Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte (https://www.trojaner-board.de/105261-virus-ordner-dateien-ploetzlich-versteckt-windows-fehlermeldungen-festplatte.html)

rlw 20.11.2011 18:30
VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte
 
Hallo,

ich habe die 7 Hinweise und Regeln gelesen und heute den Nachmittag über gegoogelt und die Boardsuche bemüht. Der Symptomatik nach erkenne ich das Muster des Windows Recovery Virus / Trojaners, jedoch auch ein wenig mehr. Ich wollte nicht blindlings die Ratschläge die den anderen Gästen von Euch gegeben wurden befolgen, daher ein neues Thema.

Mein System : Windows 7 Home Premium 32 Bit
1 TB FP, Partitionen C und E
320 GB FP, Partition D
Datensicherung : 2x 1TB USB und ACER H340 Homeserver

Ich habe seit gestern abend folgende Problem auf C (aktive Windows Partition) :

Nach Installation und Deinstallation eines Programmes von Chip.de startete der Rechner neu. Es kam ein schwarzer Bildschirmhintergrund, die ersten Desktop Icons waren verschwunden und es gab eine Windows Fehlermeldung, dass meine FP kritische Fehler habe und ich sofort scannen oder verzögert scannen möchte. zunächst klickte ich verzögert, woraufhin der Rechner unmittelbar neu startete.
Nach diesem Neustart erschienen 34 Fehlermeldungen uneindeutiger Art mit einer Adressverletzung (PopUp mit OK Button). Es waren weitere Icons verschwunden, die Schnellstartleiste wurde bedeutend kleiner, im Infobereich neben der Uhr war auch Leere, einzig Antivir Premiu zeigte noch einen offenen Regenschirm, wieder Meldungen über eine angeblich defekte Festplatte mit vielen kritischen Fehlern.
Ich wechselte nach Neustart in den abgesicherten Modus, gleiche Fehlermeldungen : Adressverletzungen wieder und auch diese Scan oder Delay Auswahl. CHKDSK war nicht möglich, ich pante diesen über den Planungsdienst beim nächsten Neustart.

Dieser lief über Nachdurch, Neustart und wieder dasselbe Problem. Die Festplatte schien immer leerer zu werden (diese ist 4 Monate alte und eine WDC). Ausgebaut, USB Rahmen und siehe da, an zwei Laptops alles da aber versteckt.

Derzeit sichere ich die letzten Dateien noch händisch aus meinem separaten Verzeichnis (C:\blblblbl) also kein Win Verzeichnis. Ein Antivir Scan des Verzeichnisses schien sauber.

Ich werde die FP anschliessend wieder in den PC einbauen. VOrher möchte ich gerne mit Euch Rücksprache halten, was ich dann tun soll :

1. Option : Antivir Boot Disk einlegen und scannen (Vorteil ich bräuchte nicht auf das System zugreifen)

2. Option : Euren obligatorischen Malwarebytes Scan und die SChritte von hier durchführen. Allerdings habe ich NICHTS mehr auf dem PC dann, wenn ich ihn hochfahre, d.h. auch keinen Browser mehr oder kann ich FF oder IE noch über das rückgängig machen des Versteck-Attributes sichtbar machen und starten ?

Danke vorab für Euren Vorab-Rat.

Viele Grüße
RUdi

markusg 20.11.2011 18:32
hi
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
kannst du ja von nem stick aus auf den infizierten pc rüber kopieren und starten.

rlw 20.11.2011 19:50
Hallo,

musste jedes Mal wieder die Ordneroptionen anpassen um OTL ausführen zu können. :headbang:

Nachtrag :

Fehlermeldung 1:
Windows detected a hard disk problem
A potential dusk failure may cause loss of files, applications and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems before continue using this PC.

Option 1 zum Anklicken : Scan and fix (recommended)
Prevents future problems with files stored on the disk or device
[wenn ich das klicke, passiert nichts sichtbares, nach 30 sek. kommt das Pop-up wieder]

option 2 : Delay scan
Your computer will be restarted [was auch passiert und ich lande wie in einer Schleife wieder da]

Das andere Pop-up (nach drei Minuten mehr als 40) lautet :
Windows - Delayed Write Failed
Failed to save all the components for the file \\system32\XXXXXXX [Zahlenkombi immer anders]. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.

Dazu kommen im Infobereich ein kreisrundes rotes Symbol mit einem weißen X, hier stehen so Sachen wie critical error windows OS can't detect free hard drive space. hard drive error, Harddrive cluster are partly damaged, Segment load failure etc. und etwas mit RAM sei nicht mehr "reliable".

Taskmanager kann ich auf keinem Weg mehr aufrufen, anklicken oder per Tastenkombi schon, aber er kommt nicht.

Ich nutze Antivir Premium 2012 (täglich aktualisiert) und Comodo firewall.

Hier nun die Logs :

OTL Log

Code:
OTL logfile created on: 20.11.2011 19:23:26 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Install-Dateien
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,59% Memory free
16,67 Gb Paging File | 15,22 Gb Available in Paging File | 91,31% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 873,76 Gb Total Space | 639,16 Gb Free Space | 73,15% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 109,84 Gb Free Space | 36,85% Space Free | Partition Type: NTFS
Drive E: | 57,70 Gb Total Space | 51,63 Gb Free Space | 89,49% Space Free | Partition Type: FAT32
Drive W: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive X: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive Y: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive Z: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
 
Computer Name: KUR-PC | User Name: KerstinundRudi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Install-Dateien\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\HelpPane.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MWAgent) -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SecretDriveService) -- C:\Program Files\Eterlogic.com\SecretDrive\SecretDriveSrv.exe (Eterlogic.com)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (MirayVirtualDisk) -- C:\Windows\System32\drivers\mvd.sys (Miray)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG                        )
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Ph6xIB32) -- C:\Windows\System32\drivers\Ph6xIB32.sys (NXP Semiconductors GmbH)
DRV - (FXUSBASE) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SecretDriveKrnl) -- C:\Program Files\Eterlogic.com\SecretDrive\Drv\sd32.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 44 B7 44 F5 3E CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.10.23 12:12:23 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KerstinundRudi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.08 23:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 14:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.04.29 21:43:56 | 000,000,000 | ---D | M]
 
