Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wie werde ich den Bundespolizei Trojaner los? (https://www.trojaner-board.de/123830-bundespolizei-trojaner-los.html)

reana 10.09.2012 11:32
Wie werde ich den Bundespolizei Trojaner los?
 
Hallo! Ich habe seit gestern Abend diesen netten Bundespolizei Trojaner auf dem PC. Ich komme noch in den abgesicherten Modus und Malwarebytes scannt grade alles durch. Was muss ich dann tun? Bin absoluter Computerlaie, also bitte so verständlich wie möglich! :)

achso hier kommt noch der report:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Âzagahl :: ÂZAGAHL-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 12:19:05
mbam-log-2012-09-10 (12-19-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 338529
Laufzeit: 42 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Âzagahl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\67d7679-1a777073 (Exploit.Blackhole) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Âzagahl\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Blackhole) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Âzagahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


vielen dank schonmal!

t'john 11.09.2012 01:22
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.


Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt
NEU RUNTERLADEN
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

reana 11.09.2012 15:45
Danke erstmal für die Hilfe!

Also hier ist der report vom maleware

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.10.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Âzagahl :: ÂZAGAHL-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 12:19:05
mbam-log-2012-09-10 (12-19-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 338529
Laufzeit: 42 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Âzagahl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\67d7679-1a777073 (Exploit.Blackhole) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Âzagahl\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Blackhole) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Âzagahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.


