Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir (https://www.trojaner-board.de/109724-computer-gesperrt-sicherheitsgruenden-50-euro-zahlen-mir.html)

iris089 12.02.2012 19:38
Der Computer ist gesperrt, "aus Sicherheitsgründen", ich soll 50 Euro zahlen auch bei mir
 
Hallo,

auch bei mir das problem. Windows lies sich nicht nach einigen eigenen Versuchen das Problem zu lösen nicht mehr booten und hat einen Systemrückstellpunkt genommen. Es funktiniert das Internet. Ich hab einen scan mit OTL gemacht:
Code:
OTL Extras logfile created on: 12.02.2012 19:05:14 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Schnuffi\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.84% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.41 Gb Total Space | 1.96 Gb Free Space | 0.73% Space Free | Partition Type: NTFS
Drive D: | 28.67 Gb Total Space | 17.45 Gb Free Space | 60.86% Space Free | Partition Type: FAT32
Drive E: | 4.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: TOBI-BIANCA-PC | User Name: Schnuffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames(tm)
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139D}" = FUSSBALL MANAGER 2005
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7300EA4C-3489-4ABB-AF80-CFAF0C02F03C}" = phase6_19_download
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A43B8D30-B46F-11D5-A54F-0090278A1BB8}" = Office XP Web Services Toolkit [CD]
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton™ Security Scan
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.1.7a
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"7-Zip" = 7-Zip 4.42
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"AllemeineAdressen" = Alle meine Adressen 1.20
"Any Video Converter_is1" = Any Video Converter 3.0.7
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ClickOff_is1" = ClickOff version 1.82
"CloneSpy" = CloneSpy 2.41
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Latinum in fenestris" = Latinum in fenestris
"LetsTrade" = LetsTrade Komponenten
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PicGrab_is1" = PicGrab 2.7.8
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Player_is1" = Riva FLV Player
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Saitek Dual Analog Rumble Pad" = Saitek Dual Analog Rumble Pad
"SchulwegPlaner" = SchulwegPlaner
"Skype_is1" = eBay.de - Skype 3.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = Daten-Konvertierer
"SystemRequirementsLab" = System Requirements Lab
"The Times - Exclusive Tomb Raider Level" = The Times - Exclusive Tomb Raider Level
"TweakNow RegCleaner Standard_is1" = TweakNow RegCleaner Standard
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"YouRipper230" = YouRipper
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Sansa Updater" = Sansa Updater
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Ich hoffe jemand kann mir helfen.

markusg 12.02.2012 19:39
hi, otl.txt fehlt noch :-)

iris089 12.02.2012 19:47
Sorry:
Code:
OTL logfile created on: 12.02.2012 19:05:14 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Schnuffi\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 47.84% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.41 Gb Total Space | 1.96 Gb Free Space | 0.73% Space Free | Partition Type: NTFS
Drive D: | 28.67 Gb Total Space | 17.45 Gb Free Space | 60.86% Space Free | Partition Type: FAT32
Drive E: | 4.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: TOBI-BIANCA-PC | User Name: Schnuffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.12 19:02:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe
PRC - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.10.28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.07.08 22:10:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.30 14:29:15 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.08 15:42:05 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010.11.19 10:20:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.02.23 11:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe
PRC - [2007.02.08 19:14:26 | 000,127,059 | ---- | M] () -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2006.12.23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.05.22 09:59:22 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.05.14 05:23:40 | 000,138,752 | ---- | M] () -- C:\Programme\7-Zip\7-zip.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.08 22:10:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.30 14:29:15 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.15 09:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.02.27 06:19:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007.02.23 11:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.02.08 19:14:26 | 000,299,093 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.02.08 19:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.10.28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.07.08 22:10:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.08 22:10:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.09.15 09:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 03:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010.01.12 05:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.13 02:22:01 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.03.13 02:21:56 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.01.08 18:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.10.18 17:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006.10.17 20:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.14 21:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.14 21:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.12 18:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 16:35:52 | 000,000,000 | ---D | M]
 
[2010.03.01 01:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Extensions
[2012.02.05 19:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions
[2012.01.08 12:48:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.05.01 23:26:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.01 01:51:26 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.11.19 16:19:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.12.14 21:51:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.03.01 01:51:24 | 000,000,000 | ---D | M] ("TurnTool Viewer") -- C:\Users\Schnuffi\AppData\Roaming\mozilla\Firefox\Profiles\6d5ta91q.default\extensions\turntoolviewer@turntool.com
[2011.11.13 09:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.02 12:56:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.29 16:35:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.07 17:26:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.07 17:26:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.07 17:26:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.07 17:26:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 17:26:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.07 17:26:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Schnuffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Schnuffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
 