[2011.01.06 20:34:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions
[2011.01.06 20:34:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.11.19 09:07:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions
[2010.03.26 15:53:24 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.07.17 08:04:08 | 000,000,000 | -H-D | M] (Forecastfox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.11.05 09:01:59 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.10 07:35:34 | 000,000,000 | -H-D | M] (Delicious Bookmarks) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.06.04 07:15:55 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.10.25 18:46:01 | 000,000,000 | -H-D | M] (SeoQuake) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011.11.19 09:07:19 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.08.23 19:22:13 | 000,000,000 | -H-D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2011.11.16 23:03:22 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.29 18:51:33 | 000,000,000 | -H-D | M] (BitDefender QuickScan) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.16 23:03:24 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.14 07:30:15 | 000,000,000 | -H-D | M] ("Wolfram Toolbar") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\support@wolfram.com
[2011.11.08 23:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.08 23:44:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.01.06 19:36:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 16:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.12 20:22:30 | 000,000,872 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.20  KURSERVER  #Windows Home Server#
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\Windows\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found
O4 - HKCU..\Run: [OpUJxuKltOTh.exe] C:\ProgramData\OpUJxuKltOTh.exe ()
O4 - HKCU..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://my.wcrx.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448BAFC6-34D5-4DEC-8866-DF10777BC811}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2F00FC-5097-42E5-86F1-96544669735A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.14 01:18:39 | 000,000,087 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.15 09:48:22 | 000,000,034 | ---- | M] () - L:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2011.05.15 20:43:14 | 012,341,641 | ---- | M] () - Y:\AutoGordianKnot.2.55.Setup.exe -- [ NTFS ]
O32 - AutoRun File - [2008.02.03 00:47:34 | 000,152,889 | ---- | M] () - Y:\automove18.zip -- [ NTFS ]
O32 - AutoRun File - [2008.03.16 22:24:40 | 000,000,100 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.05.07 19:09:34 | 000,578,183 | ---- | M] () - Y:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2009.01.24 20:29:04 | 000,577,363 | ---- | M] () - Y:\Autoruns_Jan09.zip -- [ NTFS ]
O32 - AutoRun File - [2008.01.14 22:32:08 | 000,542,582 | ---- | M] () - Y:\Autoruns_PFW.zip -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email.doc -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto.doc -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:38:16 | 000,119,489 | ---- | M] () - Z:\Autokredit Vergleich - Ergebnis - So finden Sie den richtigen Autokredit!_1252341492035.png -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:37:48 | 000,162,678 | ---- | M] () - Z:\Autokredit – Jetzt Autokredite online berechnen mit finanzen.de_1252341463919.png -- [ NTFS ]
O32 - AutoRun File - [2011.10.15 22:07:51 | 000,020,632 | ---- | M] () - Z:\Autos.xlsx -- [ NTFS ]
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell - "" = AutoRun
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.20 01:28:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.20 00:44:47 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser
[2011.11.20 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser
[2011.11.20 00:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NetDragon
[2011.11.20 00:38:42 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\AppData\Local\NetDragon
[2011.11.20 00:38:28 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\Documents\91 Mobile
[2011.11.20 00:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\NetDragon
[2011.11.19 23:36:14 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\Documents\Tansee
[2011.11.19 23:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Transfer SMS
[2011.11.19 22:56:45 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Moka
[2011.11.19 22:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin
[2011.11.19 22:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin
[2011.11.19 22:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.19 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.19 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.13 13:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vista Start Menu
[2011.11.09 17:32:23 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.01 14:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.01 14:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.10.24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2011.10.23 17:35:46 | 000,000,000 | -H-D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Avira
[2011.10.23 17:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.23 17:35:16 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.10.23 17:35:14 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.23 17:35:14 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.23 17:35:14 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.22 08:33:24 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.10.22 08:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.10.22 08:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.10.22 07:38:22 | 000,033,984 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2009.12.26 10:46:00 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.20 19:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 19:19:12 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 19:17:51 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 19:17:51 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 05:34:38 | 000,003,664 | -H-- | M] () -- C:\bootsqm.dat
[2011.11.20 01:14:08 | 000,661,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.20 01:14:08 | 000,621,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.20 01:14:08 | 000,132,958 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.20 01:14:08 | 000,109,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.20 00:51:02 | 000,346,368 | -H-- | M] () -- C:\ProgramData\3KZXbMHr5Qs9iR.exe
[2011.11.20 00:41:22 | 000,002,776 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.11.20 00:09:59 | 000,433,920 | -H-- | M] () -- C:\ProgramData\OpUJxuKltOTh.exe
[2011.11.19 22:56:41 | 000,000,885 | -H-- | M] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.15 22:48:10 | 000,000,138 | -H-- | M] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2011.11.09 18:50:36 | 000,418,053 | -H-- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | -H-- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.11.09 18:18:08 | 001,892,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2011.11.20 05:34:38 | 000,003,664 | -H-- | C] () -- C:\bootsqm.dat
[2011.11.20 00:51:02 | 000,346,368 | -H-- | C] () -- C:\ProgramData\3KZXbMHr5Qs9iR.exe
[2011.11.20 00:12:59 | 000,433,920 | -H-- | C] () -- C:\ProgramData\OpUJxuKltOTh.exe
[2011.11.19 22:56:41 | 000,000,885 | -H-- | C] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.09 18:50:35 | 000,418,053 | -H-- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | -H-- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.09.24 16:41:08 | 000,000,151 | ---- | C] () -- C:\Windows\Lilli.ini
[2011.09.24 16:41:08 | 000,000,000 | ---- | C] () -- C:\Windows\Lcorn.ini
[2011.09.20 23:55:16 | 000,000,080 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Local\X-Plane Installer.prf
[2011.08.26 16:23:44 | 000,315,444 | ---- | C] () -- C:\Windows\System32\isdnapi32.dll
[2011.08.26 16:23:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AuerCapiJNINative.dll
[2011.05.15 20:47:47 | 000,000,551 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\AutoGK.ini
[2010.10.23 13:17:57 | 000,001,032 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\mdbu.bin
[2010.10.14 14:19:32 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.14 14:18:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.14 14:17:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.14 14:16:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.07.21 10:40:51 | 000,002,091 | ---- | C] () -- C:\Windows\disney.ini
[2010.07.19 20:32:56 | 000,000,138 | -H-- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.06.29 19:14:08 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.06.29 19:14:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.03.27 22:58:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.07 14:35:06 | 000,007,603 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Local\Resmon.ResmonCfg
[2010.03.07 11:15:14 | 000,000,231 | ---- | C] () -- C:\Windows\hegames.ini
[2010.02.08 23:40:49 | 000,003,474 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\SAS7_000.DAT
[2009.12.28 11:20:55 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.28 10:59:42 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.12.26 10:46:00 | 000,087,608 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\inst.exe
[2009.12.26 10:46:00 | 000,007,887 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.cat
[2009.12.26 10:46:00 | 000,001,144 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.inf
[2009.12.24 19:37:23 | 000,000,193 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.12 22:39:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.08 17:46:30 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009.12.04 22:17:18 | 000,198,341 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.12.02 01:29:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.02 01:29:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.11.28 09:38:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.28 09:38:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.12 22:35:19 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4675E324A8.sys
[2009.11.08 22:16:44 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE
[2009.11.08 21:47:47 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.11.07 22:39:43 | 000,000,138 | -H-- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2009.11.07 21:31:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.07 05:38:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.07 00:27:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.07 00:27:18 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.11.07 00:27:18 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.06 23:50:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.11.06 23:50:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.11.06 22:07:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.06 00:57:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2009.11.06 00:47:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.11.05 23:33:48 | 000,002,776 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.11.05 23:33:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CEB7182B63.sys
[2009.11.05 23:25:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.11.05 23:01:41 | 000,000,040 | -HS- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\.zreglib
[2009.11.05 22:48:58 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009.11.05 11:03:03 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ZIPDLL.DLL
[2009.11.05 11:03:03 | 000,130,816 | ---- | C] () -- C:\Windows\System32\UNZDLL.DLL
[2009.11.05 07:47:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.10.26 20:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.07.14 09:47:43 | 000,661,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,958 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 001,892,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,621,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,109,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.09 17:23:54 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.07.09 17:23:52 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.07.09 17:23:52 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 17:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.07.09 17:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2006.11.06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}
@Alternate Data Stream - 143 bytes -> C:\Users\KerstinundRudi\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A24211BA

< End of report >


Extra Log
Code:
OTL Extras logfile created on: 20.11.2011 19:23:26 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Install-Dateien
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,59% Memory free
16,67 Gb Paging File | 15,22 Gb Available in Paging File | 91,31% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 873,76 Gb Total Space | 639,16 Gb Free Space | 73,15% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 109,84 Gb Free Space | 36,85% Space Free | Partition Type: NTFS
Drive E: | 57,70 Gb Total Space | 51,63 Gb Free Space | 89,49% Space Free | Partition Type: FAT32
Drive W: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive X: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive Y: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
Drive Z: | 911,50 Gb Total Space | 912,34 Gb Free Space | 100,09% Space Free | Partition Type: NTFS
 