und hier OTLOTL Logfile:
Code:
OTL logfile created on: 11.09.2012 16:33:15 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Âzagahl\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,37% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 7,83 Gb Free Space | 19,55% Space Free | Partition Type: NTFS
Drive D: | 34,52 Gb Total Space | 8,71 Gb Free Space | 25,25% Space Free | Partition Type: NTFS
Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ÂZAGAHL-PC | User Name: Âzagahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Âzagahl\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Âzagahl\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Razer\Diamondback\razerhid.exe ()
PRC - C:\Programme\Razer\Diamondback\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\System32\OemSpiE.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Programme\Razer\Diamondback\razerhid.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Lexware_Datenbank_Plus) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (t3) -- C:\Windows\System32\drivers\t3.sys (Creative Technology Ltd.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (Razerlow) -- C:\Windows\System32\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F C2 88 3D BA 8E CD 01  [binary data]
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@digitalpublishing.de/dpLaunch: C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 19:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.25 08:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 19:58:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.03.30 14:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Âzagahl\AppData\Roaming\mozilla\Extensions
[2012.03.30 14:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Âzagahl\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012.05.02 20:07:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Âzagahl\AppData\Roaming\mozilla\Firefox\Profiles\8s0wy689.default\extensions
[2012.05.03 19:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.09 19:58:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.23 20:35:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 19:58:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 20:35:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 20:35:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 20:35:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 20:35:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Diamondback] C:\Programme\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\System32\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000..\Run: [Akamai NetSession Interface] C:\Users\Âzagahl\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002..\RunOnce: [CTAutoUpdate] "C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller File not found
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002..\RunOnce: [InetReg] C:\Program Files\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDAD1991-21F9-4BC9-A815-A91FE7C450D1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Âzagahl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Âzagahl\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.06 09:04:29 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{6e05c746-4a7f-11e1-913a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e05c746-4a7f-11e1-913a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{c5eabfda-5237-11e1-bb0a-20cf30bb1202}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eabfda-5237-11e1-bb0a-20cf30bb1202}\Shell\AutoRun\command - "" = G:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 22:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2012.09.10 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\Desktop\NESTLÉ
[2012.09.10 21:23:37 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\Desktop\BMW
[2012.09.10 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Roaming\pdfforge
[2012.09.10 20:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.09.10 12:13:45 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Roaming\Malwarebytes
[2012.09.10 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 12:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 12:13:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.10 12:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.09 23:02:53 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.09.09 20:37:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.09.09 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Roaming\CAD-KAS
[2012.09.09 20:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 3.1
[2012.09.09 20:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Editor 3
[2012.09.09 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\Desktop\MAN
[2012.09.08 11:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.08 11:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.08 11:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.07 15:17:56 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Âzagahl\Downloads\Documents\AcrobatPro_10_Web_WWEFD.exe
[2012.08.26 12:39:19 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Local\Windows Live
[2012.08.26 12:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.08.22 14:31:03 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Roaming\Need for Speed World
[2012.08.22 14:12:47 | 000,000,000 | ---D | C] -- C:\Users\Âzagahl\AppData\Local\Electronic_Arts_Inc
[2012.08.17 10:45:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.17 10:45:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 10:45:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 10:45:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 10:45:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.17 10:45:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.17 10:45:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 10:45:01 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 16:30:49 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.11 16:30:49 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.11 16:30:49 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.11 16:30:49 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.11 16:25:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 16:25:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 16:24:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 12:52:33 | 000,318,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.10 22:01:32 | 000,116,920 | ---- | M] () -- C:\Users\Âzagahl\Desktop\Fortbildungen.pdf
[2012.09.10 21:59:01 | 000,581,900 | ---- | M] () -- C:\Users\Âzagahl\Desktop\Arbeitszeugnisse.pdf
[2012.09.10 21:57:19 | 000,327,212 | ---- | M] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_ebook.pdf
[2012.09.10 20:53:25 | 004,366,516 | ---- | M] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_A5.pdf
[2012.09.10 20:49:29 | 013,103,402 | ---- | M] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_A4.pdf
[2012.09.10 12:13:42 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.09 20:38:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.09 20:04:03 | 000,080,896 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.07 15:23:40 | 487,666,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Âzagahl\Downloads\Documents\AcrobatPro_10_Web_WWEFD.exe
[2012.09.06 21:14:50 | 000,066,048 | ---- | M] () -- C:\Users\Âzagahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.04 20:35:14 | 000,607,121 | ---- | M] () -- C:\Users\Âzagahl\Desktop\urkunde.pdf
[2012.08.30 20:10:14 | 000,135,279 | ---- | M] () -- C:\Users\Âzagahl\Downloads\Documents\MTU_Lebenslauf_LAST.pdf
[2012.08.26 15:35:27 | 001,517,046 | ---- | M] () -- C:\Users\Âzagahl\Downloads\Documents\FilmohneBilder.vep
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.10 22:01:28 | 000,116,920 | ---- | C] () -- C:\Users\Âzagahl\Desktop\Fortbildungen.pdf
[2012.09.10 21:58:54 | 000,581,900 | ---- | C] () -- C:\Users\Âzagahl\Desktop\Arbeitszeugnisse.pdf
[2012.09.10 21:55:04 | 000,327,212 | ---- | C] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_ebook.pdf
[2012.09.10 20:53:16 | 004,366,516 | ---- | C] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_A5.pdf
[2012.09.10 20:44:11 | 013,103,402 | ---- | C] () -- C:\Users\Âzagahl\Desktop\Anlagen&Zeugnisse_A4.pdf
[2012.09.10 12:13:42 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.09 20:37:58 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.09 20:04:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.07 16:31:36 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.09.04 20:35:14 | 000,607,121 | ---- | C] () -- C:\Users\Âzagahl\Desktop\urkunde.pdf
[2012.08.30 20:10:14 | 000,135,279 | ---- | C] () -- C:\Users\Âzagahl\Downloads\Documents\MTU_Lebenslauf_LAST.pdf
[2012.08.26 12:55:53 | 001,517,046 | ---- | C] () -- C:\Users\Âzagahl\Downloads\Documents\FilmohneBilder.vep
[2012.07.12 20:42:00 | 000,017,408 | ---- | C] () -- C:\Users\Âzagahl\AppData\Local\WebpageIcons.db
[2012.06.02 21:59:05 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2012.06.02 21:59:05 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.06.02 21:58:55 | 000,002,528 | ---- | C] () -- C:\Users\Âzagahl\AppData\Roaming\$_hpcst$.hpc
[2012.04.26 19:35:14 | 000,004,626 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2012.04.26 19:34:45 | 000,000,049 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2012.04.26 19:33:50 | 000,001,436 | R--- | C] () -- C:\Windows\CfgHPSp.ini
[2012.04.26 19:33:50 | 000,001,434 | R--- | C] () -- C:\Windows\Cfg05Sp.ini
[2012.04.26 19:33:50 | 000,000,932 | R--- | C] () -- C:\Windows\CfgHPHp.ini
[2012.04.26 19:33:50 | 000,000,932 | R--- | C] () -- C:\Windows\CfgHPDO.ini
[2012.04.26 19:33:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPRMi.ini
[2012.04.26 19:33:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPRLI.ini
[2012.04.26 19:33:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPFMi.ini
[2012.04.26 19:33:50 | 000,000,453 | R--- | C] () -- C:\Windows\CfgHPDI.ini
[2012.04.26 19:33:49 | 000,001,434 | R--- | C] () -- C:\Windows\Cfg04Sp.ini
[2012.04.26 19:33:49 | 000,001,091 | R--- | C] () -- C:\Windows\Cfg03Sp.ini
[2012.04.26 19:33:49 | 000,001,091 | R--- | C] () -- C:\Windows\Cfg02Sp.ini
[2012.04.26 19:33:49 | 000,001,000 | R--- | C] () -- C:\Windows\Cfg01Sp.ini
[2012.04.26 19:33:49 | 000,000,932 | R--- | C] () -- C:\Windows\Cfg05DO.ini
[2012.04.26 19:33:49 | 000,000,932 | R--- | C] () -- C:\Windows\Cfg04DO.ini
[2012.04.26 19:33:49 | 000,000,930 | R--- | C] () -- C:\Windows\Cfg05Hp.ini
[2012.04.26 19:33:49 | 000,000,930 | R--- | C] () -- C:\Windows\Cfg04Hp.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg03Hp.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg03DO.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg02Hp.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg02DO.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg01Hp.ini
[2012.04.26 19:33:49 | 000,000,725 | R--- | C] () -- C:\Windows\Cfg01DO.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05RMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05RLI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05FMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg05DI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04RMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04RLI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04FMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg04DI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2012.04.26 19:33:49 | 000,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2012.04.26 19:33:48 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
[2012.04.26 19:33:48 | 000,000,818 | R--- | C] () -- C:\Windows\Cfg01APR.ini
[2012.04.26 19:33:32 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012.04.26 19:33:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.19 14:07:52 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.02.19 14:07:52 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.02.19 14:04:17 | 000,186,531 | ---- | C] () -- C:\Windows\hpoins21.dat
[2012.02.19 14:04:17 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2012.02.19 13:49:56 | 000,186,452 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2012.02.19 13:49:56 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2012.02.10 14:44:07 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.10 14:43:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.02.10 14:43:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.02.10 14:43:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.02.10 13:20:54 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.02.10 09:57:51 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.10 09:57:51 | 000,138,056 | ---- | C] () -- C:\Users\Âzagahl\AppData\Roaming\PnkBstrK.sys
[2012.02.10 09:57:19 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.10 09:57:17 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.29 16:21:30 | 000,066,048 | ---- | C] () -- C:\Users\Âzagahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.29 16:20:38 | 000,000,281 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.29 15:58:23 | 000,006,136 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012.01.29 15:55:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2012.01.29 15:55:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.29 15:55:41 | 000,015,673 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.29 15:55:41 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2012.01.29 15:53:52 | 000,000,680 | ---- | C] () -- C:\Users\Âzagahl\AppData\Local\d3d9caps.dat
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

