Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BOO/TDss.M - Richtig entfernt? (https://www.trojaner-board.de/102983-boo-tdss-m-richtig-entfernt.html)

Hoshy 29.08.2011 20:21
BOO/TDss.M - Richtig entfernt?
 
Hallo Leute,

ich hatte heute 3 Funde von einem BOO/TDss.M Trojaner..

und wollte wissen ob ich es so richtig gemacht habe bzw. somit auch alles erwischt habe?

Habe Kasperky TDSSKiller.exe (ist erfolgreich durchgelaufen) benutzt, danach Malwarebytes Scan gemacht
einen Scan mit OTL und meine Progamme per Ccleaner lasse ich hier anzeigen.

Hoffe das ist alles so richtig:

Hier dann die Log-Files:

TDSSKiller.exe
Code:
2011/08/29 20:47:14.0861 2976        TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 20:47:14.0970 2976        ================================================================================
2011/08/29 20:47:14.0970 2976        SystemInfo:
2011/08/29 20:47:14.0970 2976       
2011/08/29 20:47:14.0970 2976        OS Version: 6.0.6002 ServicePack: 2.0
2011/08/29 20:47:14.0970 2976        Product type: Workstation
2011/08/29 20:47:14.0970 2976        ComputerName: xyz-PC
2011/08/29 20:47:14.0970 2976        UserName: xyz
2011/08/29 20:47:14.0970 2976        Windows directory: C:\Windows
2011/08/29 20:47:14.0970 2976        System windows directory: C:\Windows
2011/08/29 20:47:14.0970 2976        Processor architecture: Intel x86
2011/08/29 20:47:14.0970 2976        Number of processors: 4
2011/08/29 20:47:14.0970 2976        Page size: 0x1000
2011/08/29 20:47:14.0970 2976        Boot type: Normal boot
2011/08/29 20:47:14.0970 2976        ================================================================================
2011/08/29 20:47:15.0609 2976        Initialize success
2011/08/29 20:47:32.0988 0284        ================================================================================
2011/08/29 20:47:32.0988 0284        Scan started
2011/08/29 20:47:32.0988 0284        Mode: Manual;
2011/08/29 20:47:32.0988 0284        ================================================================================
2011/08/29 20:47:34.0673 0284        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/29 20:47:34.0719 0284        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/29 20:47:34.0766 0284        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/29 20:47:34.0782 0284        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/29 20:47:34.0813 0284        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/29 20:47:34.0891 0284        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/29 20:47:34.0953 0284        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/29 20:47:34.0985 0284        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/29 20:47:35.0016 0284        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/29 20:47:35.0031 0284        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/29 20:47:35.0063 0284        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/29 20:47:35.0078 0284        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/29 20:47:35.0109 0284        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/29 20:47:35.0156 0284        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/29 20:47:35.0187 0284        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/29 20:47:35.0234 0284        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/29 20:47:35.0281 0284        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/29 20:47:35.0375 0284        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/29 20:47:35.0406 0284        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/29 20:47:35.0437 0284        AVMCOWAN        (d730aa8494ec4c8c6c976f5eb04d3ac2) C:\Windows\system32\DRIVERS\AVMCOWAN.sys
2011/08/29 20:47:35.0484 0284        AVMPORT        (02568a764ef2c37cfa6f9c471e67d475) C:\Windows\System32\drivers\avmport.sys
2011/08/29 20:47:35.0515 0284        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/29 20:47:35.0609 0284        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/29 20:47:35.0640 0284        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/29 20:47:35.0655 0284        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/29 20:47:35.0687 0284        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/29 20:47:35.0702 0284        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/29 20:47:35.0733 0284        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/29 20:47:35.0749 0284        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/29 20:47:35.0796 0284        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/29 20:47:35.0843 0284        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/29 20:47:35.0874 0284        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/29 20:47:35.0905 0284        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/29 20:47:35.0983 0284        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/29 20:47:36.0030 0284        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/29 20:47:36.0061 0284        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/08/29 20:47:36.0077 0284        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/29 20:47:36.0108 0284        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/29 20:47:36.0201 0284        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/29 20:47:36.0264 0284        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/29 20:47:36.0311 0284        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/29 20:47:36.0357 0284        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/29 20:47:36.0389 0284        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/29 20:47:36.0435 0284        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/29 20:47:36.0529 0284        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/29 20:47:36.0607 0284        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/29 20:47:36.0638 0284        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/29 20:47:36.0701 0284        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/29 20:47:36.0779 0284        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/29 20:47:36.0810 0284        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/29 20:47:36.0825 0284        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/29 20:47:36.0857 0284        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/29 20:47:36.0903 0284        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/29 20:47:36.0966 0284        FXUSBASE        (f15435abc8f7f36699085019425b7828) C:\Windows\system32\DRIVERS\fxusbase.sys
2011/08/29 20:47:36.0981 0284        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/29 20:47:37.0028 0284        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/29 20:47:37.0106 0284        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/29 20:47:37.0200 0284        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/29 20:47:37.0231 0284        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/29 20:47:37.0262 0284        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/29 20:47:37.0293 0284        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/29 20:47:37.0325 0284        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/29 20:47:37.0418 0284        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/29 20:47:37.0449 0284        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/29 20:47:37.0512 0284        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/29 20:47:37.0543 0284        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/29 20:47:37.0590 0284        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/29 20:47:37.0683 0284        IntcAzAudAddService (251e85a3bac210fff6bad3d1f33113e8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/29 20:47:37.0761 0284        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/29 20:47:37.0793 0284        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/29 20:47:37.0855 0284        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/29 20:47:37.0902 0284        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/29 20:47:37.0933 0284        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/29 20:47:37.0949 0284        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/29 20:47:37.0980 0284        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/29 20:47:38.0042 0284        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/29 20:47:38.0105 0284        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/29 20:47:38.0120 0284        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/29 20:47:38.0167 0284        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/29 20:47:38.0198 0284        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/29 20:47:38.0261 0284        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/29 20:47:38.0323 0284        LachesisFltr    (5e34cd48b7eb440bb77e93528cc9f0cc) C:\Windows\system32\drivers\Lachesis.sys
2011/08/29 20:47:38.0417 0284        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/29 20:47:38.0463 0284        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/29 20:47:38.0479 0284        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/29 20:47:38.0510 0284        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/29 20:47:38.0557 0284        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/29 20:47:38.0588 0284        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/29 20:47:38.0604 0284        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/29 20:47:38.0651 0284        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/29 20:47:38.0666 0284        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/29 20:47:38.0697 0284        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/29 20:47:38.0713 0284        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/29 20:47:38.0744 0284        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/29 20:47:38.0775 0284        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/29 20:47:38.0807 0284        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/29 20:47:38.0853 0284        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/29 20:47:38.0869 0284        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/29 20:47:38.0916 0284        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/29 20:47:38.0931 0284        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/29 20:47:38.0963 0284        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/29 20:47:38.0978 0284        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/29 20:47:39.0041 0284        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/29 20:47:39.0072 0284        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/29 20:47:39.0165 0284        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/29 20:47:39.0197 0284        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/29 20:47:39.0228 0284        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/29 20:47:39.0259 0284        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/29 20:47:39.0290 0284        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/29 20:47:39.0306 0284        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/29 20:47:39.0337 0284        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/29 20:47:39.0384 0284        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/29 20:47:39.0462 0284        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/29 20:47:39.0509 0284        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/29 20:47:39.0540 0284        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/29 20:47:39.0602 0284        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/29 20:47:39.0633 0284        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/29 20:47:39.0649 0284        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/29 20:47:39.0711 0284        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/29 20:47:39.0774 0284        NETFRITZ        (0f3150fd005ec87421b68484011f3f85) C:\Windows\system32\DRIVERS\NETFRITZ.SYS