Computer Name: KUR-PC | User Name: KerstinundRudi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel Paint Shop Pro Photo X2 durchsuchen] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B6C376-A29F-0BE3-48AC-39E26499DF0D}" = Catalyst Control Center Core Implementation
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0ABA2DC3-B67B-4D87-AB1B-EC5E9CDF24B3}" = QuickSteuer DELUXE Wissens-Center 2011
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FD7181B-7CB3-1635-9CFC-87BAAA6642B8}" = ATI Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{12C14845-C842-4D56-C7D7-71DECD56D764}" = CCC Help Norwegian
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{16281EBA-AA00-44D2-BC8B-06F3C3380DA1}" = Green Line 2 Sprachtrainer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1D6FB37A-CBCA-11D6-8940-0002A5E32BEF}" = Ferkels GROSSES ABENTEUER
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE0F38-03FE-CB69-630B-C0FBB49756D3}" = Catalyst Control Center Graphics Full Existing
"{232F90E1-8B70-4BA7-ACBE-613661AEE443}" = M3 SAKURA V1.48 Global (GAME PATCH V4.8d)
"{23385D05-1ED5-49AB-8C16-802ED2827331}" = NetObjects Fusion 11.0
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}" = Lexware buchhalter 2011
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CF9CDDA-99FC-4472-9DDE-1F980D6AFBDF}" = SecretDrive
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{357ED8F5-8345-516D-8949-379F900DFBB4}" = CCC Help German
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4685AD7F-2BBA-4F0F-A0AF-97ECD8B99E17}" = SmartFTP Client German (Germany) MUI
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F16C785-4696-FF57-4B89-050039F681CD}" = CCC Help Spanish
"{4FF7FD3D-918B-02D2-4C81-6611EABC28E1}" = CCC Help English
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{560E96B3-356D-4572-9FE3-B44F9AB92622}" = CBL Daten-Shredder
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63D014A4-A6FA-61E1-C542-750D26432D28}" = CCC Help Swedish
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{692F4201-AB4C-4795-9F42-123F0601F8B7}" = LightsOut Client
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7532f07f-67da-41bc-96e3-aaccecfc8cf5}" = Nero 9
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7950BF35-B123-0147-E9E7-4B1B61A23189}" = CCC Help French
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84B8901D-8C8B-7173-1E2F-E0F0BBEB63A3}" = Catalyst Control Center Graphics Previews Vista
"{851DE017-C00B-4A50-B413-4C05740AF56E}" = Nuance PDF Create! 5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870832ED-43F3-4425-931C-137C18902664}" = Sun VirtualBox
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8B3B6E10-DF48-4C52-9A76-27D76F3207C2}" = Quick Font Review
"{8B99E92F-BEF6-27C2-DFFC-51FE3D31F547}" = Catalyst Control Center Graphics Light
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9172AF22-BCA5-4CD3-AC28-4A029EE35FE0}" = Tunebite
"{94ED85C0-D136-D30B-D62F-F1C113BA50B4}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF35D7A-0ABF-7EC6-EEDB-A1C2DBC2CD76}" = Catalyst Control Center Localization All
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CA72668-86CC-5447-9278-A0378FE45378}" = Media Add-ons for Acronis True Image Home 2010
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A25D3CE4-2813-4A1C-3279-B8E284A00E8F}" = ccc-utility
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB5C09FB-2DFE-4509-BAC2-6501AA7CC246}" = SmartFTP Client
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ACEFE0D4-8FE3-79BD-FEA5-182A7975363E}" = CCC Help Japanese
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{ADD9AEE8-B916-4CD6-A04B-9386DF90D594}" = Deutsche Post E-Porto
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1D2A138-D53E-4D3F-B547-EA2277007746}" = Auerswald COMset 2.7.2
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = Telescope Driver
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B51376D6-7C96-006E-150A-296AC6768AE0}" = ccc-core-static
"{B6F302CE-8F44-445C-A18D-41C8E203FB33}" = NetObjects Fusion 11.0
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCF02DC5-826B-30B0-F64E-83BF23C50C5E}" = CCC Help Danish
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C4D26D60-7B43-4CE9-AE19-A380D9DF126B}" = Garmin MapSource
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB8D173D-B856-4356-B5C4-809998A98833}" = Garmin BaseCamp
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCA3335D-2BA0-4C31-8A90-D6B50CDE452F}" = WISO Mein Geld 2010 Professional
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEDE5E8A-37C3-40C7-8F9C-7D0E70DA0C9E}" = Auerswald COMtools 2.3.2
"{CF638396-F8DE-8D4C-46B0-BCD1D76CEA43}" = Catalyst Control Center InstallProxy
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA7C730A-A803-21B1-84A8-0C204FCD73CD}" = CCC Help Finnish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010
"{DF00BED3-9716-ABCF-4217-A36128B66D65}" = CCC Help Italian
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E188D820-1218-4E28-8BCA-91134C3664C2}" = Ulead VideoStudio 10.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6F9172-D644-4C45-9892-2F22AF49F88C}" = Green Line 3 Sprachtrainer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B74F3E-8B6C-4826-802E-B907BAAE4E4B}" = Auerswald COMlist 2.5.2
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FD6385D8-7149-466E-85C9-A7DBD74D9189}" = CacheStats
"{FEDDA1A2-325F-6F12-B1C1-BB8D263587FA}" = CCC Help Dutch
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"AnyDVD" = AnyDVD
"Artisteer 3" = Artisteer 3
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"AviSynth" = AviSynth 2.5
"Barcode Maker 2.6" = Barcode Maker 2.6
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"Canon MX860 series Benutzerregistrierung" = Canon MX860 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CloneDVDmobile" = CloneDVDmobile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.10.0
"DHL Verkaufsmanager_is1" = Supreme Auction
"DirSync" = DirSync  2.91
"DivX Setup.divx.com" = DivX-Setup
"DRAGON" = DRAGON 1.6
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FBDBServer_2_1_is1" = Firebird 2.1.2.18118 (Win32)
"GIF Animator" = Microsoft GIF Animator
"GSAK_is1" = GSAK 7.7.1.34 (Final)
"HandBrake" = HandBrake 0.9.5
"HDClone.Basic.4.0.3.1031-{56120486-257C-493B-BD3E-3B8516B8A826}" = HDClone 4 Basic Edition
"HDD Health_is1" = HDD Health v3.3 Beta
"ImgBurn" = ImgBurn
"InfoRapid KnowledgeMap" = InfoRapid KnowledgeMap
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"IrfanView" = IrfanView (remove only)
"iTwin_is1" = iTwin 3.2 Final
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Full)
"LightsOut Client" = LightsOut Client
"MailStore Home_is1" = MailStore Home 4.1.1.5187
"Map Tuner" = Map Tuner 1.0.51
"MediaCoder" = MediaCoder 0.7.2.4535
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"Netnotep_is1" = Network Notepad 4.6.6
"NirSoft ShellExView" = NirSoft ShellExView
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PC-Wetterstation_is1" = WsWin V2.96.7 - 2011-07-01
"Personal Backup_is1" = Personal Backup 5.0
"PokerStars.net" = PokerStars.net
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PRJPRO" = Microsoft Office Project Professional 2007
"Quick Font Review" = Quick Font Review
"Recuva" = Recuva (remove only)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Stellarium_is1" = Stellarium 0.10.1
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Sweet Home 3D_is1" = Sweet Home 3D version 3.0
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"TeamViewer 5" = TeamViewer 5
"TeamViewer Manager 3" = TeamViewer Manager 3
"TeamViewer Manager 5" = TeamViewer Manager 5
"TFA_Nexus" = TFA_Nexus
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Ulead COOL 3D 3.0" = Ulead COOL 3D 3.0
"UltraISO_is1" = UltraISO Premium V9.36
"Vista Start Menu_is1" = Vista Start Menu 3.88
"VLC media player" = VLC media player 1.0.3
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"Winnie Puuh - Kindergarten" = Disneys Winnie Puuh - Kindergarten
"Winnie Puuh - Vorschule" = Disneys Winnie Puuh - Vorschule
"WinRAR archiver" = WinRAR
"WinSysClean X" = WinSysClean X
"WISO Mein Geld 2010 Professional" = WISO Mein Geld 2010 Professional
"X10Hardware" = X10 Hardware(TM)
"xp-AntiSpy" = xp-AntiSpy 3.97-5
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"RationalPlan Single Project" = RationalPlan Single Project
"STANLY Track EDDF" = STANLY Track EDDF
"UnityWebPlayer" = Unity Web Player
"WM Capture" = WM Capture
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Vielen Dank schonmal vorab
:daumenhoc
Rudi

rlw 21.11.2011 08:34
Hallo,

nach weiterer Recherche im Forum habe ich dasselbe Problem wie http://www.trojaner-board.de/105241-...gesperrt.html.

Systemwiederherstellung hatte auch keinen Erfolg gebracht. Sie lief durch, beim Neustart kam dann aber, dass eine *.js Datei nicht geöffnet werden kann und die Systemwiederherstellung daher nicht erfolgreich abgeschlossen werden konnte.

Viele Grüße
Rudi

markusg 21.11.2011 12:13
hiho
achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [OpUJxuKltOTh.exe] C:\ProgramData\OpUJxuKltOTh.exe ()
[2011.11.20 00:51:02 | 000,346,368 | -H-- | M] () -- C:\ProgramData\3KZXbMHr5Qs9iR.exe

:Files
C:\ProgramData\OpUJxuKltOTh.exe

:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

rlw 21.11.2011 18:17
Hi,

hier das Log von OTL, die Moved Files sind in 1 Minute im Upload Channel :

Code:
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OpUJxuKltOTh.exe deleted successfully.
File move failed. C:\ProgramData\OpUJxuKltOTh.exe scheduled to be moved on reboot.
C:\ProgramData\3KZXbMHr5Qs9iR.exe moved successfully.
========== FILES ==========
File move failed. C:\ProgramData\OpUJxuKltOTh.exe scheduled to be moved on reboot.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.31.0 log created on 11212011_171224

Files\Folders moved on Reboot...
C:\ProgramData\OpUJxuKltOTh.exe moved successfully.