O1 HOSTS File: ([2011.10.31 22:38:24 | 000,438,536 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 127.0.0.1        136136.net
O1 - Hosts: 127.0.0.1        www.163ns.com
O1 - Hosts: 15085 more lines...
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [KiesTrayAgent]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4465DD0-050B-4310-B1B1-F1BD48C106DC}: NameServer = 62.109.123.196 213.191.74.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{45da2ac8-db01-11db-a79d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{45da2ac8-db01-11db-a79d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{8b0aa8ff-61bb-11e0-993c-f76ba6fbafd5}\Shell - "" = AutoRun
O33 - MountPoints2\{8b0aa8ff-61bb-11e0-993c-f76ba6fbafd5}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Bärli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClickOff.lnk - C:\Programme\ClickOff\Clickoff.exe - ()
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BullGuard - hkey= - key= -  File not found
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SansaDispatch - hkey= - key= - C:\Users\Schnuffi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TVBroadcast - hkey= - key= - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
MsConfig - StartUpReg: TVEService - hkey= - key= - C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 19:02:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe
[2012.02.12 18:27:39 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Local\ElevatedDiagnostics
[2012.02.07 22:09:29 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.02.07 22:08:16 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\AppData\Roaming\WindSolutions
[2012.01.14 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Schnuffi\Documents\Iris Dokumente
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Users\Schnuffi\Documents\*.tmp files -> C:\Users\Schnuffi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 19:02:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Schnuffi\Desktop\OTL.exe
[2012.02.12 18:51:59 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 18:51:59 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 18:44:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 18:44:03 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.12 18:42:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 18:42:38 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.09 22:36:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.09 12:59:45 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 12:59:45 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.09 12:59:44 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 12:59:44 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.07 22:09:29 | 000,001,385 | ---- | M] () -- C:\Users\Schnuffi\Desktop\CopyTrans Control Center.lnk
[2012.02.06 22:54:03 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.02.06 22:54:03 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.04 12:21:06 | 000,107,346 | ---- | M] () -- C:\Users\Schnuffi\Desktop\Baustelle.jpg
[2012.02.03 15:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2012.01.29 18:52:13 | 000,094,061 | ---- | M] () -- C:\Users\Schnuffi\Desktop\patientenumfrage_07.pdf
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 08:32:55 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[15 C:\Users\Schnuffi\Documents\*.tmp files -> C:\Users\Schnuffi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 22:09:29 | 000,001,385 | ---- | C] () -- C:\Users\Schnuffi\Desktop\CopyTrans Control Center.lnk
[2012.02.07 17:54:57 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.04 12:21:03 | 000,107,346 | ---- | C] () -- C:\Users\Schnuffi\Desktop\Baustelle.jpg
[2012.01.29 18:52:13 | 000,094,061 | ---- | C] () -- C:\Users\Schnuffi\Desktop\patientenumfrage_07.pdf
[2011.11.03 22:41:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.11.03 22:41:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.08 17:20:20 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.24 19:39:56 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.02 21:32:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.02 21:32:24 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010.04.02 00:22:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.04.02 00:22:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.03.01 02:07:04 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010.02.17 01:45:00 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.17 01:44:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.02.17 01:44:57 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.02.17 01:44:57 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.17 01:44:57 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.17 01:44:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.22 10:01:06 | 000,005,120 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2009.12.22 10:01:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2009.12.22 10:01:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2009.10.23 16:57:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,643,628 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,539,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,606,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,103,370 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.03.13 02:22:01 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.03.13 02:21:56 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.04.29 22:03:50 | 000,048,592 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\NMM-MetaData.db
[2008.04.07 11:56:55 | 000,691,545 | ---- | C] () -- C:\Windows\unins000.exe
[2008.04.07 11:56:54 | 000,002,546 | ---- | C] () -- C:\Windows\unins000.dat
[2007.11.20 23:01:19 | 000,000,088 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\Default.PLS
[2007.10.15 15:15:36 | 000,000,071 | ---- | C] () -- C:\Windows\System32\Reglat.ini