2011/08/29 20:47:39.0836 0284        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/29 20:47:39.0899 0284        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/29 20:47:39.0945 0284        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/29 20:47:40.0023 0284        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/29 20:47:40.0070 0284        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/29 20:47:40.0086 0284        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/29 20:47:40.0694 0284        nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/29 20:47:41.0006 0284        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/29 20:47:41.0037 0284        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/29 20:47:41.0069 0284        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/29 20:47:41.0178 0284        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/29 20:47:41.0256 0284        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/08/29 20:47:41.0303 0284        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/29 20:47:41.0349 0284        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/29 20:47:41.0396 0284        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/29 20:47:41.0427 0284        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/08/29 20:47:41.0459 0284        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/29 20:47:41.0521 0284        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/29 20:47:41.0583 0284        PinnacleStargate (0457a70415d68d2c4809ae37887d7c5b) C:\Windows\system32\DRIVERS\Stargate.sys
2011/08/29 20:47:41.0630 0284        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/29 20:47:41.0646 0284        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/29 20:47:41.0739 0284        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/29 20:47:41.0786 0284        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/29 20:47:41.0817 0284        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/29 20:47:41.0864 0284        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/29 20:47:41.0880 0284        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/29 20:47:41.0895 0284        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/29 20:47:41.0958 0284        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/29 20:47:41.0989 0284        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/29 20:47:42.0036 0284        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/29 20:47:42.0067 0284        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/29 20:47:42.0129 0284        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/29 20:47:42.0145 0284        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/29 20:47:42.0176 0284        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/29 20:47:42.0223 0284        ROOTMODEM      (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/29 20:47:42.0254 0284        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/29 20:47:42.0301 0284        RTL8169        (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/29 20:47:42.0332 0284        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/29 20:47:42.0379 0284        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/29 20:47:42.0410 0284        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/29 20:47:42.0473 0284        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/29 20:47:42.0535 0284        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/29 20:47:42.0582 0284        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/29 20:47:42.0613 0284        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/29 20:47:42.0629 0284        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/29 20:47:42.0644 0284        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/29 20:47:42.0675 0284        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/29 20:47:42.0691 0284        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/29 20:47:42.0722 0284        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/29 20:47:42.0769 0284        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/29 20:47:42.0816 0284        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/29 20:47:42.0863 0284        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/29 20:47:42.0925 0284        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/29 20:47:42.0956 0284        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/29 20:47:42.0987 0284        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/29 20:47:43.0034 0284        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/08/29 20:47:43.0097 0284        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/29 20:47:43.0112 0284        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/29 20:47:43.0143 0284        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/29 20:47:43.0175 0284        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/29 20:47:43.0284 0284        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/29 20:47:43.0315 0284        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/29 20:47:43.0377 0284        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/29 20:47:43.0409 0284        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/29 20:47:43.0440 0284        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/29 20:47:43.0471 0284        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/29 20:47:43.0518 0284        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/29 20:47:43.0580 0284        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/29 20:47:43.0674 0284        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/29 20:47:43.0705 0284        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/29 20:47:43.0736 0284        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/29 20:47:43.0767 0284        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/29 20:47:43.0814 0284        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/29 20:47:43.0845 0284        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/29 20:47:43.0861 0284        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/29 20:47:43.0908 0284        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/29 20:47:43.0955 0284        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/29 20:47:44.0033 0284        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/29 20:47:44.0095 0284        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/29 20:47:44.0142 0284        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/29 20:47:44.0189 0284        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/29 20:47:44.0220 0284        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/29 20:47:44.0251 0284        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/29 20:47:44.0282 0284        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/29 20:47:44.0313 0284        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/29 20:47:44.0360 0284        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/29 20:47:44.0391 0284        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/29 20:47:44.0454 0284        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/29 20:47:44.0516 0284        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/29 20:47:44.0563 0284        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/29 20:47:44.0594 0284        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/29 20:47:44.0610 0284        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/29 20:47:44.0641 0284        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/29 20:47:44.0672 0284        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/29 20:47:44.0703 0284        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/29 20:47:44.0781 0284        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/29 20:47:44.0828 0284        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/29 20:47:44.0891 0284        wacmoumonitor  (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/08/29 20:47:44.0922 0284        wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/08/29 20:47:44.0953 0284        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/29 20:47:44.0969 0284        wacomvhid      (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/08/29 20:47:45.0015 0284        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 20:47:45.0031 0284        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/29 20:47:45.0062 0284        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/29 20:47:45.0125 0284        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/29 20:47:45.0234 0284        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/29 20:47:45.0296 0284        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/29 20:47:45.0343 0284        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/29 20:47:45.0405 0284        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/29 20:47:45.0452 0284        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/29 20:47:45.0530 0284        xnacc          (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/08/29 20:47:45.0577 0284        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
2011/08/29 20:47:45.0593 0284        MBR (0x1B8)    (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/29 20:47:45.0593 0284        \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/29 20:47:45.0608 0284        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/29 20:47:45.0624 0284        Boot (0x1200)  (8e518e86d4c6892b147552d245558dc1) \Device\Harddisk2\DR2\Partition0
2011/08/29 20:47:45.0624 0284        Boot (0x1200)  (b79ff65abb679da9ed9daed7d4405511) \Device\Harddisk0\DR0\Partition0
2011/08/29 20:47:45.0671 0284        Boot (0x1200)  (dfbd99dc3846a0b88b4bd3e506e5ee29) \Device\Harddisk0\DR0\Partition1
2011/08/29 20:47:45.0702 0284        Boot (0x1200)  (d980eeb82e20d32de6071a2245c434a8) \Device\Harddisk1\DR1\Partition0
2011/08/29 20:47:45.0717 0284        ================================================================================
2011/08/29 20:47:45.0717 0284        Scan finished
2011/08/29 20:47:45.0717 0284        ================================================================================
2011/08/29 20:47:45.0733 3088        Detected object count: 1
2011/08/29 20:47:45.0733 3088        Actual detected object count: 1
2011/08/29 20:47:57.0995 3088        \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/29 20:47:57.0995 3088        \Device\Harddisk0\DR0 - ok
2011/08/29 20:47:57.0995 3088        Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/29 20:48:04.0937 0880        Deinitialize success
Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7606