Registry entries deleted on Reboot...
Danke und viele Grüße
Rudi

markusg 21.11.2011 18:42
hatt geklappt danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

rlw 21.11.2011 19:48
Hi,

eine Frage, ich bin ja ein geduldiger Mensch, aber ich mach mir Gedanken. Bin nach dem Tutorium Schritt für Schritt vorgegangen und hab alle Prozesse von Antivir und Comodo im Taskmanager beendet.

Nun steht das CMD Fenster seit 30 Min bei Schritt "ComboFix durchsucht den PC nach Infizierungen". Die Uhr ist auch nicht geändert und im CMD-Fenster Titel steht : Administrator : AutoScan (Keine Rückmeldung). Und ich habe nicht an Tastatur und Maus herumgedrückt ;-)

Das macht mir Sorgen .... oder ist das wieder mal ein 40cm Problem :eek:

VIelen Dank und viele Grüße
Rudi

markusg 21.11.2011 20:04
dann hat er sich wohl aufgehangen.
schließe es mal über den taskmanager bzw mit alt+f4
dann starte mal in den abgesicherten modus mit netzwerk, sollte bei pc start mit f8 gehen und versuchs da noch mal

rlw 21.11.2011 21:02
Hallo,

auch im abgesicherten Modus - Nichts, er steht wieder an dieser Stelle, allerdings ohne die (keine Rückmeldung).

Was nun ?

Viele Grüße Rudi

markusg 21.11.2011 21:06
wie lange steht er schon da?

rlw 21.11.2011 21:09
Hi,

ziemlich genau eine Stunde.

Viele Grüsse
Rudi

markusg 21.11.2011 21:11
ok brichs erst mal ab.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

rlw 22.11.2011 06:23
Guten Morgen,

hier der Malwarebytes Log

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8210

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.11.2011 05:06:47
mbam-log-2011-11-22 (05-06-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 709786
Laufzeit: 5 Stunde(n), 35 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Während Malwarebytes Lief fand Avira folgendes (dachte eigentlich hätte im taskman alles beendet):

Code:
In der Datei 'C:\Users\KerstinundRudi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\83d4da7-4d542bec'
wurde ein Virus oder unerwünschtes Programm 'EXP/2010-0840.P.1' [exploit] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Vielen Dank schonmal vorab

Viele Grüße Rudi

markusg 22.11.2011 12:07
hi,
sieht erst mal gut aus.

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

rlw 22.11.2011 17:55
Hallo,

danke für die Aufmunterung "sieht gut aus" :applaus:

Aber ne blöde Frage : Scan oder Fix ???

Ich hab mal scan gedrückt.

Code:
OTL logfile created on: 22.11.2011 17:49:53 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\KerstinundRudi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,01% Memory free
16,67 Gb Paging File | 15,27 Gb Available in Paging File | 91,60% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 873,76 Gb Total Space | 629,27 Gb Free Space | 72,02% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 109,84 Gb Free Space | 36,85% Space Free | Partition Type: NTFS
Drive E: | 57,70 Gb Total Space | 51,63 Gb Free Space | 89,49% Space Free | Partition Type: FAT32
Drive L: | 967,17 Mb Total Space | 2,06 Mb Free Space | 0,21% Space Free | Partition Type: FAT
Drive W: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive X: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive Y: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive Z: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
 
Computer Name: KUR-PC | User Name: KerstinundRudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KerstinundRudi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MWAgent) -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SecretDriveService) -- C:\Program Files\Eterlogic.com\SecretDrive\SecretDriveSrv.exe (Eterlogic.com)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (MirayVirtualDisk) -- C:\Windows\System32\drivers\mvd.sys (Miray)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG                        )
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Ph6xIB32) -- C:\Windows\System32\drivers\Ph6xIB32.sys (NXP Semiconductors GmbH)
DRV - (FXUSBASE) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SecretDriveKrnl) -- C:\Program Files\Eterlogic.com\SecretDrive\Drv\sd32.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 44 B7 44 F5 3E CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.10.23 12:12:23 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KerstinundRudi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.08 23:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 14:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.04.29 21:43:56 | 000,000,000 | ---D | M]
 
