Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Nervige Skriptfehlermeldung bei Mozilla wenn ich gmx starte (https://www.trojaner-board.de/117322-nervige-skriptfehlermeldung-mozilla-gmx-starte.html)

Beast83 14.06.2012 14:27
Nervige Skriptfehlermeldung bei Mozilla wenn ich gmx starte
 
Hallo,

habe zwar schon gelesen wie anderen hier geholfen wurde, aber da stand man solle auf Anordnung warten, daher dieser Thread!

Habe bei Mozilla folgendes Problem:

wenn ich gmx öffne kommt dieser skriptfehler:

Skript: hxxp://1.2.3.50/jsi/flash.php?file=gordon.js:198

wenn ich weiter klicke hängt sich mozilla auf! Bei Stop kommt ständig diese Fehlermeldung wieder.

Was ich bereits gemacht habe, habe bei mozilla im about config die zeit auf 20 umgestellt, aber es scheint daran nicht zu liegen.

Mozilla Chronik habe ich gelöscht und ein neues update gemacht.

Alle anderen Seiten funktionieren einwandfrei, nur gmx nicht :eek:

Bitte helft mir! Danke

kira 15.06.2012 09:54
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

Beast83 15.06.2012 12:19
Danke!

So habe nun die ersten Ergebnisse von OTL, extras folgen!

OTL Logfile:
Code:
OTL logfile created on: 15.06.2012 13:03:09 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\PUB\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,15% Memory free
4,22 Gb Paging File | 2,86 Gb Available in Paging File | 67,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 229,15 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive E: | 45,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PUB-PC | User Name: PUB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\PUB\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\b03386569c9ce7b2079f3fb3aaf370e6\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\81983f051a8a49dabc8bcacc3b814189\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NProtectService) -- C:\Program Files\Norton Utilities\NPROTECT.EXE File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (VmbService) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (RTL8187B) -- system32\DRIVERS\wg111v3.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vodafone_zte_ecm_enum_filter) -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys (Vodafone)
DRV - (vodafone_zte_ecm_enum) Vodafone Vodafone ZTE DC Enumerator (ZTE) -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys (Vodafone)
DRV - (vodafone_zte_cdc_acm) Vodafone Vodafone ZTE CDC-ACM driver (ZTE) -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys (Vodafone)
DRV - (vodafone_zte_cdc_ecm) -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys (Vodafone)
DRV - (vodafone_zte_cpo) -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys (Vodafone)
DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NPDriver) -- C:\Windows\System32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 8E 54 60 0F 4A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PUB\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 15:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 06:26:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.05.09 13:35:01 | 000,000,000 | ---D | M]
 