[2007.05.17 12:55:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.05.17 12:55:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2007.03.30 22:57:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.03.30 22:18:05 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007.03.30 22:17:55 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2007.03.30 22:17:50 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007.03.29 19:27:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.03.25 21:34:31 | 000,000,000 | ---- | C] () -- C:\Users\Schnuffi\AppData\Roaming\wklnhst.dat
[2007.02.26 17:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 17:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 16:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 15:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 14:59:01 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007.02.09 14:32:51 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.02.09 14:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.03.01 00:50:56 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2010.11.20 00:34:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.03.01 02:09:45 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2009.01.04 16:38:21 | 000,000,000 | ---D | M] -- C:\AllDupBackup
[2010.03.01 01:14:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.03.25 20:11:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Downloads
[2007.03.30 22:17:44 | 000,000,000 | ---D | M] -- C:\KPCMS
[2007.02.10 15:01:11 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.02.17 00:54:37 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.31 22:58:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.01 10:38:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.03.25 20:11:47 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.01 09:36:33 | 000,000,000 | -HSD | M] -- C:\Recovery
[2007.02.16 14:38:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.02.12 19:08:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.28 18:53:08 | 000,000,000 | ---D | M] -- C:\Temp
[2010.08.02 05:32:48 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.12 18:41:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2007.09.18 18:38:06 | 001,563,553 | ---- | M] () -- C:\Users\Schnuffi\BOS12Ch0708Rä_Chemi_Skript.PDF
[2009.03.08 12:47:26 | 001,189,376 | -HS- | M] () -- C:\Users\Schnuffi\ehthumbs_vista.db
[2008.01.29 18:55:32 | 002,086,400 | ---- | M] () -- C:\Users\Schnuffi\English Bild.doc
[2010.12.23 16:40:04 | 000,001,673 | ---- | M] () -- C:\Users\Schnuffi\GeoGebra Forum.lnk
[2010.12.23 16:40:04 | 000,001,786 | ---- | M] () -- C:\Users\Schnuffi\GeoGebra.lnk
[2010.12.23 16:40:04 | 000,001,691 | ---- | M] () -- C:\Users\Schnuffi\GeoGebraWiki (German).lnk
[2010.12.23 16:40:04 | 000,001,705 | ---- | M] () -- C:\Users\Schnuffi\GeoGebraWiki (International).lnk
[2008.01.24 20:59:33 | 000,373,957 | ---- | M] () -- C:\Users\Schnuffi\img034.jpg
[2008.01.24 21:00:14 | 000,480,053 | ---- | M] () -- C:\Users\Schnuffi\img035.jpg
[2008.01.24 21:00:23 | 001,134,232 | ---- | M] () -- C:\Users\Schnuffi\img036.jpg
[2008.01.24 21:00:32 | 000,561,107 | ---- | M] () -- C:\Users\Schnuffi\img037.jpg
[2008.01.24 21:00:39 | 001,045,067 | ---- | M] () -- C:\Users\Schnuffi\img038.jpg
[2008.01.24 21:00:48 | 000,495,948 | ---- | M] () -- C:\Users\Schnuffi\img039.jpg
[2008.01.24 21:00:55 | 000,332,383 | ---- | M] () -- C:\Users\Schnuffi\img040.jpg
[2008.01.24 21:01:00 | 000,386,606 | ---- | M] () -- C:\Users\Schnuffi\img041.jpg
[2008.01.28 19:39:46 | 000,545,017 | ---- | M] () -- C:\Users\Schnuffi\L1 seite1.jpg
[2008.01.28 19:39:53 | 000,554,412 | ---- | M] () -- C:\Users\Schnuffi\L2seite2.jpg
[2012.02.12 19:20:05 | 008,650,752 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat
[2012.02.12 19:20:05 | 000,262,144 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat.LOG1
[2010.03.01 01:22:35 | 000,000,000 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat.LOG2
[2010.03.01 01:22:37 | 000,065,536 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.03.01 01:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.03.01 01:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.02.12 18:43:11 | 000,065,536 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TM.blf
[2012.02.12 18:43:11 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TMContainer00000000000000000001.regtrans-ms
[2012.02.12 18:43:12 | 000,524,288 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.dat{f09d9330-55a0-11e1-937f-a7ebcf3716c7}.TMContainer00000000000000000002.regtrans-ms
[2010.05.01 11:29:32 | 000,000,020 | -HS- | M] () -- C:\Users\Schnuffi\ntuser.ini
[2007.05.21 08:19:26 | 010,626,048 | ---- | M] () -- C:\Users\Schnuffi\Physik-Referat - Der Verbrennungsmotor_v2.ppt
[2008.01.29 22:13:54 | 002,246,279 | ---- | M] () -- C:\Users\Schnuffi\Scannen0002.jpg
[2008.01.29 22:14:08 | 001,666,326 | ---- | M] () -- C:\Users\Schnuffi\Scannen0003.jpg
[2008.01.29 22:14:13 | 000,312,282 | ---- | M] () -- C:\Users\Schnuffi\Scannen0004.jpg
[2008.05.02 19:59:45 | 007,202,504 | ---- | M] () -- C:\Users\Schnuffi\Technologie.pdf
[2008.01.28 19:38:04 | 000,526,426 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite30.jpg
[2008.01.28 19:38:25 | 000,540,945 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite31.jpg
[2008.01.28 19:39:00 | 000,562,417 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite32.jpg
[2008.01.28 19:38:42 | 000,567,337 | ---- | M] () -- C:\Users\Schnuffi\Test1 Seite33.jpg
[2008.01.28 19:38:53 | 000,602,510 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite53.jpg
[2008.01.28 19:39:13 | 000,707,904 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite54.jpg
[2008.01.28 19:39:29 | 000,578,760 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite55.jpg
[2008.01.28 19:39:37 | 000,525,344 | ---- | M] () -- C:\Users\Schnuffi\Test2 Seite56.jpg
[2011.08.21 10:38:11 | 000,313,856 | -HS- | M] () -- C:\Users\Schnuffi\Thumbs.db
[2010.12.23 16:40:04 | 000,001,665 | ---- | M] () -- C:\Users\Schnuffi\www.geogebra.org.lnk
[2007.05.27 23:23:37 | 000,001,074 | RH-- | M] () -- C:\Users\Schnuffi\XrxWm.ini
[2007.05.27 23:23:36 | 000,000,522 | RH-- | M] () -- C:\Users\Schnuffi\xw45cpdy.dyc
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