[2011.01.06 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions
[2011.01.06 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.11.21 18:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions
[2010.03.26 15:53:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.07.17 08:04:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.11.05 09:01:59 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.10 07:35:34 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.06.04 07:15:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.21 18:17:36 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011.11.19 09:07:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.08.23 19:22:13 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2011.11.16 23:03:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.29 18:51:33 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.16 23:03:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.14 07:30:15 | 000,000,000 | ---D | M] ("Wolfram Toolbar") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\support@wolfram.com
[2011.11.08 23:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.08 23:44:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.01.06 19:36:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 16:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.12 20:22:30 | 000,000,872 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.20  KURSERVER  #Windows Home Server#
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\Windows\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found
O4 - HKCU..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://my.wcrx.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448BAFC6-34D5-4DEC-8866-DF10777BC811}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2F00FC-5097-42E5-86F1-96544669735A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.14 01:18:39 | 000,000,087 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.15 09:48:22 | 000,000,034 | ---- | M] () - L:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2011.05.15 20:43:14 | 012,341,641 | ---- | M] () - Y:\AutoGordianKnot.2.55.Setup.exe -- [ NTFS ]
O32 - AutoRun File - [2008.02.03 00:47:34 | 000,152,889 | ---- | M] () - Y:\automove18.zip -- [ NTFS ]
O32 - AutoRun File - [2008.03.16 22:24:40 | 000,000,100 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.05.07 19:09:34 | 000,578,183 | ---- | M] () - Y:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2009.01.24 20:29:04 | 000,577,363 | ---- | M] () - Y:\Autoruns_Jan09.zip -- [ NTFS ]
O32 - AutoRun File - [2008.01.14 22:32:08 | 000,542,582 | ---- | M] () - Y:\Autoruns_PFW.zip -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email.doc -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto.doc -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:38:16 | 000,119,489 | ---- | M] () - Z:\Autokredit Vergleich - Ergebnis - So finden Sie den richtigen Autokredit!_1252341492035.png -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:37:48 | 000,162,678 | ---- | M] () - Z:\Autokredit – Jetzt Autokredite online berechnen mit finanzen.de_1252341463919.png -- [ NTFS ]
O32 - AutoRun File - [2011.10.15 22:07:51 | 000,020,632 | ---- | M] () - Z:\Autos.xlsx -- [ NTFS ]
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell - "" = AutoRun
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.22 17:30:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.22 17:28:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\KerstinundRudi\Desktop\OTL.exe
[2011.11.21 23:27:50 | 000,000,000 | ---D | C] -- C:\Windows Home Server-Treiber für Wiederherstellung
[2011.11.21 21:22:56 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Malwarebytes
[2011.11.21 21:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.21 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.21 21:22:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.21 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 20:37:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.11.21 19:26:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.21 19:26:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.21 19:26:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.21 19:25:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.21 19:25:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.21 19:24:13 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\KerstinundRudi\Desktop\ComboFix.exe
[2011.11.20 01:28:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.20 00:44:47 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser
[2011.11.20 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser
[2011.11.20 00:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NetDragon
[2011.11.20 00:38:42 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Local\NetDragon
[2011.11.20 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\Documents\91 Mobile
[2011.11.20 00:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\NetDragon
[2011.11.19 23:36:14 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\Documents\Tansee
[2011.11.19 23:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Transfer SMS
[2011.11.19 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Moka
[2011.11.19 22:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin
[2011.11.19 22:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin
[2011.11.19 22:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.19 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.19 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.13 13:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vista Start Menu
[2011.11.09 17:32:23 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.01 14:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.01 14:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.10.24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.12.26 10:46:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.22 17:42:45 | 000,014,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 17:42:45 | 000,014,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 17:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.22 17:35:03 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.22 17:29:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\KerstinundRudi\Desktop\OTL.exe
[2011.11.21 21:22:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:24:43 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\KerstinundRudi\Desktop\ComboFix.exe
[2011.11.21 17:13:23 | 000,661,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.21 17:13:23 | 000,621,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.21 17:13:23 | 000,132,958 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.21 17:13:23 | 000,109,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.21 17:03:50 | 000,684,297 | ---- | M] () -- C:\Users\KerstinundRudi\Desktop\unhide.exe
[2011.11.20 05:34:38 | 000,003,664 | ---- | M] () -- C:\bootsqm.dat
[2011.11.20 00:41:22 | 000,002,776 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.11.19 22:56:41 | 000,000,885 | ---- | M] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.19 22:13:55 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.15 22:48:10 | 000,000,138 | ---- | M] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2011.11.09 18:50:36 | 000,418,053 | ---- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | ---- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.11.09 18:18:08 | 001,892,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2011.11.21 21:22:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:26:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.21 19:26:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.21 19:26:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.21 19:26:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.21 19:26:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.21 18:06:11 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.11.21 18:06:11 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Tfa_Nexus.lnk
[2011.11.21 18:06:11 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Quick Font Review.lnk
[2011.11.21 18:06:11 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2011.11.21 18:06:11 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\WISO Mein Geld 2010.lnk
[2011.11.21 18:06:10 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011.11.21 18:06:10 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2011.11.21 18:06:10 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011.11.21 18:06:10 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011.11.21 18:06:10 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.21 18:06:10 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Freigegebene Ordner auf Server.lnk
[2011.11.21 18:06:10 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\COMlist 2.5.2.lnk
[2011.11.21 18:06:10 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\DHL Verkaufsmanager.lnk
[2011.11.21 18:06:10 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\COMset 2.7.2.lnk
[2011.11.21 18:06:10 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\COMtools 2.3.2.lnk
[2011.11.21 18:06:10 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.11.21 18:06:10 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\HDClone.lnk
[2011.11.21 18:06:10 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.21 18:06:10 | 000,001,539 | ---- | C] () -- C:\Users\Public\Desktop\Lillifee.lnk
[2011.11.21 18:06:10 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVDmobile.lnk
[2011.11.21 18:06:10 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2011.11.21 18:06:10 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\MailStore Home.lnk
[2011.11.21 18:06:10 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2011.11.21 18:06:10 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Belegschnellerfassung.lnk
[2011.11.21 18:06:10 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2011.11.21 18:06:10 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011.11.21 18:06:10 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.11.21 18:06:10 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Personal Backup 5.lnk
[2011.11.21 18:06:10 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.21 18:06:10 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\GSAK.lnk
[2011.11.21 18:06:09 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2011.11.21 18:06:09 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2011.11.21 18:06:09 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.11.21 18:06:05 | 000,002,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2011.11.21 18:06:05 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.11.21 18:06:05 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LightsOut.lnk
[2011.11.21 18:05:48 | 000,002,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center-Connector.lnk
[2011.11.21 18:05:48 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server-Konsole.lnk
[2011.11.21 18:05:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.21 18:05:48 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
[2011.11.21 18:05:48 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011.11.21 18:05:48 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.11.21 18:05:48 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk
[2011.11.21 18:05:48 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2011.11.21 18:05:48 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2011.11.21 18:05:48 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Virtual PC.lnk
[2011.11.21 18:05:48 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.11.21 18:05:48 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.11.21 18:05:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.21 18:05:48 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.11.21 18:05:48 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Update.lnk
[2011.11.21 18:05:48 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.11.21 18:05:48 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.21 17:37:05 | 000,684,297 | ---- | C] () -- C:\Users\KerstinundRudi\Desktop\unhide.exe
[2011.11.20 05:34:38 | 000,003,664 | ---- | C] () -- C:\bootsqm.dat
[2011.11.19 22:56:41 | 000,000,885 | ---- | C] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.09 18:50:35 | 000,418,053 | ---- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | ---- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.09.24 16:41:08 | 000,000,151 | ---- | C] () -- C:\Windows\Lilli.ini
[2011.09.24 16:41:08 | 000,000,000 | ---- | C] () -- C:\Windows\Lcorn.ini
[2011.09.20 23:55:16 | 000,000,080 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Local\X-Plane Installer.prf
[2011.08.26 16:23:44 | 000,315,444 | ---- | C] () -- C:\Windows\System32\isdnapi32.dll
[2011.08.26 16:23:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AuerCapiJNINative.dll
[2011.05.15 20:47:47 | 000,000,551 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\AutoGK.ini
[2010.10.23 13:17:57 | 000,001,032 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\mdbu.bin
[2010.10.14 14:19:32 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.14 14:18:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.14 14:17:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.14 14:16:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.07.21 10:40:51 | 000,002,091 | ---- | C] () -- C:\Windows\disney.ini
[2010.07.19 20:32:56 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.06.29 19:14:08 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.06.29 19:14:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.03.27 22:58:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.07 14:35:06 | 000,007,603 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Local\Resmon.ResmonCfg
[2010.03.07 11:15:14 | 000,000,231 | ---- | C] () -- C:\Windows\hegames.ini
[2010.02.08 23:40:49 | 000,003,474 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\SAS7_000.DAT
[2009.12.28 11:20:55 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.28 10:59:42 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.12.26 10:46:00 | 000,087,608 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\inst.exe
[2009.12.26 10:46:00 | 000,007,887 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.cat
[2009.12.26 10:46:00 | 000,001,144 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.inf
[2009.12.24 19:37:23 | 000,000,193 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.12 22:39:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.08 17:46:30 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009.12.04 22:17:18 | 000,198,341 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.12.02 01:29:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.02 01:29:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.11.28 09:38:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.28 09:38:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.12 22:35:19 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4675E324A8.sys
[2009.11.08 22:16:44 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE
[2009.11.08 21:47:47 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.11.07 22:39:43 | 000,000,138 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2009.11.07 21:31:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.07 05:38:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.07 00:27:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.07 00:27:18 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.11.07 00:27:18 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.06 23:50:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.11.06 23:50:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.11.06 22:07:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.06 00:57:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2009.11.06 00:47:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.11.05 23:33:48 | 000,002,776 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.11.05 23:33:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CEB7182B63.sys
[2009.11.05 23:25:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.11.05 23:01:41 | 000,000,040 | -HS- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\.zreglib
[2009.11.05 22:48:58 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009.11.05 11:03:03 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ZIPDLL.DLL
[2009.11.05 11:03:03 | 000,130,816 | ---- | C] () -- C:\Windows\System32\UNZDLL.DLL
[2009.11.05 07:47:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.10.26 20:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.07.14 09:47:43 | 000,661,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,958 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 001,892,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,621,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,109,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.09 17:23:54 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.07.09 17:23:52 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.07.09 17:23:52 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 17:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.07.09 17:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2006.11.06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :Files >
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}
@Alternate Data Stream - 143 bytes -> C:\Users\KerstinundRudi\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A24211BA

< End of report >

:dankeschoen:
Rudi

markusg 22.11.2011 18:11
sorry hatte zu wenig kopiert.
bitte noch mal und diesmal auf fix klicken

rlw 22.11.2011 18:19
Hallo,

no prob :

Code:
All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: KerstinundRudi
->Flash cache emptied: 1107191 bytes
 
User: Public
 
Total Flash Files Cleaned = 1,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: KerstinundRudi
->Temp folder emptied: 346765472 bytes
->Temporary Internet Files folder emptied: 364316739 bytes
->Java cache emptied: 41655600 bytes
->FireFox cache emptied: 81223880 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88266713 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 880,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11222011_182147

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg 22.11.2011 18:22
ok,
hast ja knapp nen gigabyte speicherplatz gewonnen :d

lade den CCleaner standard:
CCleaner Download - CCleaner 3.12.1572
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

rlw 22.11.2011 18:56
Mach ich gern, allerdings finde ich das ein wenig privat, oder ?