[2011.11.21 21:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PUB\AppData\Roaming\mozilla\Extensions
[2012.06.14 14:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PUB\AppData\Roaming\mozilla\Firefox\Profiles\b36ur7ij.default\extensions
[2012.06.14 15:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.15 10:41:30 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\PUB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B36UR7IJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.06.14 14:55:21 | 000,053,072 | ---- | M] () (No name found) -- C:\USERS\PUB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B36UR7IJ.DEFAULT\EXTENSIONS\YESSCRIPT@USERSTYLES.ORG.XPI
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF779DC3-5567-4AED-8299-DE9DB82E61C4}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\PUB\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\PUB\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.14 20:46:15 | 000,000,118 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2011.06.09 22:19:29 | 000,278,528 | R--- | M] (Vodafone)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.14 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9BF5C676-752E-41DF-A79E-F63F92C03B67}
[2012.06.14 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{246C100E-5FB5-4159-BE22-B16ED6C6B65F}
[2012.06.14 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.06.14 11:48:58 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Roaming\Auslogics
[2012.06.14 11:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.06.14 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012.06.14 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities
[2012.06.14 11:32:24 | 000,057,664 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.06.14 11:32:24 | 000,036,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\S32EVNT1.DLL
[2012.06.14 11:32:24 | 000,004,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SYMEVNT1.DLL
[2012.06.14 11:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.06.14 11:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.06.14 11:32:02 | 000,034,354 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NPDRIVER.SYS
[2012.06.14 11:32:00 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAR332.DLL
[2012.06.14 11:32:00 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSRD2X35.DLL
[2012.06.14 11:32:00 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL
[2012.06.14 11:32:00 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL
[2012.06.14 11:31:59 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL
[2012.06.14 11:31:59 | 000,031,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\S32STAT.DLL
[2012.06.14 11:31:53 | 000,531,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.NU6
[2012.06.14 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.06.14 11:31:19 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.06.14 06:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.14 06:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.14 06:26:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.14 06:26:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.14 06:25:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.14 06:25:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.14 06:21:34 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\Macromedia
[2012.06.14 06:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.06.14 06:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.06.14 06:21:26 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.13 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{095B1722-5E22-4939-AE54-EF59B60899C0}
[2012.06.13 21:39:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{891A1D15-EDA4-4CB4-B64D-3BCD1FF0F4E5}
[2012.06.12 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D37D9BCA-C7BC-4B41-9AFE-EED9509004B6}
[2012.06.12 13:02:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4B9B74EF-F827-4D32-A41A-B2DCD7681709}
[2012.06.11 10:05:03 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{F1142BF0-8A61-42A3-B2E3-4ECD2D43F474}
[2012.06.11 10:04:59 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{2ADD11D2-18C9-4AB5-AC9C-EE405B7A9614}
[2012.06.10 21:38:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{C1902309-DF3C-45F2-B188-7BAC143CF001}
[2012.06.10 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{C8795C10-7EBA-476C-972A-9B38594CD8EC}
[2012.06.09 15:22:09 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{A2678AAE-661F-431F-B1E9-7499ED277E9C}
[2012.06.09 15:21:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{72708C00-02FE-49B7-AAA8-208807E5ED2D}
[2012.06.08 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{43A48165-1FB3-4C6B-BEBE-90618958E955}
[2012.06.08 12:40:51 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{ADC8AA85-931B-44F7-B021-11E342FE1676}
[2012.06.08 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9032F94B-0D11-4F08-BFEA-D720A8AFB904}
[2012.06.07 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4974E96C-607E-474F-8934-91621C590436}
[2012.06.07 12:10:03 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{7518F9C7-E014-4D99-87CE-655B3F6B61E2}
[2012.06.07 12:09:50 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{34182228-AEB2-424E-B198-567200467747}
[2012.06.06 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{DD138B18-3D35-4F94-857B-98E6014FF896}
[2012.06.06 11:11:25 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{40117654-9983-45ED-94D0-05DE70208769}
[2012.06.05 17:11:41 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{33741C48-2809-471B-B2F4-60F0BA853116}
[2012.06.05 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{455BD9F4-A3B3-45D8-94B9-530A78503B6D}
[2012.06.05 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{E94D061B-9214-4AD8-93AE-F3CCEC3668EB}
[2012.06.04 18:08:21 | 000,000,000 | ---D | C] -- C:\Users\PUB\Desktop\t-shirt
[2012.06.04 12:50:55 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{3BA5A526-995D-4987-8BB6-86C013C50904}
[2012.06.04 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{5D79F818-EBB8-406C-85B6-C7CC9EF67C53}
[2012.06.02 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{DC3D1370-2272-4CDB-9BAC-697D68552029}
[2012.06.02 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{1EC7DC0E-304A-4746-B7B3-297B1BB891A8}
[2012.06.02 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{2F4F7400-A931-48B9-859B-845FAE48C7A3}
[2012.06.02 09:16:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9FC559D4-D26F-420F-A76B-21C04FA34596}
[2012.06.01 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{CA52A7B4-F2AF-43E1-AE1A-C73D82E822C1}
[2012.06.01 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{A5274717-FD0E-44E4-B34E-BA7073E5011F}
[2012.05.31 22:11:20 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{303DCCF8-7018-4156-A09A-D1E3F7EA478F}
[2012.05.31 22:11:07 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{AC03AFD9-F4EC-4B52-8871-80E3800B543F}
[2012.05.29 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D8771228-6DD3-4988-8DF3-D5249D2307FF}
[2012.05.29 11:31:06 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{F691A70F-E04E-4FBE-8258-5181C0C07419}
[2012.05.29 10:33:30 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{6DA713E0-063E-450D-991E-BDDE808AB1BD}
[2012.05.29 10:33:17 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{CF6084BA-E0F3-421A-8FE4-0DDFE2CE4545}
[2012.05.29 09:54:04 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4BCD5178-126B-4C50-BEBD-EBE9DFDC280A}
[2012.05.29 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{AF0CBF99-8C34-4488-A4EF-5491C01C4866}
[2012.05.22 21:52:48 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{3E5CB39F-0879-4ABB-BA4A-ECA062D1D1E0}
[2012.05.22 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{53999A8E-C83D-404D-B4AA-178368EF2FF4}
[2012.05.19 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{B078AB91-DE25-4BE7-BE75-F6D37E7E27BE}
[2012.05.19 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D4C2C682-C94A-480F-B50E-FCA42EAC4E1A}
[2012.05.18 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{39ADC54E-3C30-41E4-823A-704F39CAD754}
[2012.05.18 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{11EC9867-AFE1-4510-8E30-4D9385FC3CF2}
[2012.05.17 20:21:54 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.17 20:21:54 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.17 20:21:54 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.17 20:21:54 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.17 20:21:54 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.17 20:20:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.17 20:20:54 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.17 20:20:54 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 12:49:54 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 12:49:54 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 06:54:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.15 06:54:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.15 06:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 22:26:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.14 15:02:06 | 000,000,870 | ---- | M] () -- C:\Users\PUB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.06.14 15:02:06 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.14 12:03:01 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.14 12:03:01 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.14 11:48:55 | 000,001,039 | ---- | M] () -- C:\Users\PUB\Desktop\Auslogics Disk Defrag.lnk
[2012.06.14 11:41:10 | 000,032,256 | ---- | M] () -- C:\Users\PUB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 11:32:48 | 000,000,898 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Norton System Doctor.lnk
[2012.06.14 11:32:47 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities Integrator.lnk
[2012.06.14 11:31:20 | 000,000,022 | ---- | M] () -- C:\Windows\_ISNU.INI
[2012.06.14 11:31:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.06.14 11:31:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.06.14 06:25:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.14 06:25:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.14 06:21:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 06:21:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.10 21:25:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.06.09 10:58:02 | 000,164,255 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012.05.23 18:04:22 | 000,095,789 | ---- | M] () -- C:\Users\PUB\ESt2011_Rüßler_Hans-Peter.elfo
[2012.05.17 20:37:20 | 000,295,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.17 20:16:34 | 000,117,489 | ---- | M] () -- C:\Users\PUB\ESt2011_Wypior_Bianca.elfo
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.14 11:48:55 | 000,001,039 | ---- | C] () -- C:\Users\PUB\Desktop\Auslogics Disk Defrag.lnk
[2012.06.14 11:32:48 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Norton System Doctor.lnk
[2012.06.14 11:32:47 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities Integrator.lnk
[2012.06.14 11:32:24 | 000,120,379 | ---- | C] () -- C:\Windows\System32\SYMEVNT.386
[2012.06.14 11:31:20 | 000,000,022 | ---- | C] () -- C:\Windows\_ISNU.INI
[2012.06.14 11:31:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.06.14 11:31:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.06.14 06:21:27 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.06.14 06:21:27 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.06.09 10:57:58 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.05.23 17:59:50 | 000,095,789 | ---- | C] () -- C:\Users\PUB\ESt2011_Rüßler_Hans-Peter.elfo
[2012.04.16 17:30:38 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.04.16 17:30:19 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.01.31 16:10:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.01.06 21:03:35 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe
[2012.01.06 21:03:04 | 000,004,126 | ---- | C] () -- C:\Windows\unins001.dat
[2012.01.06 20:12:16 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2012.01.06 20:12:16 | 000,000,845 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.22 20:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.22 20:55:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.22 20:54:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.11.22 20:54:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.21 21:55:07 | 000,000,552 | ---- | C] () -- C:\Users\PUB\AppData\Local\d3d8caps.dat
[2011.11.21 21:54:51 | 000,032,256 | ---- | C] () -- C:\Users\PUB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.21 21:19:51 | 000,000,680 | ---- | C] () -- C:\Users\PUB\AppData\Local\d3d9caps.dat
[2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