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29.08.2011 20:57:31
mbam-log-2011-08-29 (20-57-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169943
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\xyz\AppData\Local\KBtzSEx.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\xyz\AppData\Local\onahuboze.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ovure (Trojan.Hiloti) -> Value: Ovure -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Security Protection (Rogue.Spypro) -> Value: Security Protection -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qvituzuzesesuzu (Trojan.Agent.U) -> Value: Qvituzuzesesuzu -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\xyz\AppData\Local\KBtzSEx.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\pdfforge toolbar\IE\1.1.2\pdfforgetoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\Users\xyz\AppData\Local\onahuboze.dll (Trojan.Agent.U) -> Delete on reboot.
OTL.txt
Code:
OTL logfile created on: 29.08.2011 21:02:52 - Run 1
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\xyz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,06% Memory free
4,23 Gb Paging File | 2,83 Gb Available in Paging File | 66,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 18,99 Gb Free Space | 9,72% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: xyz-PC | User Name: xyz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xyz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Razer\Lachesis\razerhid.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Razer\Lachesis\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Razer\Lachesis\razerhid.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (LachesisFltr) -- C:\Windows\System32\drivers\Lachesis.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (PinnacleStargate) -- C:\Windows\System32\drivers\Stargate.sys (Pinnacle Systems GmbH)
DRV - (FXUSBASE) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\xyz\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.16 23:06:23 | 000,000,000 | ---D | M]
 
[2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xyz\AppData\Roaming\mozilla\Extensions
[2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xyz\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions
[2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xyz\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.11 18:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.27 22:58:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\xyz\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.16 23:58:36 | 000,435,771 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 14998 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xyz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xyz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7e9f5347-4376-11df-a88f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e9f5347-4376-11df-a88f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2006.11.02 22:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\xyz\Desktop\OTL.exe
[2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Roaming\Malwarebytes
[2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xyz\Desktop\TDSSKiller.exe
[2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 13:21:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.10 13:21:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.10 13:21:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.10 13:21:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.10 13:21:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.10 13:21:45 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.08.10 13:21:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.01 15:08:14 | 000,679,936 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr
[2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\xyz\AppData\Local\Screentime
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xyz\Desktop\OTL.exe
[2011.08.29 20:59:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.29 20:59:24 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.29 20:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.29 20:59:18 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.29 20:56:26 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.29 20:56:26 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.29 20:56:26 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.29 20:56:26 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\xyz\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\xyz\AppData\Local\Jbetuyoyamuza.bin
[2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job
[2011.08.26 00:36:34 | 000,061,775 | ---- | M] () -- C:\Users\xyz\.recently-used.xbel
[2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xyz\Desktop\TDSSKiller.exe
[2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.01 20:14:35 | 136,149,320 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.01 15:08:14 | 000,679,936 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\xyz\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\xyz\AppData\Local\Jbetuyoyamuza.bin
[2011.08.29 20:35:00 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.26 00:36:34 | 000,061,775 | ---- | C] () -- C:\Users\xyz
[2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\xyz\AppData\Local\d3d8caps.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys
[2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.14 17:17:10 | 006,863,597 | ---- | C] () -- C:\Program Files\Bildschi.scr
[2010.06.14 17:17:10 | 000,233,319 | ---- | C] () -- C:\Program Files\deinstallation Bildschi.exe
[2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.09 05:40:20 | 000,093,184 | ---- | C] () -- C:\Users\xyz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini
[2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\xyz\AppData\Local\d3d9caps.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 29.08.2011 21:02:52 - Run 1
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\xyz\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 39,06% Memory free
4,23 Gb Paging File | 2,83 Gb Available in Paging File | 66,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 18,99 Gb Free Space | 9,72% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Drive G: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: xyz-PC | User Name: xyz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DF4E42-AF66-4132-A098-F5FB10F3DF9E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{13BD4702-F925-4802-9CC4-C68FB7E79C76}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D1E5415-9011-4459-9A91-726EEE8E83F4}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{3DECA71D-449F-406A-9C0D-A44B5BA30613}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{581798FB-D282-4941-9E34-2A4B4A99ABAA}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5C7028CC-1911-440E-A223-E4D79410CB49}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyz\counter-strike source\hl2.exe |
"{8AB8473E-B904-41CF-8054-6BA6F30BA611}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5B5B223-C722-48CF-8633-5FE03BD5296E}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C137B168-2868-4BD5-B9D4-1A7711D6CF5F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyz\counter-strike source\hl2.exe |
"{D271445B-BE19-43FE-A126-9DA6BEA9F934}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xyz\team fortress 2\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2-pre1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"EADM" = EA Download Manager
"EWE TEL" = EWE TEL-Installationsdateien entfernen
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"LA Noire" = LA Noire Bildschirmschoner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"My Screen Saver" = My Screen Saver
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"ProgDVB" = ProgDVB
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2011 16:27:58 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 01.06.2011 16:45:16 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:16 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:23 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = xyz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 15:04:23 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 15:04:28 | Computer Name = xyz-PC | Source = RasClient | ID = 20227
Description =
 
[ System Events ]
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 13:37:22 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 13:38:03 | Computer Name = xyz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 29.08.2011 14:36:20 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
 
Error - 29.08.2011 14:50:12 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
 