:confused:

markusg 22.11.2011 19:00
in wie fern sollte das privat sein, einiges an instalierter software hab ich doch eh schon gesehen und es ist schon wichtig, wegen updates und anderer hinweise

rlw 22.11.2011 19:01
Hier ist es :

Code:
Acronis*True*Image*Home                        Acronis                                        06.11.2009        13.0.5055        NOTWENDIG
Adobe Acrobat 9 Pro Extended                Adobe Systems                                16.06.2011        9.4.5                NOTWENDIG
Adobe Download Manager                        NOS Microsystems Ltd.                                        1.6.2.91        NOTWENDIG
Adobe Flash Player 10 ActiveX                Adobe Systems Incorporated                                10.3.181.26        NOTWENDIG
Adobe Flash Player 10 Plugin                Adobe Systems Incorporated                                10.3.181.26        NOTWENDIG
Adobe Premiere Elements 4.0                                                        05.11.2009        4.0                NOTWENDIG
Adobe Premiere Elements 4.0 Templates                                                05.11.2009        4.0.0                NOTWENDIG
Adobe Shockwave Player 11.5                Adobe Systems, Inc.                                        11.5.7.609        NOTWENDIG
Aldi Süd Foto Service 4.6                ORWO Net                                                4.6                NOTWENDIG
ALDI Süd Online Druck Service 4.6        ORWO Net                                                4.6                NOTWENDIG
AnyDVD        SlySoft                                                                                        6.8.8.0                NOTWENDIG
Apple Application Support                Apple Inc.                                22.10.2011        2.1.5                NOTWENDIG
Apple Mobile Device Support                Apple Inc.                                19.11.2011        4.0.0.97        NOTWENDIG
Apple Software Update                        Apple Inc.                                22.10.2011        2.1.3.127        UNNÖTIG ?
Artisteer 3                                Extensoft                                3.0                                NOTWENDIG
ATI Catalyst Install Manager                ATI Technologies, Inc.                        02.05.2010        3.0.762.0        NOTWENDIG
Auerswald COMlist 2.5.2                        Auerswald GmbH & Co.KG                                        2.5.2                NOTWENDIG
Auerswald COMset 2.7.2                        Auerswald GmbH & Co.KG                                        2.7.2                NOTWENDIG
Auerswald COMtools 2.3.2                Auerswald GmbH & Co.KG                                        2.3.2                NOTWENDIG
Auto Gordian Knot 2.55                        len0x                                                        2.55                UNNÖTIG
Avira Antivirus Premium 2012                Avira                                                        12.0.0.877        NOTWENDIG
AviSynth 2.5                                                                                                        UNNÖTIG                               
AVM FRITZ!Box USB-Fernanschluss                AVM Berlin                                                2.2.1.0                NOTWENDIG
Barcode Maker 2.6                                                                                                NOTWENDIG                       
Biet-O-Matic v2.12.5                        BOM Development Team                                        v2.12.5                NOTWENDIG
Bing Maps 3D                                Microsoft Corporation                        23.10.2010        4.0.903.16005        UNNÖTIG
Bonjour                                        Apple Inc.                                18.10.2011        3.0.0.10        NOTWENDIG
CacheStats                                LogicWeave                                25.09.2010        3.0.8                NOTWENDIG
Canon IJ Network Scan Utility                                                                                        NOTWENDIG                       
Canon IJ Network Tool                                                                                                NOTWENDIG                       
Canon Inkjet Printer/Scanner/Fax Extended Survey Program                                                        NOTWENDIG                               
Canon MP Navigator EX 2.1                                                                                        NOTWENDIG       
Canon MX860 series Benutzerregistrierung                                                                        NOTWENDIG                       
Canon MX860 series MP Drivers                                                                                        NOTWENDIG                       
Canon Utilities Easy-PhotoPrint EX                                                                                NOTWENDIG                               
Canon Utilities My Printer                                                                                        NOTWENDIG                       
Canon Utilities Solution Menu                                                                                        NOTWENDIG                               
CBL Daten-Shredder                        CBL Datenrettung GmbH                        16.01.2010        1.0.0                NOTWENDIG
CCleaner                                Piriform                                                3.12                NOTWENDIG
CD-LabelPrint                                                                                                        UNNÖTIG                       
CloneDVDmobile                                SlySoft                                                        1.8.0.0                NOTWENDIG
COMODO Internet Security                COMODO Group Inc.                        23.06.2010        4.1.19277.920        NOTWENDIG ? Oder gibts besseres
CPUID HWMonitor 1.14                                                                25.12.2009                        UNNÖTIG               
CrystalDiskInfo 3.10.0                        Crystal Dew World                        23.01.2011        3.10.0                NOTWENDIG
Deutsche Post E-Porto                        Deutsche Post AG                        09.05.2011        2.1.0                NOTWENDIG
DHTML Editing Component                        Microsoft Corporation                        06.11.2009        6.02.0001        NOTWENDIG
DirSync  2.91                                Stephen Kalisch                                                                NOTWENDIG
Disneys Winnie Puuh - Kindergarten                                                                                NOTWENDIG gibt sonst Ärger mit einer 5 jährigen                       
Disneys Winnie Puuh - Vorschule                                                                                        NOTWENDIG gibt sonst Ärger mit einer 5 jährigen                       
DivX-Setup                                DivX, LLC                                                2.5.0.8                NOTWENDIG
DRAGON 1.6                                PREPAID-USENET LIMITED                                        1.6                ????????? Davon weiß ich nix
Dragon NaturallySpeaking 10                Nuance Communications Inc.                02.02.2011        10.0.200        NOTWENDIG
DVD Decrypter (Remove Only)                                                                                        NOTWENDIG               
DVD Shrink 3.2                                DVD Shrink                                                                NOTWENDIG                       
Ferkels GROSSES ABENTEUER                                                                                        NOTWENDIG gibt sonst Ärger mit einer 5 jährigen       
Firebird 2.1.2.18118 (Win32)                Firebird Project                        06.11.2009        2.1.2.18118        NOTWENDIG                       
Full Tilt Poker                                                                        22.02.2011        4.37.0                UNNÖTIG
Garmin BaseCamp                                Garmin Ltd or its subsidiaries                28.12.2009        2.0.8                NOTWENDIG
Garmin MapSource                        Garmin Ltd or its subsidiaries                28.12.2009        6.15.7.0        NOTWENDIG
Garmin USB Drivers                        Garmin Ltd or its subsidiaries                28.12.2009        2.3.0.0                NOTWENDIG
Garmin WebUpdater                        Garmin Ltd or its subsidiaries                23.10.2010        2.4.2                NOTWENDIG
Garmin WebUpdater                        GARMIN                                                        2.4                NOTWENDIG
GIMP 2.6.7                                                                        06.11.2009                        NOTWENDIG
Google Earth                                Google                                        30.01.2011        6.0.1.2032        NOTWENDIG
GPSoftware Directory Opus                GPSoftware                                05.11.2009        9.1.1.5                NOTWENDIG
Green Line 2 Sprachtrainer                Klett                                        07.11.2009        1.00.000        NOTWENDIG
Green Line 3 Sprachtrainer                Klett                                        05.12.2010        1.00.000        NOTWENDIG
GSAK 7.7.1.34 (Final)                        CWE computer services                        13.06.2010                        NOTWENDIG
HandBrake 0.9.5                                                                                        0.9.5                ?????????
Haufe iDesk-Browser                        Haufe-Lexware GmbH & Co. KG                06.01.2011        10.10.14.0000        NOTWENDIG
Haufe iDesk-Service                        Haufe                                        06.01.2011        10.10.25.7810        NOTWENDIG
HDClone 4 Basic Edition                                                                                                NOTWENDIG
HDD Health v3.3 Beta                                                                25.09.2010                        NOTWENDIG
iCloud                                        Apple Inc.                                19.11.2011        1.0.1.29        NOTWENDIG
IKEA Home Planner                        IKEA IT                                        08.03.2010        2.0.3                UNNÖTIG
ImgBurn                                        LIGHTNING UK!                                06.11.2009        2.4.4.0                UNNÖTIG
InfoRapid KnowledgeMap                        Ingo Straub Softwareentwicklung                                                UNNÖTIG
iPhoneBrowser                                Cranium Consulting and Custom Software        20.11.2011        1.9.3                ?????????
IrfanView (remove only)                                                                                                NOTWENDIG       
iTunes                                        Apple Inc.                                19.11.2011        10.5.1.42        NOTWENDIG
iTwin 3.2 Final                                Stefan Moka                                19.11.2011        3.2 Final        ?????????
Java(TM) 6 Update 21                        Oracle                                        06.01.2011        6.0.210                NOTWENDIG
jetAudio Basic                                COWON                                        26.01.2010        7.5.4                UNNÖTIG
JRE 1.6.1                                Auerswald GmbH & Co.KG                        1.6.1                                NOTWENDIG für Auerswald
K-Lite Codec Pack 5.4.0 (Full)                                                        07.11.2009        5.4.0                NOTWENDIG
Lexware buchhalter 2011                        Haufe-Lexware GmbH & Co.KG                06.01.2011        16.01.00.0075        NOTWENDIG
Lexware Elster                                Lexware GmbH & Co. KG                        06.01.2011        9.10.00.0041        NOTWENDIG
Lexware Info Service                        Haufe-Lexware GmbH & Co.KG                06.01.2011        2.70.00.0081        NOTWENDIG
LightsOut Client                        AxoNet Software GmbH                        10.07.2011        1.5.1.1555        NOTWENDIG (Server Steuerung)
Logitech Harmony Remote Software 7        Logitech                                05.02.2011        7.7.0.0                NOTWENDIG
Logitech SetPoint                        Logitech                                06.11.2009        4.72                NOTWENDIG
MailStore Home 4.1.1.5187                deepinvent Software GmbH                30.01.2011        4.1.1.5187        NOTWENDIG
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        21.11.2011        1.51.2.1300        NOTWENDIG
Map Tuner 1.0.51                        GPS Tuner Ltd.                                                1.0.51                UNNÖTIG
Media Add-ons for Acronis True Image Home 2010        Acronis                                06.11.2009        13.0.5055        NOTWENDIG
MediaCoder 0.7.2.4535                        Broad Intelligence                                        0.7.2.4535        UNNÖTIG
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation                12.10.2011        4.0.30319        NOTWENDIG
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 15.06.2011        4.0.30319        NOTWENDIG
Microsoft GIF Animator                                                                                                NOTWENDIG       
Microsoft Office Live Add-in 1.5        Microsoft Corporation        09.06.2010        0,50MB        2.0.4024.1
Microsoft Office Outlook Connector        Microsoft Corporation        25.02.2010        6,13MB        12.0.6423.1000
Microsoft Office Professional Plus 2010        Microsoft Corporation        09.11.2011                14.0.6029.1000
Microsoft Office Project Professional 2007        Microsoft Corporation        26.10.2011                12.0.6612.1000
Microsoft Silverlight        Microsoft Corporation        12.10.2011        174,2MB        4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        25.02.2010        1,72MB        3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)        Microsoft Corporation        25.02.2010        0,61MB        1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)        Microsoft Corporation        25.02.2010        1,45MB        1.0.1215.0
Microsoft Virtual PC 2007        Microsoft Corporation        10.12.2009        36,8MB        6.0.156.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        10.09.2011        2,62MB        8.0.59193
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        27.03.2010        0,23MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        13.12.2009        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        15.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        24.10.2011        4,75MB        10.0.40219
Microsoft WSE 3.0 Runtime        Microsoft Corp.        06.01.2011        0,92MB        3.0.5305.0