< End of report >
--- --- ---


So nun die Extras

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 15.06.2012 13:03:09 - Run 1
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\PUB\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,15% Memory free
4,22 Gb Paging File | 2,86 Gb Available in Paging File | 67,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 229,15 Gb Free Space | 76,87% Space Free | Partition Type: NTFS
Drive E: | 45,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PUB-PC | User Name: PUB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3009448D-0974-485C-8C91-D1FBFEF8A81B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B8B1C2EA-7965-4682-9C2F-0BC8CD9D2208}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BAF04C1-35E6-4673-ABEB-3B6EA1258FDC}" = protocol=17 | dir=in | app=c:\users\pub\appdata\local\temp\7zs70b7\hpdiagnosticcoreui.exe |
"{3E27150C-2B72-49A9-B761-727D27843435}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{502A60BB-3429-45A3-A2ED-B5A39A52B697}" = protocol=6 | dir=in | app=c:\users\pub\appdata\local\temp\7zs70b7\hpdiagnosticcoreui.exe |
"{6E6CD6F4-964A-40DA-9501-7BA0BB0D22C7}" = protocol=17 | dir=in | app=c:\users\pub\appdata\local\temp\7zs4aef\hpdiagnosticcoreui.exe |
"{75F80537-62B2-4B0E-A7C6-B8D6198DCCDF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{79FF5AC5-9EA1-4B07-B849-976F84AADA26}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{7F27F370-2519-4610-AF37-6D660C957A1F}" = protocol=6 | dir=in | app=c:\users\pub\appdata\local\temp\7zs6be8\hpdiagnosticcoreui.exe |
"{B0A42233-0CFB-47CA-B567-FDAF5A3A9C53}" = protocol=17 | dir=in | app=c:\users\pub\appdata\local\temp\7zs6be8\hpdiagnosticcoreui.exe |
"{B3E361F3-E800-43A4-9FFB-066519430256}" = protocol=6 | dir=in | app=c:\users\pub\appdata\local\temp\7zs4aef\hpdiagnosticcoreui.exe |
"{F951BC3B-2A9E-455E-8899-287DB0791AF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{8F8E76E1-BF7E-4E08-A893-A86A3C569533}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E9D9FC2C-6386-4E9C-97B8-352938DAA2C5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Norton Utilities" = Norton Utilities 2002 for Windows
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"XnView_is1" = XnView 1.98.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2012 05:49:00 | Computer Name = PUB-PC | Source = Perflib | ID = 1017
Description =
 
Error - 14.06.2012 08:29:50 | Computer Name = PUB-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 14.06.2012 08:31:25 | Computer Name = PUB-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.06.2012 08:59:11 | Computer Name = PUB-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.0.4535 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 1404  Anfangszeit: 01cd4a2d5526e81d  Zeitpunkt der
 Beendigung: 15
 
Error - 14.06.2012 09:04:10 | Computer Name = PUB-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 14.06.2012 09:05:40 | Computer Name = PUB-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.06.2012 00:49:59 | Computer Name = PUB-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 15.06.2012 00:51:34 | Computer Name = PUB-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.06.2012 01:09:24 | Computer Name = PUB-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 13.0.0.4535, Zeitstempel
 0x4fc8de63, fehlerhaftes Modul NPSWF32_11_3_300_257.dll_unloaded, Version 0.0.0.0,
 Zeitstempel 0x4fc821fc, Ausnahmecode 0xc0000005, Fehleroffset 0x60b79903,  Prozess-ID
 0x88c, Anwendungsstartzeit 01cd4ab46b88d01d.
 
Error - 15.06.2012 01:26:30 | Computer Name = PUB-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 13.0.0.4535, Zeitstempel
 0x4fc8de63, fehlerhaftes Modul NPSWF32_11_3_300_257.dll_unloaded, Version 0.0.0.0,
 Zeitstempel 0x4fc821fc, Ausnahmecode 0xc0000005, Fehleroffset 0x60b79903,  Prozess-ID
 0xce0, Anwendungsstartzeit 01cd4ab6f71a4bcd.
 
[ System Events ]
Error - 21.12.2011 09:12:51 | Computer Name = PUB-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.01.2012 07:42:05 | Computer Name = PUB-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{591A03F4-2C56-4720-8BDC-83F6CE887993} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 28.02.2012 03:44:14 | Computer Name = PUB-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (94:3a:f0:a4:09:3c) ist fehlgeschlagen.
 
Error - 28.02.2012 03:44:48 | Computer Name = PUB-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (94:3a:f0:a4:09:3c) ist fehlgeschlagen.
 
 
< End of report >
--- --- ---


Mache mich nun an den zweiten Schritt!