Error - 29.08.2011 15:00:28 | Computer Name = xyz-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
Ccleaner.exe
Code:
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        15.08.2011                10.3.183.5
Adobe Flash Player ActiveX        Adobe Systems Incorporated        08.06.2010                9.0.124.0
Adobe Reader 9.2 - Deutsch        Adobe Systems Incorporated        08.04.2010        239MB        9.2.0
Amazon MP3-Downloader 1.0.9                19.07.2011        2,56MB       
Apple Application Support        Apple Inc.        15.07.2011        51,0MB        1.5.2
Apple Mobile Device Support        Apple Inc.        15.07.2011        22,1MB        3.4.1.2
Apple Software Update        Apple Inc.        15.07.2011        2,38MB        2.1.3.127
Avira AntiVir Personal - Free Antivirus        Avira GmbH        09.08.2011        96,2MB        10.2.0.700
AVM FRITZ!                08.04.2010        19,3MB       
Bamboo        Wacom Technology Corp.        16.01.2011        29,7MB        5.2.4-5
Bonjour        Apple Inc.        15.07.2011        0,77MB        2.0.5.0
BrettspielWelt                26.09.2010        0,68MB       
Call of Duty(R) 4 - Modern Warfare(TM)        Activision        08.07.2010        6.386MB        1.00.0000
Canon MP Navigator 3.0                08.04.2010        17,7MB       
Canon MP510                08.04.2010               
CCleaner        Piriform        28.08.2011        4,02MB        3.10
CDBurnerXP        CDBurnerXP        11.04.2010        12,0MB        4.3.0.2054
Corel Painter X        Corel Corporation        22.01.2011        303MB       
Counter-Strike: Source        Valve        07.11.2010        3.844MB        1.0.0.0
Diablo II                10.07.2010        1.798MB       
Die Sims™ 3        Electronic Arts        09.06.2010        5.618MB        1.12.70
Dragon Age: Origins        Electronic Arts, Inc.        30.09.2010        18.618MB        1.00
DVDFab 7.0.6.7 (30/05/2010)        Fengtao Software Inc.        30.05.2010        37,6MB       
EA Download Manager        Electronic Arts, Inc.        08.06.2010        7,96MB        5.0.0.255
EWE TEL-Installationsdateien entfernen                08.04.2010               
GIMP 2.6.8                11.04.2010        98,6MB       
IrfanView (remove only)                08.04.2010        1,85MB       
iTunes        Apple Inc.        15.07.2011        144,0MB        10.3.1.55
Java(TM) 6 Update 21        Sun Microsystems, Inc.        26.09.2010        95,0MB        6.0.210
LA Noire Bildschirmschoner                31.07.2011               
LEGO® Star Wars™: Die Komplette Saga        LucasArts        06.01.2011        4.445MB        1.00.0000
LuminanceHDR 2.0.2-pre1        LuminanceHDR Dev Team        26.01.2011        64,5MB       
Malwarebytes' Anti-Malware Version 1.51.1.1800        Malwarebytes Corporation        28.08.2011        6,71MB        1.51.1.1800
Mass Effect 2        Electronic Arts, Inc.        30.09.2010        14.111MB        1.00
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        14.07.2011        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        19.04.2010        27,8MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        14.07.2011        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        14.07.2011        24,5MB        4.0.30319
Microsoft Office Home and Student 2007        Microsoft Corporation        14.07.2011        297MB        12.0.6425.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        14.07.2011        0,29MB        8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.07.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        11.04.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        14.07.2011        0,58MB        9.0.30729.6161
Microsoft WSE 3.0 Runtime        Microsoft Corp.        08.06.2010        0,92MB        3.0.5305.0
Mozilla Firefox 6.0 (x86 de)        Mozilla        17.08.2011        34,5MB        6.0
MSI Live Update 3                08.04.2010        7,10MB       
My Screen Saver                13.06.2010               
NVIDIA 3D Vision Controller-Treiber 275.33        NVIDIA Corporation        13.07.2011        0,41MB        275.33
NVIDIA 3D Vision Treiber 275.33        NVIDIA Corporation        13.07.2011        21,8MB        275.33
NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        13.07.2011        40,9MB        275.33
NVIDIA PhysX-Systemsoftware 9.10.0514        NVIDIA Corporation        13.07.2011        73,3MB        9.10.0514
NVIDIA Update 1.3.5        NVIDIA Corporation        13.07.2011        6,37MB        1.3.5
PDF-Viewer        Tracker Software Products Ltd        08.04.2010        27,7MB        2.0.49.0
PDFCreator        Frank Heindörfer, Philip Chinery        23.06.2010        25,6MB        1.0.1
pdfforge Toolbar v1.1.2        Spigot, Inc.        23.06.2010        4,99MB        1.1.2
ProgDVB                22.06.2010        42,9MB       
QuickTime        Apple Inc.        15.07.2011        73,7MB        7.69.80.9
Razer Lachesis        Razer USA Ltd.        11.07.2011        14,7MB        1.00.0000
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista        Realtek        08.04.2010        0,70MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        08.04.2010        15,4MB        6.0.1.5473
Spybot - Search & Destroy        Safer Networking Limited        05.05.2011        59,0MB        1.6.2
Star Wars Battlefront II        LucasArts        06.01.2011        4.405MB        1.0
StarCraft II        Blizzard Entertainment        23.04.2011        9.482MB        1.3.2.18317
Steam(TM)        Valve        07.11.2010        16,6MB        1.0.0.0
System Requirements Lab                13.07.2011        1,07MB       
Team Fortress 2        Valve        13.07.2011        802MB       
TeamSpeak 2 RC2        Dominating Bytes Design        30.05.2010                2.0.32.60
TeamSpeak 3 Client        TeamSpeak Systems GmbH        30.07.2010        27,7MB       
VLC media player 1.0.5        VideoLAN Team        08.04.2010        76,1MB        1.0.5
WebTablet IE Plugin        Wacom Technology Corp.        16.01.2011                1.1.0.7
WebTablet Netscape Plugin        Wacom Technology Corp.        16.01.2011        0,82MB        1.1.0.5
Windows Live Essentials        Microsoft Corporation        09.09.2010        43,7MB        14.0.8117.0416
Windows Live Sign-in Assistant        Microsoft Corporation        09.09.2010        1,93MB        5.000.818.5
Windows Live Upload Tool        Microsoft Corporation        09.09.2010        0,22MB        14.0.8014.1029
WinFast(R) Display Driver        Your Company Name        08.04.2010        4,88MB        1.00.000
WinRAR                11.04.2010        3,79MB       
World of Warcraft        Blizzard Entertainment        16.07.2011        25.762MB        4.2.0.14333
Wäre super wenn mir wer weiter helfen könnte.. :)

gruß hoshy

kira 30.08.2011 07:08
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Deinstalliere unter `Start→ Systemsteuereung...`
Code:
pdfforge Toolbar - Adware -Toolbar
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

2.
Zitat:
Spybot
- würde ich deinstallieren, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend

3.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

5.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
6.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

7.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

8.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

Hoshy 30.08.2011 15:28
1. Erledigt - Keine Ahnung wo die herkam..