markusg 12.02.2012 19:53
öffne malwarebytes, logdateien, poste alle berichte.

iris089 12.02.2012 20:10
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8051

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.02.2012 17:48:44
mbam-log-2012-02-12 (17-48-44).txt

Scan type: Quick scan
Objects scanned: 204405
Time elapsed: 15 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Schnuffi\downloads\pantsoff.exe (PUP.PSWFinder) -> Quarantined and deleted successfully.
und

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Schnuffi :: TOBI-BIANCA-PC [administrator]

12.02.2012 19:53:26
mbam-log-2012-02-12 (19-53-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220912
Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Schnuffi\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\Schnuffi\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Quarantined and deleted successfully.

(end)

markusg 12.02.2012 20:43
hi,
neustarten, f8 drücken abgesicherter modus mit netzwerk wählen, im betroffenen konto anmelden, dort geht das internet.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

iris089 13.02.2012 00:09
Code:
ComboFix 12-02-12.01 - Schnuffi 12.02.2012  23:34:39.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2046.1083 [GMT 1:00]
ausgeführt von:: c:\users\Schnuffi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Public\20070809
c:\users\Public\20070809\Balies.jpg
c:\users\Public\20070809\Bei tobi tantd u onkel 3.3gp
c:\users\Public\20070809\Bei tobi tante u onkel 2.3gp
c:\users\Public\20070809\Bei tobi tante u onkel.3gp
c:\users\Public\20070809\Bei tobis mum 1.3gp
c:\users\Public\20070809\Bei tobis mum 2.3gp
c:\users\Public\20070809\Bei tobis mum 3.3gp
c:\users\Public\20070809\Bei tobis mum 4.3gp
c:\users\Public\20070809\Bild000.jpg
c:\users\Public\20070809\Bild001.jpg
c:\users\Public\20070809\Bild002.jpg
c:\users\Public\20070809\Bild003.jpg
c:\users\Public\20070809\Bild004.jpg
c:\users\Public\20070809\Bild005.jpg
c:\users\Public\20070809\Bild006.jpg
c:\users\Public\20070809\Bild007.jpg
c:\users\Public\20070809\Bild008.jpg
c:\users\Public\20070809\Bild009.jpg
c:\users\Public\20070809\Bild010.jpg
c:\users\Public\20070809\Bild011.jpg
c:\users\Public\20070809\Bild012.jpg
c:\users\Public\20070809\Bild013.jpg
c:\users\Public\20070809\Bild014.jpg
c:\users\Public\20070809\Bild015.jpg
c:\users\Public\20070809\Bild016.jpg
c:\users\Public\20070809\Bild017.jpg
c:\users\Public\20070809\Bild018.jpg
c:\users\Public\20070809\Bild019.jpg
c:\users\Public\20070809\Bild020.jpg
c:\users\Public\20070809\Bild021.jpg
c:\users\Public\20070809\Bild022.jpg
c:\users\Public\20070809\Bild023.jpg
c:\users\Public\20070809\Bild024.jpg
c:\users\Public\20070809\Bild025.jpg
c:\users\Public\20070809\Bild026.jpg
c:\users\Public\20070809\Bild027.jpg
c:\users\Public\20070809\Bild028.jpg
c:\users\Public\20070809\Bild029.jpg
c:\users\Public\20070809\Bild030.jpg
c:\users\Public\20070809\Bild031.jpg
c:\users\Public\20070809\Bild032.jpg
c:\users\Public\20070809\Bild033.jpg
c:\users\Public\20070809\Bild034.jpg
c:\users\Public\20070809\Bild035(1).jpg
c:\users\Public\20070809\Bild035.jpg
c:\users\Public\20070809\Bild036.jpg
c:\users\Public\20070809\Bild037.jpg
c:\users\Public\20070809\Bild038.jpg
c:\users\Public\20070809\Bild039.jpg
c:\users\Public\20070809\Bild040.jpg
c:\users\Public\20070809\Bild041.jpg
c:\users\Public\20070809\Bild042.jpg
c:\users\Public\20070809\Bild043.jpg
c:\users\Public\20070809\Bild044.jpg
c:\users\Public\20070809\Bild045.jpg
c:\users\Public\20070809\Bild046.jpg
c:\users\Public\20070809\Bild047.jpg
c:\users\Public\20070809\Bild048.jpg
c:\users\Public\20070809\Bild049.jpg
c:\users\Public\20070809\Bild050.jpg
c:\users\Public\20070809\Bild051.jpg
c:\users\Public\20070809\Bild052.jpg
c:\users\Public\20070809\Bild053.jpg
c:\users\Public\20070809\Bild054.jpg
c:\users\Public\20070809\Bild055.jpg
c:\users\Public\20070809\Bild056.jpg
c:\users\Public\20070809\Bild057.jpg
c:\users\Public\20070809\Bild058.jpg
c:\users\Public\20070809\Bild059.jpg
c:\users\Public\20070809\Bild060.jpg
c:\users\Public\20070809\Bild061.jpg
c:\users\Public\20070809\Bild062.jpg
c:\users\Public\20070809\Bild063.jpg
c:\users\Public\20070809\Bild064.jpg
c:\users\Public\20070809\Bild065.jpg
c:\users\Public\20070809\Bild066.jpg
c:\users\Public\20070809\Bild067.jpg
c:\users\Public\20070809\Bild068.jpg
c:\users\Public\20070809\Bild069.jpg
c:\users\Public\20070809\Bild070.jpg
c:\users\Public\20070809\Bild071.jpg
c:\users\Public\20070809\Bild072.jpg
c:\users\Public\20070809\Bild073.jpg
c:\users\Public\20070809\Bild074.jpg
c:\users\Public\20070809\Bild075.jpg
c:\users\Public\20070809\Bild076.jpg
c:\users\Public\20070809\Bild077.jpg
c:\users\Public\20070809\Bild078.jpg
c:\users\Public\20070809\Bild079.jpg
c:\users\Public\20070809\Bild080.jpg
c:\users\Public\20070809\Bild081.jpg
c:\users\Public\20070809\Bild082.jpg
c:\users\Public\20070809\Bild083.jpg
c:\users\Public\20070809\Bild084.jpg
c:\users\Public\20070809\Bild085.jpg
c:\users\Public\20070809\Bild086.jpg
c:\users\Public\20070809\Bild087.jpg
c:\users\Public\20070809\Bild088.jpg
c:\users\Public\20070809\Bild089.jpg
c:\users\Public\20070809\Bild090.jpg