So nun das Ergebnis des zweiten Schritts

Code:
3DVIA player 5.0        3DVIA        26.01.2012        19,2MB        5.0.0.15
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        20.11.2011                11.1.102.55
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        13.06.2012                11.3.300.257
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        11.04.2012        121,4MB        10.1.3
Adobe Shockwave Player 11.6        Adobe Systems, Inc.        13.06.2012        7,40MB        11.6.5.635
Auslogics Disk Defrag        Auslogics Software Pty Ltd        13.06.2012        9,38MB        version 3.4
Avira Free Antivirus        Avira        07.05.2012        158,4MB        12.0.0.1125
CCleaner        Piriform        22.05.2012        4,71MB        3.19
ElsterFormular        Landesfinanzdirektion Thüringen        08.02.2012        160,6MB        13.0.0.8086p
Flatcast Viewer Plugin 5.2.2.454        1 mal 1 Software GmbH        05.01.2012               
Flatcast Viewer Plugin 5.3.0.784        1 mal 1 Software GmbH        05.01.2012               
GIMP 2.6.12        The GIMP Team        02.05.2012        119,2MB        2.6.12
HP Customer Participation Program 8.0        HP        15.04.2012        241MB        8.0
HP Imaging Device Functions 8.0        HP        15.04.2012        1,54MB        8.0
HP OCR Software 8.0        HP        15.04.2012        1,53MB        8.0
HP Photosmart Essential        HP        15.04.2012        10,2MB        1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B        HP        15.04.2012        75,8MB        8.0
HP Solution Center 8.0        HP        15.04.2012        1,53MB        8.0
HP Update        Hewlett-Packard        16.04.2012        3,93MB        5.003.001.001
HPSSupply        Ihr Firmenname        15.04.2012        0,96MB        2.1.3.0000
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        15.03.2012               
Java(TM) 6 Update 31        Oracle        15.02.2012        95,1MB        6.0.310
Java(TM) 7 Update 5        Oracle        13.06.2012        99,3MB        7.0.50
JavaFX 2.1.1        Oracle Corporation        13.06.2012        20,9MB        2.1.1
LiveUpdate 1.6 (Symantec Corporation)        Symantec Corporation        13.06.2012        2,87MB       
McAfee Security Scan Plus        McAfee, Inc.        13.06.2012        10,0MB        3.0.207.4
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        04.12.2011        27,8MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        16.03.2012        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        16.03.2012        24,5MB        4.0.30319
Microsoft Silverlight        Microsoft Corporation        13.06.2012        40,2MB        5.1.10411.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        20.11.2011        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        08.02.2012        0,58MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        13.03.2012        11,1MB        10.0.40219
Mozilla Firefox 13.0 (x86 de)        Mozilla        13.06.2012        39,1MB        13.0
Mozilla Maintenance Service        Mozilla        06.06.2012        0,21MB        13.0
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        18.04.2012        34,00KB        4.20.9841.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        18.04.2012        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        20.04.2012        1,34MB        4.20.9876.0
Nokia Connectivity Cable Driver        Nokia        08.05.2012        3,34MB        7.1.69.0
Nokia Suite        Nokia        08.05.2012        129,8MB        3.3.89.0
Norton Utilities 2002 for Windows        Symantec Corporation        13.06.2012               
OpenOffice.org 3.3        OpenOffice.org        20.11.2011        413MB        3.3.9567
PC Connectivity Solution        Nokia        08.05.2012        14,7MB        11.5.29.0
PDF24 Creator 4.1.2        PDF24.org        12.01.2012        35,6MB       
Sony Ericsson Update Engine        Sony Ericsson Mobile Communications AB        08.05.2012        22,4MB        2.12.5.57
Sony PC Companion 2.10.053        Sony        11.04.2012        60,9MB        2.10.053
Ulead PhotoImpact 12        Ulead System        20.11.2011        186,8MB        12.0
Unity Web Player        Unity Technologies ApS        27.02.2012        0,20MB       
VLC media player 1.1.11        VideoLAN        20.11.2011        82,1MB        1.1.11
Vodafone Mobile Broadband Lite        Vodafone        14.05.2012        46,7MB        10.2.302.33178
Windows Live Essentials        Microsoft Corporation        14.03.2012                15.4.3538.0513
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia        08.05.2012                08/22/2008 7.0.0.0
WinRAR 4.11 (32-Bit)        win.rar GmbH        25.02.2012        4,19MB        4.11.0
XnView 1.98.5        Gougelet Pierre-e        11.02.2012        16,6MB        1.98.5
Hallo Kira,

nun das Ergebnis vom letzten Schritt

[code]
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:24, on 15.06.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19222)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\PDF24\pdf24.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\PUB\Downloads\OTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PUB\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Utilities\NPROTECT.EXE (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Vodafone-Mobile-Broadband-Dienst (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 6318 bytes
--- --- ---


Vielen Dank schon mal für Deine Hilfe, mittlerweile hat der Explorer auch diese Macke....

Lg Bianca

kira 15.06.2012 15:00
Systemreinigung und Prüfung:

Du hast Avira...
1.
wieso verwendest Du noch das Programm:
Zitat:
LiveUpdate 1.6 (Symantec Corporation)
Norton Utilities 2002 for Windows
auch mit Virenschutz und wenn ich richtig bin, für Vista garnix geegnet?
ich denke besser sollst ihn deinstallieren!

2.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

3.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search"
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O4 - HKCU..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.14 20:46:15 | 000,000,118 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\Shell - "" = AutoRun
O33 - MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2011.06.09 22:19:29 | 000,278,528 | R--- | M] (Vodafone)

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

Beast83 16.06.2012 17:29
Hallo Kira,

ich habe MC Afee deinstalliert. Habe den Defender deaktiviert wie Du es geschrieben hast, musste auch nach dem Neustart das Häckchen noch rausmachen da er noch mitlief.

