:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008.10.25 16:08:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008.10.25 16:08:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008.10.25 16:08:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008.10.25 16:08:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007.08.24 14:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll

[2007.08.24 14:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007.08.24 14:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2007.08.24 14:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007.06.08 10:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll

[2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006.11.09 18:42:33 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2006.11.09 18:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006.11.02 17:38:05 | 000,696,626 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 17:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 17:38:05 | 000,155,102 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 17:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:44:53 | 000,433,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 12:33:01 | 000,651,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,126,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.03.09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1165 bytes -> C:\Users\***\Documents\Fw_ E-Mail schreiben an_ 01 Titel 1_mp3.eml:OECustomProperty
 

< End of report >

Extras:

Code:

OTL Extras logfile created on: 25.09.2011 20:34:58 - Run 2

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,06% Memory free

4,22 Gb Paging File | 2,76 Gb Available in Paging File | 65,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,69 Gb Total Space | 57,93 Gb Free Space | 41,47% Space Free | Partition Type: NTFS

Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,79% Space Free | Partition Type: NTFS

Drive F: | 7,80 Gb Total Space | 0,70 Gb Free Space | 8,93% Space Free | Partition Type: NTFS

 

Computer Name: HEADOFHOUSE-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{018444CB-09A7-45FB-8AA5-0320383DC7E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{1869FE36-A7A2-486F-A716-E6BEFB8583DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1AD664F0-2AE0-4D78-8DF6-667B728A930C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{40F8301A-51BF-4681-A89B-15726C243D79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{415B3F72-15C6-4F6A-9820-121589407F91}" = lport=445 | protocol=6 | dir=in | app=system | 

"{4C9484BD-146E-4FDC-A45D-102B7FFFCAFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5CDF0832-8BDA-47AA-B6DC-3E05818372A6}" = rport=139 | protocol=6 | dir=out | app=system | 

"{645F100E-C1A3-4973-A7D7-04563FC0B3FF}" = rport=137 | protocol=17 | dir=out | app=system | 

"{6AF072F8-7E04-435D-B66B-E729C1790CDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{6BAD45F7-4F71-4F36-AEA2-6624AF44C269}" = rport=445 | protocol=6 | dir=out | app=system | 

"{6D688217-0AAD-40AE-A74F-CA0453D94F65}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{78AEAB7C-BC07-482C-A210-43B83525A36B}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7E0BAD23-EEB7-4482-BFAB-509320F57123}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{A13E5260-560E-4176-AF8E-C3694EB69C45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AE0AA5D5-AE97-4A29-BF5E-9ED7DDADE035}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B0735E09-0737-4EAC-8C3F-5704E8635D60}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D084A41C-84E4-4DA8-B913-0DBD99F1B5F3}" = lport=138 | protocol=17 | dir=in | app=system | 

"{D118593E-954F-4FB1-8EC5-F9F49A1BFC40}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{DE94384A-A2D2-4705-9A03-D7F18F87EC61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03506F47-5947-4C03-AFC3-E0C9EBF5D59B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{0E46DF45-E229-4819-943A-B45A47B68156}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{164EB954-331D-4D57-9D1D-10FE3B79B12C}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 

"{17CCD86E-7891-4C7E-BF03-016175537696}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\autorun\exe\autorun.exe | 

"{34286FB9-E463-4D55-BC79-741366D5C922}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{56A60D83-9C0A-45D4-B832-9E8497AD119C}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 

"{617BCF45-AFB3-420A-84FF-33CC3E3BABFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{7F47E493-C24A-4A52-ABD1-9F49A99F9291}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 

"{AC656E6F-A19C-4059-9E5D-B9BCBD6E5BED}" = protocol=17 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 

"{BF57AD51-EC5E-4633-A6C7-4366834C5A96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D96B7394-5206-4C80-BD77-E8D3C7FDCF31}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{DF718838-E0C2-44CE-9EEA-1F624D56EFB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{E042BBA2-211B-407F-8A0D-65C2117938E1}" = protocol=6 | dir=in | app=c:\program files\cyanide\tour de france 2010 – der offizielle radsport-manager\pcm.exe | 

"{F4D51F75-3402-4B92-A40A-99EE55801BB3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"TCP Query User{28F8B573-93C1-49E9-AB28-5289794CFAC4}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"TCP Query User{493F5EFD-0FAF-49F9-BE7C-EB151C387A42}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{4DCC0DCB-2B98-43EB-B31F-DDA68690906F}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=6 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe | 