c:\users\Public\20070809\Bild091.jpg
c:\users\Public\20070809\Bild092.jpg
c:\users\Public\20070809\Bild093.jpg
c:\users\Public\20070809\Bild094.jpg
c:\users\Public\20070809\Bild095.jpg
c:\users\Public\20070809\Bild096.jpg
c:\users\Public\20070809\Bild097.jpg
c:\users\Public\20070809\Bild098.jpg
c:\users\Public\20070809\Bild099.jpg
c:\users\Public\20070809\Bild100.jpg
c:\users\Public\20070809\Bild101.jpg
c:\users\Public\20070809\Bild102.jpg
c:\users\Public\20070809\Bild103.jpg
c:\users\Public\20070809\Bild104.jpg
c:\users\Public\20070809\Bild105.jpg
c:\users\Public\20070809\Bild106.jpg
c:\users\Public\20070809\Bild107.jpg
c:\users\Public\20070809\Bild108.jpg
c:\users\Public\20070809\Bild109.jpg
c:\users\Public\20070809\Bild110.jpg
c:\users\Public\20070809\Bild111.jpg
c:\users\Public\20070809\Bild112.jpg
c:\users\Public\20070809\Bild113.jpg
c:\users\Public\20070809\Bild114.jpg
c:\users\Public\20070809\Bild115.jpg
c:\users\Public\20070809\Bild116.jpg
c:\users\Public\20070809\Bild117.jpg
c:\users\Public\20070809\Bild118.jpg
c:\users\Public\20070809\Bild119.jpg
c:\users\Public\20070809\Bild120.jpg
c:\users\Public\20070809\Bild121.jpg
c:\users\Public\20070809\Bild122.jpg
c:\users\Public\20070809\Bild123.jpg
c:\users\Public\20070809\Bild124.jpg
c:\users\Public\20070809\Bild125.jpg
c:\users\Public\20070809\Bild126.jpg
c:\users\Public\20070809\Bild127.jpg
c:\users\Public\20070809\Bild128.jpg
c:\users\Public\20070809\Bild129.jpg
c:\users\Public\20070809\Bild130.jpg
c:\users\Public\20070809\Bild131.jpg
c:\users\Public\20070809\Bild132.jpg
c:\users\Public\20070809\Bild133.jpg
c:\users\Public\20070809\Bild134.jpg
c:\users\Public\20070809\Bild135.jpg
c:\users\Public\20070809\Bild136.jpg
c:\users\Public\20070809\Bild137.jpg
c:\users\Public\20070809\Bild138.jpg
c:\users\Public\20070809\Bild139.jpg
c:\users\Public\20070809\Bild140.jpg
c:\users\Public\20070809\Bild141.jpg
c:\users\Public\20070809\Bild142.jpg
c:\users\Public\20070809\Bild143.jpg
c:\users\Public\20070809\Bild144.jpg
c:\users\Public\20070809\Bild145.jpg
c:\users\Public\20070809\Bild146.jpg
c:\users\Public\20070809\Bärli schlafend.jpg
c:\users\Public\20070809\Deu-tun in köln.jpg
c:\users\Public\20070809\Foto(006)(1).jpg
c:\users\Public\20070809\Foto(006).jpg
c:\users\Public\20070809\Foto(033).jpg
c:\users\Public\20070809\Foto(040).jpg
c:\users\Public\20070809\Foto(163).jpg
c:\users\Public\20070809\Foto(165).jpg
c:\users\Public\20070809\Foto(192).jpg
c:\users\Public\20070809\Foto(238).jpg
c:\users\Public\20070809\Foto(243).jpg
c:\users\Public\20070809\Foto(251).jpg
c:\users\Public\20070809\Foto(266).jpg
c:\users\Public\20070809\Foto(268).jpg
c:\users\Public\20070809\Foto(288).jpg
c:\users\Public\20070809\Foto(303).jpg
c:\users\Public\20070809\Foto(305).jpg
c:\users\Public\20070809\Foto(306).jpg
c:\users\Public\20070809\Foto(308).jpg
c:\users\Public\20070809\Foto(312).jpg
c:\users\Public\20070809\Foto(313).jpg
c:\users\Public\20070809\Foto(314).jpg
c:\users\Public\20070809\Foto(320).jpg
c:\users\Public\20070809\Foto(321).jpg
c:\users\Public\20070809\Frame1.png
c:\users\Public\20070809\Frame2.png
c:\users\Public\20070809\Frame3.png
c:\users\Public\20070809\Fuchs2.jpg
c:\users\Public\20070809\Ich beim kabatrinken.3gp
c:\users\Public\20070809\Innsbruck.jpg
c:\users\Public\20070809\Ludwig u herbert.jpg
c:\users\Public\20070809\Mami.jpg
c:\users\Public\20070809\Rudi.jpg
c:\users\Public\20070809\Video(011).3gp
c:\users\Public\20070809\Video(011)000.3gp
c:\users\Public\20070809\Video002.3gp
c:\users\Public\20070809\Video003.3gp
c:\users\Public\20070809\Video004.3gp
c:\users\Public\20070809\Video005.3gp
c:\users\Public\20070809\Video019.3gp
c:\users\Public\20070809\Video022.3gp
c:\users\Public\20070809\Zoi mit bärli.jpg
c:\users\Schnuffi\4.0
c:\users\Schnuffi\Documents\~WRL0031.tmp
c:\users\Schnuffi\Documents\~WRL0049.tmp
c:\users\Schnuffi\Documents\~WRL0250.tmp
c:\users\Schnuffi\Documents\~WRL0294.tmp
c:\users\Schnuffi\Documents\~WRL0798.tmp
c:\users\Schnuffi\Documents\~WRL1562.tmp
c:\users\Schnuffi\Documents\~WRL1573.tmp
c:\users\Schnuffi\Documents\~WRL1989.tmp
c:\users\Schnuffi\Documents\~WRL2178.tmp
c:\users\Schnuffi\Documents\~WRL2532.tmp
c:\users\Schnuffi\Documents\~WRL2865.tmp
c:\users\Schnuffi\Documents\~WRL3189.tmp
c:\users\Schnuffi\Documents\~WRL3439.tmp
c:\users\Schnuffi\Documents\~WRL3589.tmp
c:\users\Schnuffi\Documents\~WRL3907.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-12 bis 2012-02-12  ))))))))))))))))))))))))))))))
.
.
2012-02-12 22:44 . 2012-02-12 22:45        --------        d-----w-        c:\users\Schnuffi\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44        --------        d-----w-        c:\users\Tobi\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-12 22:44 . 2012-02-12 22:44        --------        d-----w-        c:\users\Bärli\AppData\Local\temp
2012-02-12 22:39 . 2012-02-12 22:39        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{691A653E-BBB5-4CEF-8AEF-D717F5732B25}\offreg.dll
2012-02-12 17:53 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{691A653E-BBB5-4CEF-8AEF-D717F5732B25}\mpengine.dll
2012-02-12 17:27 . 2012-02-12 17:27        --------        d-----w-        c:\users\Schnuffi\AppData\Local\ElevatedDiagnostics