Nun habe ich aber ein Problem das Norton zu deinstallieren.

Die Installationsprotokolldatei C:\Program Files\NotonUtilities\uninst.isu kann nicht gefunden werden. Die Deinstallation wird abgebrochen.

Dann habe ich noch eine Frage LiveUpdate soll ich auch deinstallieren?

Habe noch keine weiteren Schritte gemacht da ich Norton nicht deinstalliert kriege.

Danke für Deine Hilfe Kira, ohne Dich wäre ich völlig planlos!

kira 16.06.2012 22:11
versuche im abgesicherten Modus zu deinstallieren:
Zitat:
LiveUpdate 1.6 (Symantec Corporation)
Norton Utilities 2002 for Windows
Drücke beim Hochfahren des rechners [F8] (bei win xp) solange, bis du eine auswahlmöglichkeit hast:
- wähle hier: "Abgesicherter Modus"

wenn gelingt es noch immer nicht:

Software mit Revo Uninstaller deinstallieren

Downloade von Revo Group die Freeware-Version des Revo Uninstallers
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Icon Revo Uninstaller.
  • Doppelklicke nacheinander folgende Software aus der Code-Box (Name wie unter Software/Programme augelistet):
    Code:
    LiveUpdate
    Norton Utilities 2002
  • Bestätige die Deinstallation mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach übrig gebliebenen Registry-Einträgen auf dem Rechner suchen. Klicke auf weiter.
  • Klicke auf den Button Markiere alle, klicke auf löschen und weiter und bestätige mit Ja.
  • Zum Schluss sucht das Tool evtl. noch nach übrig geblieben Dateien und Ordnern.
  • Prüfe die Ordner und Dateien und klicke ggfs. auf den Button Markiere alle, klicke auf weiter und bestätige mit Ja.

Starte den Rechner neu.

Beast83 17.06.2012 09:38
Guten Morgen Kira,

habe mit dem Revo Uninstaller Norton entfernt. Habe auch gimp entfernt, da ich es nicht benutze.

Hier dir Textdatei
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "BittorrentBar_DE Customized Web Search" removed from browser.search.selectedEngine
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16a08f1f-99b0-11e1-954f-002421b246a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16a08f1f-99b0-11e1-954f-002421b246a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16a08f1f-99b0-11e1-954f-002421b246a8}\ not found.
File J:\NokiaPCIA_Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{585ec4ba-509b-11e1-806b-002421b246a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{585ec4ba-509b-11e1-806b-002421b246a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{585ec4ba-509b-11e1-806b-002421b246a8}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83e4d6dc-4bdf-11e1-9385-002421b246a8}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c62ca3be-9e7d-11e1-85af-002421b246a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c62ca3be-9e7d-11e1-85af-002421b246a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c62ca3be-9e7d-11e1-85af-002421b246a8}\ not found.
File move failed. E:\setup_vmb_lite.exe scheduled to be moved on reboot.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\PUB\Downloads\cmd.bat deleted successfully.
C:\Users\PUB\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: PUB
->Temp folder emptied: 324499 bytes
->Temporary Internet Files folder emptied: 35222581 bytes
->Java cache emptied: 2162274 bytes
->FireFox cache emptied: 72487647 bytes
->Flash cache emptied: 602 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36576 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 106,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06172012_102326

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\setup_vmb_lite.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Mozilla hat heute morgen ein update gefahren.
Starte jetzt den CCleaner!

Vielen Dank Kira

Habe die letzten beiden Punkte ebensfalls bearbeitet

hier die OTL files

OTL Logfile:
Code:
OTL logfile created on: 17.06.2012 10:48:29 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\PUB\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,42% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 228,76 Gb Free Space | 76,74% Space Free | Partition Type: NTFS
Drive E: | 45,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PUB-PC | User Name: PUB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.15 13:00:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PUB\Downloads\OTL.exe
PRC - [2012.05.08 22:18:58 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:18:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 22:18:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:18:58 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011.07.14 15:45:14 | 000,279,552 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2004.11.26 12:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.18 13:03:40 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.18 13:03:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll
MOD - [2012.05.18 13:03:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.18 13:02:59 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.18 13:02:57 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\442135bc0b503b42ab2d752c23bea631\System.Security.ni.dll
MOD - [2012.05.18 13:02:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.18 13:02:51 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012.05.17 21:56:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.17 21:56:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012.05.17 21:56:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012.05.17 21:56:20 | 010,683,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\b03386569c9ce7b2079f3fb3aaf370e6\System.Design.ni.dll
MOD - [2012.05.17 21:56:02 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\81983f051a8a49dabc8bcacc3b814189\System.Data.ni.dll
MOD - [2012.05.17 21:55:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.17 21:55:02 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.11.21 22:22:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004.07.26 18:11:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2012.06.17 09:57:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 22:18:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 22:18:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.14 15:45:44 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2008.01.21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v3.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 22:18:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 22:18:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.06 12:41:38 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.02.06 12:41:38 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 10:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.11.01 10:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum_filter.sys -- (vodafone_zte_ecm_enum_filter)
DRV - [2011.05.20 17:15:54 | 000,047,488 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_zte_ecm_enum.sys -- (vodafone_zte_ecm_enum) Vodafone Vodafone ZTE DC Enumerator (ZTE)
DRV - [2011.05.20 17:15:52 | 000,067,968 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_zte_cdc_acm.sys -- (vodafone_zte_cdc_acm) Vodafone Vodafone ZTE CDC-ACM driver (ZTE)
DRV - [2011.05.20 17:15:52 | 000,032,768 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_zte_cdc_ecm.sys -- (vodafone_zte_cdc_ecm)
DRV - [2011.05.20 17:15:52 | 000,009,984 | ---- | M] (Vodafone) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vodafone_zte_cpo.sys -- (vodafone_zte_cpo)
DRV - [2010.09.01 14:33:12 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2001.08.05 06:00:00 | 000,034,354 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2001.07.16 11:52:06 | 000,057,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 8E 54 60 0F 4A CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PUB\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 09:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 06:26:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.05.09 13:35:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 09:57:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 06:26:14 | 000,000,000 | ---D | M]
 