Microsoft : NOTWENDIG ALLES


Mozilla Firefox 8.0 (x86 de)                Mozilla                                                        8.0                NOTWENDIG
MSI to redistribute MS VS2005 CRT libraries        The Firebird Project                06.11.2009        8.0.50727.42        NOTWENDIG
MSXML 4.0 SP2 (KB954430)                Microsoft Corporation                        08.11.2009        4.20.9870.0        NOTWENDIG
MSXML 4.0 SP2 (KB973688)                Microsoft Corporation                        25.11.2009        4.20.9876.0        NOTWENDIG
Napster                                        Napster                                        24.08.2010        4.6.4.0                NOTWENDIG
Nero 9                                        Nero AG                                        12.12.2009                        NOTWENDIG               
Network Notepad 4.6.6                        Jason Green                                                                UNNÖTIG
NirSoft ShellExView                                                                                                ?????????
Nokia Connectivity Cable Driver                Nokia                                        29.04.2011        7.1.36.0        UNNÖTIG
Nokia Ovi Suite                                Nokia                                        29.04.2011        3.0.0.290        UNNÖTIG
Nokia Ovi Suite Software Updater        Nokia Corporation                        29.04.2011        02.06.006.44298        UNNÖTIG
NVIDIA Drivers                                                                                                        NOTWENDIG
Octoshape add-in for Adobe Flash Player                                                                                NOTWENDIG                       
OpenAL                                                                                                                ?????????       
OpenOffice.org 3.1                        OpenOffice.org                                07.11.2009        3.1.9420        NOTWENDIG
Outlook Backup Assistant 5 (Vollversion)        Priotecs IT GmbH                26.06.2011        5                NOTWENDIG
PartyPoker                                PartyGaming                                                                UNNÖTIG               
PC Connectivity Solution                Nokia                                        29.04.2011        10.50.2.0        UNNÖTIG
Personal Backup 5.0                        J. Rathlev                                13.12.2009                        UNNÖTIG               
PixiePack Codec Pack                        None                                        02.05.2010        1.1.1200.0        UNNÖTIG
PlayReady PC Runtime x86                Microsoft Corporation                        28.12.2009        1.3.0                ?????????
PokerStars.net                                PokerStars.net                                                                NOTWENDIG               
Quick Font Review                        Daniel Wischnewski                        07.11.2009                        UNNÖTIG       
QuickSteuer Deluxe 2010                        Haufe-Lexware GmbH & Co. KG                06.01.2011        16.08.00.0002        NOTWENDIG
QuickSteuer Deluxe 2011                        Haufe-Lexware GmbH & Co.KG                21.09.2011        17.05.00.0003        NOTWENDIG
QuickSteuer DELUXE Wissens-Center 2011        Haufe-Lexware GmbH & Co. KG                02.02.2011        17.10.0.0        NOTWENDIG
QuickTime                                Apple Inc.                                01.11.2011        7.71.80.42        NOTWENDIG
RationalPlan Single Project                Stand By Soft Ltd.                                                        UNNÖTIG               
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.                02.05.2010        6.0.1.6083        NOTWENDIG
Recuva (remove only)                        Piriform                                                                NOTWENDIG               
RedMon - Redirection Port Monitor                                                                                ?????????                       
Remote Control USB Driver                                                        05.02.2011        2.3.2.317        ????????? Hier weiß ich nicht, ob es zu Fritz USB Fernanschluss gehört
SecretDrive                                Eterlogic.com                                27.08.2011        2.02                UNNÖTIG
Skype™ for Windows Mobile 3.0                Skype Limited                                                3.0.0.256        NOTWENDIG
SmartFTP Client        SmartSoft Ltd.                                                        09.09.2011        4.0.1213.0        NOTWENDIG
SmartFTP Client 4.0 Setup Files (remove only)        SmartSoft Ltd                                        4.0                NOTWENDIG
SmartFTP Client German (Germany) MUI        SmartSoft Ltd.                                02.10.2011        4.0.1213.0        NOTWENDIG
SmartSound Quicktracks Plugin                SmartSound Software Inc                        08.11.2009        3.0.2.7                ?????????
Sprachtrainer Fonts                        Ernst Klett Verlag GmbH                        07.11.2009        1.00.01                NOTWENDIG
STANLY Track EDDF                        DFS                                                                        NOTWENDIG (Tracker Deutsche Flugsicherung)               
Stellarium 0.10.1                                                                06.11.2009                        UNNÖTIG               
Sun VirtualBox                                Sun Microsystems, Inc.                        29.11.2009        3.0.12                NOTWENDIG
SUPER © Version 2009.bld.36 (June 10, 2009)        eRightSoft                        07.11.2009        2009.bld.36        UNNÖTIG
Supreme Auction                                                                        05.02.2010                        UNNÖTIG
Sweet Home 3D version 3.0                eTeks                                        25.12.2010                        UNNÖTIG
SWFPlayer 2.6.2.0                        Michael Faust, Alpha Interactive        16.11.2009        2.6.2.0                UNNÖTIG
TeamViewer 5                                TeamViewer GmbH                                                5.0.7478        NOTWENDIG
TeamViewer Manager 3                        TeamViewer GmbH                                                                UNNÖTIG               
TeamViewer Manager 5                        TeamViewer GmbH                                                                NOTWENDIG
Telescope Driver                        PixArt                                        29.06.2010        10.30.09        NOTWENDIG
TFA_Nexus                                HMD GmbH                                1.3                                NOTWENDIG
Trapcode 3DStroke Studio                                                                                        ????????? Noch nie gesehen, war sicher nicht da                               
Trapcode Particular Studio                                                                                        ????????? Noch nie gesehen, war sicher nicht da                       
Trapcode Shine Studio                                                                                                ????????? Noch nie gesehen, war sicher nicht da                       
Turbo Lister 2                                eBay Inc.                                06.11.2009        2.00.0000        UNNÖTIG
UltraISO Premium V9.36                                                                23.10.2010                        UNNÖTIG       
Unity Web Player                        Unity Technologies ApS                                                        ?????????               
Vista Start Menu 3.88                        OrdinarySoft                                13.11.2011        3.88                NOTWENDIG
VLC media player 1.0.3                        VideoLAN Team                                1.0.3                                NOTWENDIG
VobSub v2.23 (Remove Only)                                                                                        NOTWENDIG
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)        Garmin                        06/03/2009 2.3.0.0    NOTWENDIG
Windows Home Server-Connector        Microsoft Corporation        27.01.2011        17,5MB        6.0.3436.0                        NOTWENDIG
Windows Live Essentials        Microsoft Corporation        25.02.2010                14.0.8089.0726                                NOTWENDIG
Windows Live ID-Anmelde-Assistent        Microsoft Corporation        09.06.2010        5,52MB        6.500.3165.0                NOTWENDIG
Windows Live Sync        Microsoft Corporation        25.02.2010        2,79MB        14.0.8089.726                                NOTWENDIG
Windows Live-Uploadtool        Microsoft Corporation        25.02.2010        0,22MB        14.0.8014.1029                                NOTWENDIG
Windows Media Player Firefox Plugin        Microsoft Corp        30.05.2010        0,29MB        1.0.0.8                                NOTWENDIG
Windows Mobile-Gerätecenter        Microsoft Corporation        06.11.2009        27,5MB        6.1.6965.0                        NOTWENDIG
Windows Mobile-Gerätecenter: Treiberupdate        Microsoft Corporation        06.11.2009        42,4MB        6.1.6965.0        NOTWENDIG
Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)        MobileTop                        01/26/2008 2.6.0.0UNNÖTIG
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)        Nokia                        08/22/2008 7.0.0.0        UNNÖTIG       
WinHTTrack Website Copier 3.43                HTTrack                                        06.11.2009        3.43.1                NOTWENDIG
Winload Toolbar                                                                                                        ?????????                               
WinRAR                                                                                                                NOTWENDIG
WinSysClean X                                Ultimate Systems, Inc.                        24.07.2010        10.50                UNNÖTIG
WinZip 12.1                                WinZip Computing, S.L.                        06.11.2009        12.1.8519        NOTWENDIG
WISO Mein Geld 2010 Professional        Buhl Data Service GmbH                        07.04.2010                        UNNÖTIG       
WM Capture                                                                                                        UNNÖTIG
WsWin V2.96.7 - 2011-07-01                Werner Krenn                                08.07.2011        2.96.7                NOTWENDIG
X10 Hardware(TM)                                                                                                NOTWENDIG               
xp-AntiSpy 3.97-5                        Christian Taubenheim                                                        NOTWENDIG                       
XviD MPEG4 Video Codec (remove only)                                                                                NOTWENDIG
Vielen Dank und viele Grüße
Rudi