2012-02-07 21:08 . 2012-02-07 21:10        --------        d-----w-        c:\users\Schnuffi\AppData\Roaming\WindSolutions
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-04 00:25        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-10 14:24 . 2011-10-31 16:35        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-24 04:23 . 2011-12-14 11:02        2340352        ----a-w-        c:\windows\system32\win32k.sys
2011-11-19 14:06 . 2012-01-11 16:40        67072        ----a-w-        c:\windows\system32\packager.dll
2011-11-17 05:48 . 2012-01-13 07:30        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:48 . 2012-01-13 07:30        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:42 . 2012-01-13 07:30        369352        ----a-w-        c:\windows\system32\drivers\cng.sys
2011-11-17 05:41 . 2012-01-11 16:40        1288984        ----a-w-        c:\windows\system32\ntdll.dll
2011-11-17 05:39 . 2012-01-13 07:30        314368        ----a-w-        c:\windows\system32\webio.dll
2011-11-17 05:39 . 2012-01-13 07:30        99840        ----a-w-        c:\windows\system32\sspicli.dll
2011-11-17 05:39 . 2012-01-13 07:30        15360        ----a-w-        c:\windows\system32\sspisrv.dll
2011-11-17 05:39 . 2012-01-13 07:30        224768        ----a-w-        c:\windows\system32\schannel.dll
2011-11-17 05:39 . 2012-01-13 07:30        22016        ----a-w-        c:\windows\system32\secur32.dll
2011-11-17 05:38 . 2012-01-13 07:30        1037312        ----a-w-        c:\windows\system32\lsasrv.dll
2011-11-17 05:36 . 2012-01-13 07:30        22528        ----a-w-        c:\windows\system32\lsass.exe
2012-02-02 11:56 . 2011-03-24 09:02        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-28 22:11        191488        ------w-        c:\program files\Yontoo Layers\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-19 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Bärli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ClickOff.lnk]
backup=c:\windows\pss\ClickOff.lnk.Startup
backupExtension=.Startup
path=c:\users\Bärli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClickOff.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-10-28 18:35        1187072        ----a-w-        c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57        948672        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15        63360        ----a-w-        c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17        1226608        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-02-27 05:19        220160        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-03-17 21:07        896912        ----a-w-        c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-03-17 21:07        19872        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-03-17 21:07        3373456        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55        54832        ----a-w-        c:\program files\Home Cinema\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40        155648        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10        56928        ----a-w-        c:\program files\Home Cinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-12-01 12:37        4186112        ----a-w-        c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-04-17 00:18        79872        ----a-w-        c:\users\Schnuffi\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
2007-02-23 13:44        779776        ----a-w-        c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-02-08 18:13        155648        ----a-w-        c:\program files\Home Cinema\TV Enhance\TVEService.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-10-28 15232]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2010-04-27 100352]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-10-28 64512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-15 217088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-02-23 1509888]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-01-11 240232]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-15 36640]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-28 18:35]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 20:55]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-14 20:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{A4465DD0-050B-4310-B1B1-F1BD48C106DC}: NameServer = 62.109.123.7 213.191.92.86
TCP: Interfaces\{A839DD66-1EBE-4FBE-B82D-6E1E6E753820}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Schnuffi\AppData\Roaming\Mozilla\Firefox\Profiles\6d5ta91q.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-KiesTrayAgent - (no file)
MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-Adobe Photoshop 5.5 - c:\windows\ISUN0407.EXE
AddRemove-Latinum in fenestris - c:\windows\unin0407.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-12  23:49:07
ComboFix-quarantined-files.txt  2012-02-12 22:49
.
Vor Suchlauf: 2,390,745,088 Bytes frei
Nach Suchlauf: 2,209,312,768 Bytes frei
.
- - End Of File - - 1FDCFE2AC898957178F0F17018D2796D