2. Erledigt.

3.
Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7609

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

30.08.2011 13:18:52
mbam-log-2011-08-30 (13-18-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 393169
Laufzeit: 1 Stunde(n), 20 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
4. Lief eine Zeitlang, dann Absturz. Bei dem Überprüfen von "ShadowCopys" (? Keine Ahnung was das ist) abgeschmiert.

5. Funktionierte so nicht:
Code:
mbr.exe -t > C:\mbr.log & C:\mbr.log
Hab das "Rot makierte" weggelassen, dann kam das raus...

Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HD501LJ rev.CR100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
1 nt!IofCallDriver[0x82C6411B] -> \Device\Harddisk0\DR0[0x85620AC8]
3 CLASSPNP[0x891A88B3] -> nt!IofCallDriver[0x82C6411B] -> [0x852CA918]
5 acpi[0x88A506BC] -> nt!IofCallDriver[0x82C6411B] -> \Device\Ide\IdeDeviceP3T0L0-3[0x852CB398]
kernel: MBR read successfully
user & kernel MBR OK
6.
Java deinstalliert. Keine Neue Version installiert. Nutze ich eh nicht.
Falls doch noch benötigt, werde ich eine aktuelle Version beziehen.

7.
Ist wieder aktuell. Nutze den Adobe Reader aber eigentlich auch nicht sondern, PDF-X Change Viewer. Habe den auch geupdatet.

8.
Erledigt. Kam einiges zusammen..
Code:
REINIGUNG komplett - (34.587 Sek)
------------------------------------------------------------------------------------------
716MB entfernt.
und ca. 130 Registry Fehler - alle behoben.

9.

OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 30.08.2011 13:55:12 - Run 2
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,30% Memory free
4,23 Gb Paging File | 3,03 Gb Available in Paging File | 71,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 19,78 Gb Free Space | 10,13% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 74,76 Gb Free Space | 50,16% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
PRC - [2011.08.18 01:04:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 02:23:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 23:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.08.27 07:10:20 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Lachesis\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.18 01:04:08 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.08.16 00:06:45 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.05.20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003.02.24 10:27:26 | 000,196,669 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.29 01:31:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 01:31:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.08.08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007.06.25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:57 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2006.04.03 09:39:54 | 000,129,920 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Stargate.sys -- (PinnacleStargate)
DRV - [2003.11.19 01:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2003.02.24 10:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ)
DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.30 13:44:59 | 000,000,000 | ---D | M]
 
[2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Extensions
[2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions
[2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.30 13:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SCHOORMANN\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.29 21:18:13 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14995 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.30 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.08.30 13:43:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
[2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Malwarebytes
[2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe
[2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 13:21:47 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.10 13:21:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.10 13:21:45 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.10 13:21:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.10 13:21:45 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.10 13:21:45 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.08.10 13:21:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.01 15:08:14 | 000,679,936 | ---- | C] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr
[2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Screentime
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.30 13:53:56 | 000,000,416 | ---- | M] () -- C:\cc_20110830_135354.reg
[2011.08.30 13:53:45 | 000,000,550 | ---- | M] () -- C:\cc_20110830_135343.reg
[2011.08.30 13:53:34 | 000,000,990 | ---- | M] () -- C:\cc_20110830_135331.reg
[2011.08.30 13:53:19 | 000,041,464 | ---- | M] () -- C:\cc_20110830_135303.reg
[2011.08.30 13:41:51 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.30 13:41:51 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.30 13:41:51 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.30 13:41:51 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.30 13:37:48 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.30 13:36:55 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.30 13:36:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.30 13:36:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.30 13:36:48 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.30 13:24:33 | 000,302,592 | ---- | M] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe
[2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
[2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin
[2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job
[2011.08.26 00:36:34 | 000,061,775 | ---- | M] () -- C:\Users\Schoormann\.recently-used.xbel
[2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe
[2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.01 15:08:14 | 000,679,936 | ---- | M] (ScreenTime Media) -- C:\Windows\System32\LA Noire.scr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.30 13:53:55 | 000,000,416 | ---- | C] () -- C:\cc_20110830_135354.reg
[2011.08.30 13:53:44 | 000,000,550 | ---- | C] () -- C:\cc_20110830_135343.reg
[2011.08.30 13:53:33 | 000,000,990 | ---- | C] () -- C:\cc_20110830_135331.reg
[2011.08.30 13:53:09 | 000,041,464 | ---- | C] () -- C:\cc_20110830_135303.reg
[2011.08.30 13:44:12 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.08.30 13:38:22 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.30 13:25:10 | 000,302,592 | ---- | C] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe
[2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin
[2011.08.29 20:35:00 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.26 00:36:34 | 000,061,775 | ---- | C] () -- C:\Users\Schoormann\.recently-used.xbel
[2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d8caps.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys
[2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.09 05:40:20 | 000,093,184 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini
[2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d9caps.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.07.20 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Amazon
[2010.09.27 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\BSW
[2010.04.12 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canneverbe Limited
[2010.08.27 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canon
[2010.04.09 04:37:20 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\FRITZ!
[2011.08.26 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\gtk-2.0
[2011.06.17 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\IrfanView
[2011.08.30 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\TS3Client
[2011.08.30 13:36:03 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.29 17:35:03 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34FB10EA-E433-41CA-8A30-7706AB07BB36}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 30.08.2011 13:55:12 - Run 2
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,30% Memory free
4,23 Gb Paging File | 3,03 Gb Available in Paging File | 71,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 19,78 Gb Free Space | 10,13% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 74,76 Gb Free Space | 50,16% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 211,06 Gb Free Space | 22,66% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DF4E42-AF66-4132-A098-F5FB10F3DF9E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D1E5415-9011-4459-9A91-726EEE8E83F4}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{581798FB-D282-4941-9E34-2A4B4A99ABAA}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{8AB8473E-B904-41CF-8054-6BA6F30BA611}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5B5B223-C722-48CF-8633-5FE03BD5296E}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C137B168-2868-4BD5-B9D4-1A7711D6CF5F}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D60953-9012-44DF-A1A6-9DD97AD6580A}" = Corel Painter X
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = LuminanceHDR 2.0.2-pre1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"DVDFab 7_is1" = DVDFab 7.0.6.7 (30/05/2010)
"EADM" = EA Download Manager
"EWE TEL" = EWE TEL-Installationsdateien entfernen
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"LA Noire" = LA Noire Bildschirmschoner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"ProgDVB" = ProgDVB
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2011 16:27:58 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 15:04:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 15:04:28 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
[ System Events ]
Error - 30.08.2011 05:24:51 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 05:40:31 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:22:31 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:31:09 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:34:23 | Computer Name = Schoormann-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.08.2011 um 13:33:01 unerwartet heruntergefahren.
 