P.S. Bevor der Hinweis (den ich gelesen habe mit der Raubkopiererei) kommt, ich habe für meine Software Lizenzen, die mich eine Menge Geld gekostet haben. Einiges ist veraltet aber funktioniert und neue Lizenzen sind mir im Moment zu teuer.

Spende ist im übrigen schon raus als Dankeschön für die Hilfe bis hierher ! (Best. Nr. 7PJ44560WW395570H)

PPS: Mein Drucker ist aus der Liste der aktiven Drucker verschwunden ! Hab ich eben gerade bemerkt

rlw 23.11.2011 17:15
Hallo,

noch eine Frage. Nach den letzten Malwarebytes und CC Cleaner Aktionen habe ich über Nacht noch ein AVIRA Rescue CD Scan laufen lassen, hier der Log :

Code:
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:        8.2.6.116
VDF Version:        7.11.18.11
Scan start time: Wed Nov 23 00:05:04 2011
configuration file: /etc/avira/scancl.conf

WARNINGS ENTFERNT von rlw


Statistics :
Directories............... : 64903
Archives.................. : 7138
Files..................... : 1867839
Infected.............. : 0
Warnings.............. : 177
Suspicious............ : 0
Infections................ : 0
Nach all den Scans etc. kann ich mein System wieder nutzen oder eher nicht und es folgen noch weitere Aktionen ? Ist nochmal Combofix angesagt, das hat ja beim ersten Mal nicht funktioniert ?

Danke und viele Grüße
Rudi

markusg 23.11.2011 17:26
deinstaliere:
Auto Gordian
AviSynth
Bing
COMODO braucht man eig nicht
DRAGON 1.6
Full Tilt
IKEA
ImgBurn
InfoRapid
iPhoneBrowser
iTwin
Java(TM) 6 Update 21
Download der kostenlosen Java-Software
downloade java jre
deinstaliere:
Map Tuner
Network Notepad
Nokia alle
PartyPoker
PC Connectivity
Personal Backup
PixiePack
Quick Font
RationalPlan Single
SecretDrive Eterlogic
Stellarium
SUPER ©
Supreme
Sweet Home
SWFPlayer
TeamViewer mal auf version 6 upgraden
Trapcode alle

Turbo Lister
UltraISO
Unity
VLC wenn du den hast brauchst du doch eig kein k-lite pack, vlc spielt doch sowieso alles ab
Winload
WinSysClean
WISO
WM Capture
XviD brauchst dann eig auch nicht beim vlc

rlw 23.11.2011 17:38
Ok und dann ? Geht nur darum, wie ich meine Arbeit organisiere und wann ich den PC wieder nutzen kann.

Ich weiß, dass Du das nicht mit Sicherheit sagen können wirst, aber ungefähr und wie nah wir einer Lösung sind.

Danke und viele Grüße
Rudi

markusg 23.11.2011 17:41
dann sind wir fertig.

rlw 23.11.2011 19:14
Hallo nochmal,

habe wie empfohlen deinstalliert und update durchgeführt, wo empfohlen.

Wie ich verstanden habe sind wir damit fertig :applaus:

Nur noch 2 Fragen :

1. Warum ist mein Drucker verschwunden ? (habe im Druckerordner auch den Haken gesetzt verstecktes anzuzeigen, jedoch ohne effekt)

2. Ein Teil meiner Notification Icons neben der Uhr verschwinden immer wieder, obwohl der Prozess laut Taskman läuft, woran kann das liegen ? Gibt es ein zuverlässiges Tool, das diesen Fehler behebt (habe die ganze Zeit die Shareware TaskbarRepairToolPlus! benutzt) ?

OTL etc. die Tools, die wir nun im Prozess der Rettung genutzt haben, kann ich diese wieder deinstallieren und entfernen ?


HERZLICHEN DANK nochmals für die gute Betreuung, die einfachen Anleitungen und die Mühe ! :daumenhoc

Viele Grüße
Rudi

markusg 23.11.2011 19:21
öffne otl klicke bereinigung.
pc startet neu löscht einiges an tools, die die nicht gelöscht wurden per hand entfernen.
hast du schon eingestellt wann die symbole angezeigt werden sollen
bei anpassen geht das.

rlw 23.11.2011 19:27
Hi,

ja, das war das erste, was ich geschaut habe, habe immer alle anzeigen eingeschalten.

mach das gleich mit OTL, hab gerade mal CCleaner aufräumen lassen.

Viele Grüße
RUdi

markusg 23.11.2011 19:43
solltest vllt auch mal den autostart aufräumen
start ausführen msconfig
enter
systemstart
eig muss nur avira (avgnt) automatisch starten, nimm mal alle andern haken raus und klicke auf ok
pc startet neu
evtl. musst du dann was dir fehlt wieder rein nehmen aber eig kann man das meiste manuell starten.

rlw 23.11.2011 19:50
Autostart räume ich von Zeit zu Zeit mit Autoruns auf. Ist ne gute Idee.

Danke nochmal und viele Grüße
Rudi

markusg 23.11.2011 19:51
wieso autoruns, dafür braucht man kein extra programm :d
msconfig ist bereits ein beigelegtes system programm

rlw 23.11.2011 19:54
Ich stimme Dir zu. Vorteil von Autoruns ist IMHO die Übersicht und ich habe die Erfahrung gemacht, dass manche Sachen sich durch msconfig nicht endgültig aus dem Autostart verabschieden lassen, Autoruns hat hier immer erfolg und bietet noch eine Backup Funktion. Ist wahrscheinlich Geschmackssache.

Ist die Drucker atomisierung Folge des ungebetenen Gastes oder der Rettung ?

Viele Grüße
Rudi

markusg 23.11.2011 20:21
kann sein das combofix schuld ist, mal drucker neu instalieren sollte dann wieder klappen

rlw 23.11.2011 20:29
Hab ich gemacht, hat funktioniert.

Danke nochmal, ich lass Dich mal den anderen helfen.

Viele Grüße
Rudi :dankeschoen:

markusg 23.11.2011 20:38
naja soll schon vernünftig laufen alles :-)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:28 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130