markusg 13.02.2012 11:40
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

iris089 13.02.2012 22:36
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.13.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Schnuffi :: TOBI-BIANCA-PC [administrator]

13.02.2012 19:22:25
mbam-log-2012-02-13 (19-22-25).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 517707
Time elapsed: 3 hour(s), 10 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

markusg 14.02.2012 12:13
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

wenn fertig, melden bitte

iris089 15.02.2012 00:48
Hat lang gedauert. Ist erledigt.

markusg 15.02.2012 11:13
jo, wenn man keine updates instaliert bzw automatisch instalieren lässt, fällt halt ne menge an.
mit der jetzigen konfiguration wirds immer schnell gehen mit dem updaten.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.15.1643
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

iris089 15.02.2012 23:50
Hier ist die Liste. Erwähnenswert ist noch das der Rechner seit der benutzung von combofix extrem träge und langsam ist. Woran könnte das liegen?



Code:
7-Zip 4.42                28.02.2010                notwendig
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        28.02.2010        unbekannt       
Ad-Aware        Lavasoft Limited        30.10.2011        34.1MB        9.5.0 unbekannt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        07.04.2011        2.68MB        10.1.85.3 unbekannt
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        09.07.2011        6.00MB        10.3.181.26 unbekannt
Adobe Reader 9.3.1 - Deutsch        Adobe Systems Incorporated        10.04.2010        245MB        9.3.1 notwendig
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        19.07.2010                11.5.7.609 unbekannt
AFPL Ghostscript 8.54                28.02.2010        unbekannt       
AFPL Ghostscript Fonts                28.02.2010        unbekannt       
Age of Empires III        Microsoft Game Studios        19.11.2009        2,111MB        1.00.0000 notwendig
Age of Empires III - The Asian Dynasties        Microsoft Game Studios        24.11.2009        831MB        1.00.0000 notwendig
ALDI Foto Manager Free Sued 3.4.0.466 (D)        MAGIX AG        25.02.2007                3.4.0.466 notwendig
Alle meine Adressen 1.20                26.06.2011        unbekannt       
Any Video Converter 3.0.7        Any-Video-Converter.com        21.09.2010        64.4MB        unbekannt
Audiograbber 1.83 SE        Audiograbber        08.07.2011                1.83 SE unbekannt
Audiograbber MP3-Plugin        AG        07.07.2011                1.0unbekannt
Avira AntiVir Personal - Free Antivirus        Avira GmbH        12.02.2012        61.8MB        10.2.0.707 notwendig
Bonjour        Apple Inc.        15.03.2009        0.49MB        1.0.106 unbekannt
CCleaner        Piriform        30.10.2011                3.12 notwendig
CIB pdf brewer 2.1.7a        CIB software GmbH        16.05.2007                2.1.7a unbekannt
ClickOff version 1.82                28.02.2010                unbekannt
CloneSpy 2.41        CloneSpy        28.02.2010                unbekannt
Corel Graphics Suite 11        Corel Corporation        29.03.2007        265MB        11 notwendig
Daten-Konvertierer                28.06.2011                notwendig
Digital Voice Editor 3        Sony Corporation        21.12.2009                3.2.00.12190 unbekannt
DivX Converter        DivX, Inc.        13.12.2010                6.6.0 unbekannt
DivX-Setup        DivX, LLC        13.12.2010                2.2.0.24 unbekannt
EAX Unified                28.02.2010                unbekannt
eBay.de - Skype 3.0        Skype Technologies S.A.        28.02.2010        unnötig        3.0 unbekannt
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)        MAGIX AG        25.02.2007                2.0.0.1 unbekannt
Free YouTube Download version 2.10.33.324        DVDVideoSoft Limited.        17.04.2011        26.9MB        unbekannt
FreePDF XP (Remove only)                28.02.2010                notwendig
FUSSBALL MANAGER 2005                28.02.2010        unnötig       
Google Chrome        Google Inc.        13.12.2010                16.0.912.77 unbekannt
Google Desktop        Google        28.02.2010                -unnötig
Google Earth        Google        23.11.2011        92.7MB        6.1.0.5001 notwendig
Grand Theft Auto San Andreas        Rockstar Games        03.03.2011                1.00.00001 notwendig
Grand Theft Auto Vice City                28.02.2010                1.00.000 notwendig
HiJackThis        Trend Micro        30.10.2011        0.36MB        1.0.0 unbekannt
HP Print Diagnostic Utility        Hewlett_Packard        26.12.2009        0.71MB        1.51.0000 unbekannt
Java(TM) 6 Update 22        Oracle        28.03.2011        95.0MB        6.0.220 unbekannt
Java(TM) SE Runtime Environment 6 Update 1        Sun Microsystems, Inc.        23.05.2007        159.9MB        1.6.0.10 unbekannt
JDownloader        AppWork UG (haftungsbeschränkt)        13.12.2010        notwendig       
K-Lite Mega Codec Pack 5.7.0                16.02.2010                5.7.0 notwendig
KompoZer 0.8b3        KompoZer        23.05.2011        21.8MB        unbekannt
LetsTrade Komponenten                28.02.2010                unbekannt
LG Bluetooth Drivers        LG Electronics        07.04.2011        0.69MB        1.1 unbekannt
LG PC Suite IV        LG Electronics        07.04.2011                4.3.5.20110131 notwendig
LG United Mobile Drivers        LG Electronics        07.04.2011        5.94MB        2.2 unbekannt
LG USB Modem Drivers        LG Electronics        07.04.2011        1.06MB        4.9.4 unbekannt
MakeDisc                28.02.2010                3.0.1408 unbekannt
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        12.02.2012        17.3MB        1.60.1.1000 notwendig
MediaShow 3.0                28.02.2010                unbekannt
MEDION Fotos auf CD Sued 6.0.2.0 (D)        MAGIX AG        25.02.2007                6.0.2.0 unbekannt
Mein Geld Professional        Buhl Data Service GmbH        08.02.2007        137.3MB        8.00.0007 unbekannt
Mercenaries 2: World in Flames(tm)        Electronic Arts        08.09.2010        5,984MB        2.0.1.0 unbekannt
Microsoft Age of Empires II                28.02.2010        notwendig       
Microsoft Age of Empires II: The Conquerors Expansion                28.02.2010        notwendig       
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        13.12.2011        20.5MB        12.0.4518.1014 unbekannt
Microsoft Office File Validation Add-In        Microsoft Corporation        13.02.2012        7.92MB        14.0.5130.5003 unbekannt
Microsoft Office Ultimate 2007        Microsoft Corporation        13.02.2012                12.0.6612.1000 notwendig