Error - 30.08.2011 07:35:34 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:37:58 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10005
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---



-

Wie geht's weiter?
Und wie kann ich mich in Zukunft besser schützen?
Sollte ich lieber zu einer Vollpreis Suite wie z.b. Kaspersky wechseln?

mfg hoshy

kira 31.08.2011 07:00
1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
[2011.06.12 11:51:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.12 11:51:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.08.29 20:37:02 | 000,000,000 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin

:Commands
[purity]
[emptytemp]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Hoshy 31.08.2011 11:17
1.

Code:
All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
C:\Users\Schoormann\AppData\Local\Jbetuyoyamuza.bin moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Schoormann
->Temp folder emptied: 51552292 bytes
->Temporary Internet Files folder emptied: 6942672 bytes
->Java cache emptied: 2400 bytes
->FireFox cache emptied: 283263029 bytes
->Flash cache emptied: 3090483 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 329,00 mb
 
 
OTL by OldTimer - Version 3.2.26.6 log created on 08312011_120341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
2.
OTL Logfile:
Code:
OTL logfile created on: 31.08.2011 12:11:37 - Run 3
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,00% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 82,06 Gb Free Space | 42,02% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 424,68 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
PRC - [2011.08.18 01:04:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 02:23:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 23:33:14 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007.08.27 07:10:20 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Lachesis\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.18 01:04:08 | 001,846,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.20 22:35:00 | 000,247,400 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.10.14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Programme\Razer\Lachesis\razerhid.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 01:31:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.28 16:54:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.13 12:41:00 | 000,416,112 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.10.13 12:40:54 | 004,869,488 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003.02.24 10:27:26 | 000,196,669 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.29 01:31:34 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 01:31:34 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.10.05 14:26:10 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.05 14:26:02 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.05 14:26:00 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.08.08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2007.06.25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:57 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2006.04.03 09:39:54 | 000,129,920 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Stargate.sys -- (PinnacleStargate)
DRV - [2003.11.19 01:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2003.02.24 10:27:26 | 000,297,984 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Netfritz.sys -- (NETFRITZ)
DRV - [2001.10.23 01:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}: C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C} [2011.08.29 20:37:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.18 01:04:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.30 17:21:48 | 000,000,000 | ---D | M]
 