[2011.11.21 21:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PUB\AppData\Roaming\mozilla\Extensions
[2012.06.14 14:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PUB\AppData\Roaming\mozilla\Firefox\Profiles\b36ur7ij.default\extensions
[2012.06.14 15:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.15 10:41:30 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\PUB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B36UR7IJ.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012.06.14 14:55:21 | 000,053,072 | ---- | M] () (No name found) -- C:\USERS\PUB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B36UR7IJ.DEFAULT\EXTENSIONS\YESSCRIPT@USERSTYLES.ORG.XPI
[2012.06.17 09:57:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF779DC3-5567-4AED-8299-DE9DB82E61C4}: DhcpNameServer = 139.7.30.125 139.7.30.126
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\PUB\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\PUB\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.07.14 20:46:15 | 000,000,118 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.17 10:23:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.17 10:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.06.17 10:11:18 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.06.15 13:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.06.15 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.06.15 13:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.06.14 22:25:47 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9BF5C676-752E-41DF-A79E-F63F92C03B67}
[2012.06.14 22:25:33 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{246C100E-5FB5-4159-BE22-B16ED6C6B65F}
[2012.06.14 11:48:58 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Roaming\Auslogics
[2012.06.14 11:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.06.14 11:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012.06.14 11:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities
[2012.06.14 11:32:24 | 000,057,664 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.06.14 11:32:24 | 000,036,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\S32EVNT1.DLL
[2012.06.14 11:32:24 | 000,004,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SYMEVNT1.DLL
[2012.06.14 11:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.06.14 11:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.06.14 11:32:02 | 000,034,354 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NPDRIVER.SYS
[2012.06.14 11:32:00 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAR332.DLL
[2012.06.14 11:32:00 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSRD2X35.DLL
[2012.06.14 11:32:00 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL
[2012.06.14 11:32:00 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL
[2012.06.14 11:31:59 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL
[2012.06.14 11:31:59 | 000,031,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\S32STAT.DLL
[2012.06.14 11:31:53 | 000,531,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.NU6
[2012.06.14 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.06.14 11:31:19 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.06.14 06:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.06.14 06:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.06.14 06:26:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.06.14 06:26:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.06.14 06:25:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.14 06:25:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.14 06:21:34 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\Macromedia
[2012.06.14 06:21:26 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.13 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{095B1722-5E22-4939-AE54-EF59B60899C0}
[2012.06.13 21:39:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{891A1D15-EDA4-4CB4-B64D-3BCD1FF0F4E5}
[2012.06.12 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D37D9BCA-C7BC-4B41-9AFE-EED9509004B6}
[2012.06.12 13:02:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4B9B74EF-F827-4D32-A41A-B2DCD7681709}
[2012.06.11 10:05:03 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{F1142BF0-8A61-42A3-B2E3-4ECD2D43F474}
[2012.06.11 10:04:59 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{2ADD11D2-18C9-4AB5-AC9C-EE405B7A9614}
[2012.06.10 21:38:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{C1902309-DF3C-45F2-B188-7BAC143CF001}
[2012.06.10 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{C8795C10-7EBA-476C-972A-9B38594CD8EC}
[2012.06.09 15:22:09 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{A2678AAE-661F-431F-B1E9-7499ED277E9C}
[2012.06.09 15:21:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{72708C00-02FE-49B7-AAA8-208807E5ED2D}
[2012.06.08 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{43A48165-1FB3-4C6B-BEBE-90618958E955}
[2012.06.08 12:40:51 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{ADC8AA85-931B-44F7-B021-11E342FE1676}
[2012.06.08 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9032F94B-0D11-4F08-BFEA-D720A8AFB904}
[2012.06.07 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4974E96C-607E-474F-8934-91621C590436}
[2012.06.07 12:10:03 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{7518F9C7-E014-4D99-87CE-655B3F6B61E2}
[2012.06.07 12:09:50 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{34182228-AEB2-424E-B198-567200467747}
[2012.06.06 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{DD138B18-3D35-4F94-857B-98E6014FF896}
[2012.06.06 11:11:25 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{40117654-9983-45ED-94D0-05DE70208769}
[2012.06.05 17:11:41 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{33741C48-2809-471B-B2F4-60F0BA853116}
[2012.06.05 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{455BD9F4-A3B3-45D8-94B9-530A78503B6D}
[2012.06.05 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{E94D061B-9214-4AD8-93AE-F3CCEC3668EB}
[2012.06.04 18:08:21 | 000,000,000 | ---D | C] -- C:\Users\PUB\Desktop\t-shirt
[2012.06.04 12:50:55 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{3BA5A526-995D-4987-8BB6-86C013C50904}
[2012.06.04 12:50:42 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{5D79F818-EBB8-406C-85B6-C7CC9EF67C53}
[2012.06.02 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{DC3D1370-2272-4CDB-9BAC-697D68552029}
[2012.06.02 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{1EC7DC0E-304A-4746-B7B3-297B1BB891A8}
[2012.06.02 09:17:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{2F4F7400-A931-48B9-859B-845FAE48C7A3}
[2012.06.02 09:16:54 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{9FC559D4-D26F-420F-A76B-21C04FA34596}
[2012.06.01 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{CA52A7B4-F2AF-43E1-AE1A-C73D82E822C1}