Microsoft Silverlight        Microsoft Corporation        11.10.2011        226MB        4.0.60831.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.07.2009        0.25MB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0.29MB        8.0.61001 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        29.07.2009        0.19MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0.58MB        9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        28.03.2009        0.57MB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        14.11.2010        0.58MB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        0.59MB        9.0.30729.6161 unbekannt
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)        Microsoft Corporation        13.02.2012                10.0.31119 unbekannt
Microsoft Works        Microsoft Corporation        09.12.2009        291MB        08.05.0822 unbekannt
Microsoft Zoo Tycoon                28.02.2010        unnötig       
Mozilla Firefox 10.0 (x86 de)        Mozilla        01.02.2012        42.1MB        10.0 notwendig
MSXML 4.0 SP2 (KB925672)        Microsoft Corporation        09.02.2007        1.24MB        4.20.9839.0 unbekannt
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        09.02.2007        1.24MB        4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        16.08.2007        1.27MB        4.20.9848.0 unbekannt
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        10.10.2007        1.27MB        4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1.28MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1.34MB        4.20.9876.0 unbekannt
MSXML 4.0 SP2 Parser and SDK        Microsoft Corporation        07.04.2011        36.00KB        4.20.9818.0 unbekannt
Nero 7 Essentials        Nero AG        08.02.2007        512MB        7.02.5182 notwendig
Norton™ Security Scan        Symantec Corporation        12.01.2008        4.94MB        1.2.0 unbekannt
Nur Entfernen der CopyTrans Suite möglich        WindSolutions        06.02.2012                2.34 unbekannt
NVIDIA Display Control Panel        NVIDIA Corporation        28.02.2010                6.14.11.9621notwendig
NVIDIA Drivers        NVIDIA Corporation        28.02.2010                1.10notwendig
NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        13.02.2012                275.33notwendig
NVIDIA PhysX        NVIDIA Corporation        15.02.2010        83.8MB        9.09.1112 notwendig
NVIDIA Stereoscopic 3D Driver        NVIDIA Corporation        28.02.2010                7.17.11.9621notwendig
NVIDIA Update 1.3.5        NVIDIA Corporation        13.02.2012                1.3.5notwendig
PantsOff 2.0        Christoph Bünger Software        26.06.2011                2.0 unbekannt
Phase 5 HTML-Editor        Systemberatung Schommer        23.05.2011        3.72MB        5.6.2.3 unnötig
phase6_19_download        phase6        12.10.2008        19.0MB        1.90.0000 unbekannt
PhotoNow! 1.0                28.02.2010                unbekannt
PicGrab 2.7.8        Benjamin Mussler        23.03.2011                2.7.8 unbekannt
PowerCinema Linux 5.0                28.02.2010                unbekannt
PowerDirector                28.02.2010                unbekannt
PowerDVD        CyberLink Corporation        28.02.2010                7.0.2414.0 unbekannt
PowerProducer                28.02.2010                unbekannt
Prince of Persia The Sands of Time                01.04.2010                1.00.181 unnötig
Prince of Persia Warrior Within                19.01.2011                1.00.999 unnötig
Realtek High Definition Audio Driver                28.02.2010        unbekannt       
RedMon - Redirection Port Monitor                28.02.2010        unbekannt       
Riva FLV Player        Rothenberger & Partner        28.02.2010                1.0.0000 unbekannt
S.T.A.L.K.E.R. - Shadow of Chernobyl        THQ        18.09.2010                1.0000 notwendig
Saitek Dual Analog Rumble Pad                03.04.2010                notwendig
Samsung Kies        Samsung Electronics Co., Ltd.        27.03.2011        170.1MB        2.0.0.11032_12 notwendig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        11.02.2012        39.1MB        1.3.2250.0 notwendig
Sansa Updater        SanDisk Corporation        16.04.2011        0.57MB        1.301 unnötig
Sceneo AbsolutTV                28.02.2010                unbekannt
SchulwegPlaner                28.02.2010        unnötig       
SFV Checker                28.02.2010                unbekannt
Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        24.07.2007        32.5MB        8.0.0 unbekannt
Spybot - Search & Destroy        Safer Networking Limited        28.03.2009                1.6.2 notwendig
Spybot - Search & Destroy 1.5.2.20        Safer Networking Ltd.        06.04.2008                notwendig
System Requirements Lab                28.02.2010                unbekannt
The Times - Exclusive Tomb Raider Level                28.02.2010                notwendig
TV Enhance                28.02.2010                1.0.3808 unbekannt
TweakNow RegCleaner Standard        TweakNow.com        28.03.2007                v3.0.1 unbekannt
Ulead PhotoImpact 12        Ulead System        28.02.2010                12.0 unbekannt
Uninstall 1.0.0.1                17.04.2011        10.9MB        unbekannt
VIA Plattform-Geräte-Manager        VIA Technologies, Inc.        15.02.2007        2.59MB        1.22 unbekannt
VLC media player 1.0.5        VideoLAN Team        28.02.2010                1.0.5 notwendig
WinRAR                28.02.2010                notwendig
WinZip 14.5        WinZip Computing, S.L.        08.09.2010        19.7MB        14.5.9095 notwendig
X10 Hardware(TM)                28.02.2010                unbekannt
YouRipper        Remlap Software        28.02.2010                1.3.0.0 unnötig

markusg 16.02.2012 12:42
deinstaliere:
7-Zip
neueste:
7-Zip

deinstaliere:
Ad-Aware
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Shockwave
Alle meine Adressen
Any Video
Audiograbber : beide
CIB pdf
ClickOff
CloneSpy
Digital Voice
DivX: beide
eBay
Free YouTube
FUSSBALL MANAGER
Google Chrome
Google Desktop
HiJackThis
Java: alle
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere:
LetsTrade
MEDION Fotos
Mein Geld
Mercenaries
Norton™
PantsOff
Phase : beide
PhotoNow
PicGrab
alle mit Power startenden
Prince of Persia : beide
SchulwegPlaner
Sceneo
SFV
Spelling Dictionaries
Spybot : verzichte drauf, nutze lieber malwarebytes, von zeit zu zeit, nach update.
TV Enhance
TweakNow
Ulead
YouRipper

öffne otl, bereinigen, neustart.
öffne ccleaner, analysieren, bereinigen, neustart.
testen ob alles nach wunsch läuft.

iris089 17.02.2012 00:19
Alles gemacht. Schaut ganz gut aus


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28