[2010.04.09 04:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Extensions
[2011.08.29 17:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions
[2010.10.20 22:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schoormann\AppData\Roaming\mozilla\Firefox\Profiles\mhka9t1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.30 13:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.29 20:37:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SCHOORMANN\APPDATA\LOCAL\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.18 01:04:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2000.01.01 03:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.06.12 11:51:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.12 11:51:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.12 11:51:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.12 11:51:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2011.08.29 21:18:13 | 000,435,677 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14995 more lines...
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Lachesis] C:\Programme\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Schoormann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 02:24:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.31 12:03:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.31 00:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.08.30 22:12:13 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Thunderbird
[2011.08.30 22:12:13 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Thunderbird
[2011.08.30 18:12:37 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\Documents\gegl-0.0
[2011.08.30 17:43:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Schoormann\AppData\Roaming\pcouffin.sys
[2011.08.30 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Vso
[2011.08.30 17:43:41 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\Documents\PcSetup
[2011.08.30 17:41:32 | 000,000,000 | R--D | C] -- C:\Users\Schoormann\Favorites
[2011.08.30 17:00:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.08.30 17:00:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.08.30 17:00:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.30 17:00:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.08.30 17:00:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.30 17:00:22 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.08.30 17:00:22 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.08.30 17:00:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.30 17:00:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.30 17:00:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.08.30 17:00:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.08.30 17:00:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.08.30 17:00:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.30 17:00:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.30 17:00:21 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.08.30 17:00:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.30 17:00:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.30 17:00:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.08.30 17:00:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.08.30 17:00:21 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.08.30 17:00:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.30 17:00:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.30 17:00:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.30 17:00:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.30 17:00:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.30 17:00:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.30 17:00:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.08.30 17:00:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.08.30 17:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.30 17:00:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.08.30 17:00:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.30 17:00:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.08.30 17:00:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.08.30 17:00:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.08.30 17:00:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.30 17:00:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.08.30 17:00:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.30 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Tracker Software
[2011.08.30 16:23:40 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Tracker Software
[2011.08.30 13:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.08.30 13:43:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.29 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.08.29 21:01:50 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
[2011.08.29 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Roaming\Malwarebytes
[2011.08.29 20:51:54 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.29 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.29 20:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.29 20:51:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.29 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.29 20:46:13 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe
[2011.08.29 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\{486CC1D1-3F56-4879-8E5F-355A9925EA2C}
[2011.08.24 21:13:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.08.10 13:21:55 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 13:21:38 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 13:21:38 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.01 15:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011.08.01 15:08:10 | 000,000,000 | ---D | C] -- C:\Users\Schoormann\AppData\Local\Screentime
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.31 12:10:41 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.31 12:10:41 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.31 12:10:41 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.31 12:10:41 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.31 12:06:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.31 12:06:14 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.31 12:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.30 23:55:50 | 000,057,274 | ---- | M] () -- C:\Users\Schoormann\.recently-used.xbel
[2011.08.30 17:43:42 | 000,087,608 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\inst.exe
[2011.08.30 17:43:42 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Schoormann\AppData\Roaming\pcouffin.sys
[2011.08.30 17:43:42 | 000,007,887 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.cat
[2011.08.30 17:43:42 | 000,001,144 | ---- | M] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.inf
[2011.08.30 17:37:50 | 000,095,232 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.30 17:00:29 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.08.30 17:00:29 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.08.30 17:00:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.08.30 17:00:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.08.30 17:00:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.30 17:00:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.08.30 17:00:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.30 17:00:22 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.08.30 17:00:22 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.08.30 17:00:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.30 17:00:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.30 17:00:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.08.30 17:00:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.08.30 17:00:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.08.30 17:00:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.30 17:00:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.30 17:00:21 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.08.30 17:00:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.30 17:00:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.30 17:00:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.08.30 17:00:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.08.30 17:00:21 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.08.30 17:00:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.30 17:00:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.30 17:00:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.08.30 17:00:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.30 17:00:21 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.30 17:00:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.30 17:00:20 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.08.30 17:00:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.08.30 17:00:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.08.30 17:00:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.30 17:00:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.08.30 17:00:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.30 17:00:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.08.30 17:00:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.08.30 17:00:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.08.30 17:00:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.30 17:00:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.08.30 17:00:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.30 13:53:56 | 000,000,416 | ---- | M] () -- C:\cc_20110830_135354.reg
[2011.08.30 13:53:45 | 000,000,550 | ---- | M] () -- C:\cc_20110830_135343.reg
[2011.08.30 13:53:34 | 000,000,990 | ---- | M] () -- C:\cc_20110830_135331.reg
[2011.08.30 13:53:19 | 000,041,464 | ---- | M] () -- C:\cc_20110830_135303.reg
[2011.08.30 13:37:48 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.08.30 13:24:33 | 000,302,592 | ---- | M] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe
[2011.08.29 21:04:32 | 000,000,816 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 21:01:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Schoormann\Desktop\OTL.exe
[2011.08.29 20:51:54 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | M] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Schoormann\Desktop\TDSSKiller.exe
[2011.08.16 00:06:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.07 20:33:03 | 000,325,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.08.30 23:55:50 | 000,057,274 | ---- | C] () -- C:\Users\Schoormann\.recently-used.xbel
[2011.08.30 17:43:42 | 000,087,608 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\inst.exe
[2011.08.30 17:43:42 | 000,007,887 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.cat
[2011.08.30 17:43:42 | 000,001,144 | ---- | C] () -- C:\Users\Schoormann\AppData\Roaming\pcouffin.inf
[2011.08.30 17:00:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.08.30 13:53:55 | 000,000,416 | ---- | C] () -- C:\cc_20110830_135354.reg
[2011.08.30 13:53:44 | 000,000,550 | ---- | C] () -- C:\cc_20110830_135343.reg
[2011.08.30 13:53:33 | 000,000,990 | ---- | C] () -- C:\cc_20110830_135331.reg
[2011.08.30 13:53:09 | 000,041,464 | ---- | C] () -- C:\cc_20110830_135303.reg
[2011.08.30 13:44:12 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.08.30 13:38:22 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.08.30 13:25:10 | 000,302,592 | ---- | C] () -- C:\Users\Schoormann\Desktop\ygjpkoqd.exe
[2011.08.29 21:04:32 | 000,000,816 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.29 20:51:54 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.29 20:37:02 | 000,000,120 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\Uzudahubimu.dat
[2011.07.15 18:49:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.15 18:49:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.15 17:55:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.14 15:54:35 | 000,000,552 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d8caps.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010.08.11 02:36:47 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\EACC5DED12.sys
[2010.08.11 02:36:46 | 000,001,056 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.07.11 18:21:09 | 000,036,334 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010.07.09 20:24:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.06.24 12:44:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.04.12 13:55:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.09 05:40:20 | 000,095,232 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.09 04:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.09 04:05:30 | 000,000,115 | ---- | C] () -- C:\Windows\telephon.ini
[2010.04.09 03:47:05 | 000,006,912 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2010.04.09 03:34:22 | 000,001,356 | ---- | C] () -- C:\Users\Schoormann\AppData\Local\d3d9caps.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,325,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.07.20 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Amazon
[2010.09.27 02:16:13 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\BSW
[2010.04.12 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canneverbe Limited
[2010.08.27 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Canon
[2010.04.09 04:37:20 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\FRITZ!
[2011.08.30 23:55:50 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\gtk-2.0
[2011.06.17 03:17:24 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\IrfanView
[2011.08.30 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Thunderbird
[2011.08.30 16:23:40 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Tracker Software
[2011.08.30 13:51:55 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\TS3Client
[2011.08.30 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\Schoormann\AppData\Roaming\Vso
[2011.08.31 12:05:13 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 31.08.2011 12:11:37 - Run 3
OTL by OldTimer - Version 3.2.26.6    Folder = C:\Users\Schoormann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,00% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 82,06 Gb Free Space | 42,02% Space Free | Partition Type: NTFS
Drive D: | 149,03 Gb Total Space | 75,05 Gb Free Space | 50,36% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 424,68 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 27,97 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: SCHOORMANN-PC | User Name: Schoormann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3784390759-3954865261-2086754977-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5B3E92-8665-44FC-8373-84DE3CAFBBC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{100350CC-249B-4569-BCBA-6A467B102A9F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D30E94DA-939E-4D46-8A8A-0169D684DB75}" = lport=6881 | protocol=6 | dir=in | name=wow |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0724A2AF-D548-462E-9CE5-2C6715580A50}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{07E3E6E0-D221-456E-BD71-2EDE1324EACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0953A5C7-035C-4490-9A95-52E9B0FB8723}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12E2E86F-9754-4298-89D2-D54B349C60F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15EAD0CB-A41A-4AA7-AE14-CFF2D8EAD2CF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{2F484F7D-704F-4D7D-ACCD-4B86D95BD38D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{3B2C22AC-E58B-4E67-A91D-037AB9CCD706}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{4E3BB871-E11C-41B2-A9DE-B83E52F9B477}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{501ED65F-6CB1-4B42-BF7E-1DC6E601C160}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow.exe |
"{52ADD736-95CA-46CA-B479-70898172BDA3}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{5F16B22D-98F0-4213-9987-3073E2B5707A}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{728FBF64-D96F-4A37-BB68-6C6CA5B60821}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{87681B39-8F60-4BE5-B980-B83CAFF6631D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{9E2882A4-5915-4196-82E0-79D02BF0CDEB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8942F68-A9AF-414D-A090-094E98F0D532}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{AB853CCF-E724-45B3-B42D-EF2C22F709DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BABF248F-CB9B-4576-9308-4DF7EE65A909}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"{BC8EEC8F-BA5B-4A6B-A4A1-D4E889B00EFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D07CBEAC-D557-4C38-B830-8AE92DB7582A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\counter-strike source\hl2.exe |
"{DA120216-F152-4202-80C1-07DB0F5E629B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F07DE95A-4172-408A-B328-B089D7521A7D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{AD657F9B-AECD-453A-A66A-1ABFA3EDF800}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{AE0D0234-4F94-4F6B-9D8A-592EE7DD8815}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
"TCP Query User{D5C06307-5B5C-4D22-805D-9678AAC9C434}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E9FB85EE-9FBF-4340-82C5-9FF2E3176BCA}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{6044E343-8E82-4035-8F31-947D37459AD2}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{62F6FD0D-0709-4D10-91DC-046F75D1700F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8980AD1B-7EA9-420E-990C-AB4B5A2813C0}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{C3F7BD6B-2AA9-4895-B21A-E0C6BD7EA2E7}C:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\schoormann\team fortress 2\hl2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"EADM" = EA Download Manager
"FRITZ! 2.0" = AVM FRITZ!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSI Live Update 3" = MSI Live Update 3
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Bamboo
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2011 16:45:16 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:20 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 01.06.2011 16:45:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 09:36:01 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.06.2011 15:04:23 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 02.06.2011 15:04:28 | Computer Name = Schoormann-PC | Source = RasClient | ID = 20227
Description =
 