[2012.06.01 12:59:48 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{A5274717-FD0E-44E4-B34E-BA7073E5011F}
[2012.05.31 22:11:20 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{303DCCF8-7018-4156-A09A-D1E3F7EA478F}
[2012.05.31 22:11:07 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{AC03AFD9-F4EC-4B52-8871-80E3800B543F}
[2012.05.29 11:31:19 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D8771228-6DD3-4988-8DF3-D5249D2307FF}
[2012.05.29 11:31:06 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{F691A70F-E04E-4FBE-8258-5181C0C07419}
[2012.05.29 10:33:30 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{6DA713E0-063E-450D-991E-BDDE808AB1BD}
[2012.05.29 10:33:17 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{CF6084BA-E0F3-421A-8FE4-0DDFE2CE4545}
[2012.05.29 09:54:04 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{4BCD5178-126B-4C50-BEBD-EBE9DFDC280A}
[2012.05.29 09:53:51 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{AF0CBF99-8C34-4488-A4EF-5491C01C4866}
[2012.05.22 21:52:48 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{3E5CB39F-0879-4ABB-BA4A-ECA062D1D1E0}
[2012.05.22 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{53999A8E-C83D-404D-B4AA-178368EF2FF4}
[2012.05.19 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{B078AB91-DE25-4BE7-BE75-F6D37E7E27BE}
[2012.05.19 12:23:55 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{D4C2C682-C94A-480F-B50E-FCA42EAC4E1A}
[2012.05.18 17:12:32 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{39ADC54E-3C30-41E4-823A-704F39CAD754}
[2012.05.18 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\PUB\AppData\Local\{11EC9867-AFE1-4510-8E30-4D9385FC3CF2}
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.17 10:52:06 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.17 10:52:06 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.17 10:45:30 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 10:45:30 | 000,004,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 10:45:02 | 000,285,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.17 10:44:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.17 10:44:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.17 10:43:12 | 000,110,770 | ---- | M] () -- C:\Users\PUB\Documents\cc_20120617_104307.reg
[2012.06.17 10:11:19 | 000,001,057 | ---- | M] () -- C:\Users\PUB\Desktop\Revo Uninstaller.lnk
[2012.06.15 13:36:21 | 000,002,519 | ---- | M] () -- C:\Users\PUB\Desktop\HiJackThis.lnk
[2012.06.15 13:25:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.14 15:02:06 | 000,000,870 | ---- | M] () -- C:\Users\PUB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.06.14 15:02:06 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.14 11:48:55 | 000,001,039 | ---- | M] () -- C:\Users\PUB\Desktop\Auslogics Disk Defrag.lnk
[2012.06.14 11:41:10 | 000,032,256 | ---- | M] () -- C:\Users\PUB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.14 11:31:20 | 000,000,022 | ---- | M] () -- C:\Windows\_ISNU.INI
[2012.06.14 11:31:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012.06.14 11:31:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012.06.14 06:25:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.06.14 06:25:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.14 06:21:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.14 06:21:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.10 21:25:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.06.09 10:58:02 | 000,164,255 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012.05.23 18:04:22 | 000,095,789 | ---- | M] () -- C:\Users\PUB\ESt2011_Rüßler_Hans-Peter.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.17 10:43:08 | 000,110,770 | ---- | C] () -- C:\Users\PUB\Documents\cc_20120617_104307.reg
[2012.06.17 10:11:19 | 000,001,057 | ---- | C] () -- C:\Users\PUB\Desktop\Revo Uninstaller.lnk
[2012.06.15 13:34:44 | 000,002,519 | ---- | C] () -- C:\Users\PUB\Desktop\HiJackThis.lnk
[2012.06.15 13:25:56 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.06.14 11:48:55 | 000,001,039 | ---- | C] () -- C:\Users\PUB\Desktop\Auslogics Disk Defrag.lnk
[2012.06.14 11:32:24 | 000,120,379 | ---- | C] () -- C:\Windows\System32\SYMEVNT.386
[2012.06.14 11:31:20 | 000,000,022 | ---- | C] () -- C:\Windows\_ISNU.INI
[2012.06.14 11:31:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012.06.14 11:31:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012.06.09 10:57:58 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.05.23 17:59:50 | 000,095,789 | ---- | C] () -- C:\Users\PUB\ESt2011_Rüßler_Hans-Peter.elfo
[2012.04.16 17:30:38 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.04.16 17:30:19 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.01.31 16:10:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012.01.06 21:03:35 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe
[2012.01.06 21:03:04 | 000,004,126 | ---- | C] () -- C:\Windows\unins001.dat
[2012.01.06 20:12:16 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2012.01.06 20:12:16 | 000,000,845 | ---- | C] () -- C:\Windows\unins000.dat
[2011.11.22 20:55:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.22 20:55:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.22 20:54:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.11.22 20:54:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.21 21:55:07 | 000,000,552 | ---- | C] () -- C:\Users\PUB\AppData\Local\d3d8caps.dat
[2011.11.21 21:54:51 | 000,032,256 | ---- | C] () -- C:\Users\PUB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.21 21:19:51 | 000,000,680 | ---- | C] () -- C:\Users\PUB\AppData\Local\d3d9caps.dat
[2011.07.12 14:02:16 | 000,232,496 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2012.06.14 11:48:58 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Auslogics
[2012.02.09 16:16:58 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\elsterformular
[2012.01.06 20:12:16 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Flatcast
[2012.06.13 13:59:23 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Image Zone Express
[2012.05.09 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Nokia
[2011.11.21 23:39:02 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\OpenOffice.org
[2012.05.09 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\PC Suite
[2012.04.29 11:50:13 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Printer Info Cache
[2011.12.11 22:14:28 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Ulead Systems
[2012.05.15 13:14:40 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Vodafone
[2012.04.19 18:19:42 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\Windows Live Writer
[2012.05.12 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\PUB\AppData\Roaming\XnView
[2012.06.17 10:44:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