"TCP Query User{704ABA8A-3563-49F1-87DE-66D2E59B5BB7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{281012E1-14F5-43F8-BD3C-F6005B312AEE}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 

"UDP Query User{8CC04355-E31F-48FB-9CB8-6D305594E24E}C:\program files\luchterhand\bgb-kommentar\lplocal.exe" = protocol=17 | dir=in | app=c:\program files\luchterhand\bgb-kommentar\lplocal.exe | 

"UDP Query User{9710598C-51A4-4400-99A2-A022FB4F276C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

"UDP Query User{CC6C73F8-6834-4146-AFA3-85A46064A55F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11

"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox

"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2

"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module

"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite

"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme

"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings

"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour

"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV Ts

"{557696ED-2543-4D5D-9F53-0BDAAF8D5FB8}" = ArcSoft VideoImpression 2

"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support

"{59E1EEA6-EDBC-45C1-9754-A88119760547}" = ArcSoft MediaConverter 2.5

"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 

"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend

"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution

"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista

"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library

"{E629851A-1B1A-4671-961A-A9AF549E03A2}" = ArcSoft PhotoImpression 5

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager

"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer

"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"AOL Toolbar" = AOL Toolbar 5.0

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"BurnAware Free_is1" = BurnAware Free 2.3.7

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"ESET Online Scanner" = ESET Online Scanner v3

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"GameCenter_is1" = GameCenter 1.3.0.5

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"InstallShield_{20BD3140-16AF-4B5F-BCD6-052B6CD11DE6}" = ROUTE 66 Sync

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Luchterhand - BGB-Kommentar" = Luchterhand - BGB-Kommentar

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5)

"Nokia Ovi Suite" = Nokia Ovi Suite

"PDF Complete" = PDF Complete

"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1

"PROHYBRIDR" = 2007 Microsoft Office system

"PROSet" = Intel(R) PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.1

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"309a46b1dc89b774" = Dell Driver Download Manager

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.09.2011 14:36:18 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 15.09.2011 07:11:30 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 15.09.2011 10:23:15 | Computer Name = Headofhouse-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Roxio_Central33.exe, Version 3.50.6.0, Zeitstempel

 0x46577268, fehlerhaftes Modul CDDBUIRoxio.dll, Version 2.0.0.20, Zeitstempel 0x404ced8f,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00003440,  Prozess-ID 0x1418, Anwendungsstartzeit

 01cc73b2efbb1550.

 

Error - 17.09.2011 13:24:04 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 17.09.2011 13:32:43 | Computer Name = Headofhouse-PC | Source = Application Hang | ID = 1002

Description = Programm OTL.exe, Version 3.2.28.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 12b4  Anfangszeit: 01cc755eb8f9f0ff  Zeitpunkt der Beendigung:

 5

 

Error - 17.09.2011 13:38:57 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 17.09.2011 13:40:13 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 23.09.2011 03:51:10 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 24.09.2011 06:20:54 | Computer Name = Headofhouse-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 24.09.2011 09:14:02 | Computer Name = Headofhouse-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

[ OSession Events ]

Error - 06.01.2009 14:39:46 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 159 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 06.01.2009 14:40:31 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 37 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 10.01.2009 16:26:43 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 99 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 18.02.2009 15:51:36 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 235 seconds with 180 seconds of active time.  This session ended with a crash.

 

Error - 18.02.2009 15:52:02 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 

Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session 

lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 26.12.2010 11:32:14 | Computer Name = Headofhouse-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 18.09.2011 18:07:17 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 23.09.2011 05:34:01 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 23.09.2011 11:59:49 | Computer Name = Headofhouse-PC | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 24.09.2011 06:20:16 | Computer Name = Headofhouse-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 23.09.2011 um 22:05:50 unerwartet heruntergefahren.

 

Error - 24.09.2011 06:20:47 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 24.09.2011 06:20:54 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 24.09.2011 06:20:57 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 24.09.2011 06:20:57 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 24.09.2011 06:21:33 | Computer Name = Headofhouse-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 24.09.2011 06:25:07 | Computer Name = Headofhouse-PC | Source = Service Control Manager | ID = 7009

Description = 

 

 

< End of report >

Gruss

Bestehen noch Probleme?

Beim AntiVir Scan habe ich eine Meldung erhalten, dass ein File "C:\_OTL\MovedFiles\..." ein Trojanisches Pferd ist.

Ansonsten funktioniert alles sehr gut.

Was meinst du?

Ja das ist in der Quarantäne von OTL und wird jetzt gleich entfernt :)

Schritt 1

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Schritt 2

Logfile ist sauber :daumenhoc

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.