Error - 03.06.2011 10:31:21 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 03.06.2011 10:31:21 | Computer Name = Schoormann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 30.08.2011 07:35:34 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:37:58 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10005
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 30.08.2011 07:43:49 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.08.2011 11:20:15 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 30.08.2011 16:01:10 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.08.2011 05:58:18 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
Error - 31.08.2011 06:03:42 | Computer Name = Schoormann-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 31.08.2011 06:07:18 | Computer Name = Schoormann-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
--- --- ---


-

Rest folgt gleich..

Hoshy 31.08.2011 12:07
3.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/31/2011 at 01:05 PM

Application Version : 5.0.1118

Core Rules Database Version : 7624
Trace Rules Database Version: 5436

Scan type      : Complete Scan
Total Scan Time : 00:42:41

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned      : 625
Memory threats detected  : 0
Registry items scanned    : 37547
Registry threats detected : 0
File items scanned        : 51105
File threats detected    : 2

Adware.Tracking Cookie
        acvs.mediaonenetwork.net [ D:\DOKUMENTE UND EINSTELLUNGEN\SCHOORMANN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BCUWCNHZ ]
        D:\DOKUMENTE UND EINSTELLUNGEN\SCHOORMANN\COOKIES\SCHOORMANN@ATWOLA[1].TXT
Partition D:\ ist eine nicht mehr genutzte WinXP-Partition. Wahrscheinlich waren das Reste vom Nutzen vergangener Tage.

Weitere Logs folgen sobald fertig.

Hoshy 31.08.2011 13:36
Der ESET Scanner läuft noch .. dauert ganz schön.
Wie könnte ich denn die Partition D:\ formatieren?

Über die Systemverwaltung funktioniert das nicht. Kein Zugriffmöglich.
Müsste ich über die Vista CD booten und dort D:\ löschen?
Eigentlich ist das ja unsinn das sich dort alter Krempel lagert..

Hoshy 31.08.2011 17:32
Liste der Anhänge anzeigen (Anzahl: 1)
ESET Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=ded0ff27d450db439cba443374305389
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-31 12:58:58
# local_time=2011-08-31 02:58:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 92875 51329546 35721 0
# compatibility_mode=5892 16776638 100 95 4037027 152321818 0 0
# compatibility_mode=8192 67108863 100 0 99 99 0 0
# scanned=207733
# found=1
# cleaned=1
# scan_time=6447
D:\Dokumente und Einstellungen\Schoormann\Eigene Dateien\eMule - Kopie\eMule\Incoming\Crack\ProcessWatch.exe        probably a variant of Win32/TrojanDropper.Delf.ECUIPRQ trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
Anscheinend hat ich damals wohl auch so Tauschbörsen-Schrott auf der XP Partition.

Wie gesagt, die Partition möchte ich dann noch formatieren.
Ansonsten scheint das Vista wieder sauber zu sein?! Sehe ich das richtig?
Anfühlen tut sich der Rechner wie immer..

Gruß Hoshy

Ein kleines Problem habe ich noch..
Irgendwie hat sich meine Schriftart im Mailprogramm geändert, das war vor dem fixen und reparieren nicht so..
Grüne Kästen zeigen die richtige Schrift, Der rote das was neu und imho falsch ist:

http://www.trojaner-board.de/attachm...1&d=1314808330

kira 01.09.2011 05:37
Zitat:
Zitat von Hoshy (Beitrag 698377)
Wie gesagt, die Partition möchte ich dann noch formatieren.
dann tue bitte jetzt!:
Da das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizierenhttp://www.world-of-smilies.com/wos_sonstige/a048.gif
- Ich beführte dass Du Dein Problem 100%ig lösen kannst, wenn du dein System neu installierst, da geht`s um:
Code:
D:\Dokumente und Einstellungen\Schoormann\Eigene Dateien\eMule - Kopie\eMule\Incoming\Crack\ProcessWatch.exe
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Forumregel!

Hoshy 01.09.2011 12:30
Aha, ist ja super wie meine Beiträge gelesen wurden...
meine Frage zum formatieren wurde auch nicht beantwortet..

Als ob ich einfach so die HDD formatieren könnte.. tztz..
dann wär das Teil ja Weg gewesen...

kira 02.09.2011 04:36
meinst die Frage hier?:
Zitat:
Zitat von Hoshy (Beitrag 698294)
Wie könnte ich denn die Partition D:\ formatieren?
Müsste ich über die Vista CD booten und dort D:\ löschen?
deine Festplatte wird dadurch komplett formatiert

Hoshy 02.09.2011 08:16
Also meinte Aktive Partition mit der ich arbeite, surfe und alles andere mache ist Partition C:\ auf der liegt Vista.

Die Partition D:\ ist 6 - 7 Jahre alt. Auf der liegt XP.
Mit der habe ich ewig nicht gearbeitet (ca. 4 Jahre). Und hatte bis dato, keine wirkliche Ahnung was da noch drauf ist.

Ich kann die Festplatte aber nicht einfach über die Verwaltung->Datenträgerverwaltung formatieren.
Es kommt immer eine Fehlermeldung. "á la die Systempartition kann nicht formatiert werden."
Ich müsste also das irgendwie anders machen..

Wahrscheinlich über die Vista CD und das Boot Menü? Richtig?

Ich habe auf meiner Vista Partition, keinerlei illegale Software.. Cracks oder sonstigen Schwachsinn.
Ich habe immer sehr darauf geachtet, was ich an meinen PC veranstalte.

Fühle mich deshalb bisschen von der Seite angefahren, bzgl. meines "Konsumverhalten".

gruß hoshy

kira 02.09.2011 16:13
Mit Windows CD booten und die gewünschte Partition auswählen


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131