und die Extras

OTL Logfile:
Code:
OTL Extras logfile created on: 17.06.2012 10:48:29 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\PUB\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,42% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 228,76 Gb Free Space | 76,74% Space Free | Partition Type: NTFS
Drive E: | 45,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PUB-PC | User Name: PUB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3009448D-0974-485C-8C91-D1FBFEF8A81B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B8B1C2EA-7965-4682-9C2F-0BC8CD9D2208}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E27150C-2B72-49A9-B761-727D27843435}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{75F80537-62B2-4B0E-A7C6-B8D6198DCCDF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{79FF5AC5-9EA1-4B07-B849-976F84AADA26}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F951BC3B-2A9E-455E-8899-287DB0791AF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{8F8E76E1-BF7E-4E08-A893-A86A3C569533}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{E9D9FC2C-6386-4E9C-97B8-352938DAA2C5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Revo Uninstaller" = Revo Uninstaller 1.94
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"XnView_is1" = XnView 1.98.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 17.06.2012 04:42:46 | Computer Name = PUB-PC | Source = Windows Search Service | ID = 3050
Description =
 
Error - 17.06.2012 04:43:18 | Computer Name = PUB-PC | Source = ESENT | ID = 104
Description = Windows (2164) Windows: Das Datenbankmodul hat die Instanz (0) mit
 dem Fehler (-1090) beendet.
 
Error - 17.06.2012 04:45:17 | Computer Name = PUB-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.06.2012 04:46:29 | Computer Name = PUB-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = DCOM | ID = 10005
Description =
 
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 11.01.2012 08:41:00 | Computer Name = PUB-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 25.01.2012 07:42:05 | Computer Name = PUB-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{591A03F4-2C56-4720-8BDC-83F6CE887993} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 28.02.2012 03:44:14 | Computer Name = PUB-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (94:3a:f0:a4:09:3c) ist fehlgeschlagen.
 
Error - 28.02.2012 03:44:48 | Computer Name = PUB-PC | Source = BTHUSB | ID = 327696
Description = Die beiderseitige Authentifizierung zwischen dem lokalen Bluetooth-Adapter
 und einem Gerät mit Bluetooth-Adapteradresse (94:3a:f0:a4:09:3c) ist fehlgeschlagen.
 
 
< End of report >
--- --- ---


Ich hatte versucht Norton in den Papierkorb zu verschieben, jetzt steht da Papierkorb mit Norton Protection...sorry aber wie kriege ich das denn wieder weg? Habe Norten aber mit dem Revo Uninstaller entfernt.

Gruß Bianca

kira 17.06.2012 19:29
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Utilities\NPROTECT.EXE -- (NProtectService)
DRV - [2001.08.05 06:00:00 | 000,034,354 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2001.07.16 11:52:06 | 000,057,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

:Files
C:\Windows\System32\drivers\SYMEVENT.SYS
C:\Windows\System32\S32EVNT1.DLL
C:\Windows\System32\SYMEVNT1.DLL
C:\ProgramData\Symantec
C:\Program Files\Symantec
C:\Windows\System32\drivers\NPDRIVER.SYS
C:\Windows\System32\S32STAT.DLL
C:\Program Files\Common Files\Symantec Shared
C:\Windows\System32\SYMEVNT.386
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

► für Norton:-> Das Norton-Entfernungsprogramm verwendet?:-> http://service1.symantec.com/support...50412095959924

Beast83 18.06.2012 11:51
Hallo Kira,

hier das Ergebniss von OTL

Code:
All processes killed
========== OTL ==========
Service NProtectService stopped successfully!
Service NProtectService deleted successfully!
File C:\Program Files\Norton Utilities\NPROTECT.EXE not found.
Service NPDriver stopped successfully!
Service NPDriver deleted successfully!
C:\Windows\System32\drivers\NPDRIVER.SYS moved successfully.
Service SymEvent stopped successfully!
Service SymEvent deleted successfully!
C:\Program Files\Symantec\SYMEVENT.SYS moved successfully.
========== FILES ==========
C:\Windows\System32\drivers\SYMEVENT.SYS moved successfully.
C:\Windows\System32\S32EVNT1.DLL moved successfully.
C:\Windows\System32\SYMEVNT1.DLL moved successfully.
C:\ProgramData\Symantec\LiveUpdate folder moved successfully.
C:\ProgramData\Symantec folder moved successfully.
C:\Program Files\Symantec\LiveUpdate folder moved successfully.
C:\Program Files\Symantec folder moved successfully.
File\Folder C:\Windows\System32\drivers\NPDRIVER.SYS not found.
C:\Windows\System32\S32STAT.DLL moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
C:\Windows\System32\SYMEVNT.386 moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\PUB\Downloads\cmd.bat deleted successfully.
C:\Users\PUB\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: PUB
->Temp folder emptied: 126864 bytes
->Temporary Internet Files folder emptied: 1093404 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 132424106 bytes
->Flash cache emptied: 1972 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77432 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 128,00 mb
 
 
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_122831

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Ich habe keinen Änderungen im Logfile vorgenommen.

Norton habe ich mit dem Revo Uninstaller entfernt.

Gruß Bianca

Habe das Nortonentfernungsprogramm runtergeladen, aber es zeigt mir an
"Datei ist beschädigt".

Habe jetzt ein neues Problem mein PC ist sehr langsam. Grade fürs Internet braucht er extrem lange bis sich was aufbaut. Und wenn ich mich hier anmelden möchte klappt das meistens auch erst beim 3 Mal.

Macht es Sinn einen Wiederherstellungspunkt zu wählen? Hatte diese Probleme vorher nicht.

kira 09.07.2012 08:30
1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:16 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129