< End of report >
--- --- ---
OTL Logfile:
Code:
OTL Extras logfile created on: 11.09.2012 16:33:15 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Âzagahl\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,37% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,04 Gb Total Space | 7,83 Gb Free Space | 19,55% Space Free | Partition Type: NTFS
Drive D: | 34,52 Gb Total Space | 8,71 Gb Free Space | 25,25% Space Free | Partition Type: NTFS
Drive E: | 3,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ÂZAGAHL-PC | User Name: Âzagahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0485F1C6-F859-48FD-8DE8-19AE1026631A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{0869F630-D256-4BF4-B36D-247F77E183D3}" = protocol=17 | dir=in | app=i:\spiele\blizzard\diablo iii\diablo iii.exe |
"{154BADCC-6621-490D-8BA0-8E4AD77E7FED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{265C6524-E0A3-4406-98E9-314ACB7C2382}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{4123F044-62DE-477C-929E-CB75AA19CFAA}" = protocol=6 | dir=in | app=i:\spiele\blizzard\diablo iii\diablo iii.exe |
"{56D19C3D-78F1-499D-8DC2-AAFCBA0ED48D}" = protocol=17 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{6C237127-A967-425B-A857-406A3F5F1CAD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87686A99-F443-434E-9A11-17A9990D690E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9CABE1D4-F546-480B-9A30-6B237821C1A8}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9D193AE1-62DF-4B5A-9F4A-384D44A49FD9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{A09FC6E2-E379-40B1-AD29-8C185B2F0029}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A6ACCA47-02C6-4EED-B287-49F18E60C191}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA99E8D9-2F4A-48FB-866B-C2A9C3A6AD04}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{AFFA00DD-63B3-447C-88CF-FBD9273D5882}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{BB29DBB0-8BE8-4750-A7E4-DC27C3CD8727}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BFD484B6-0D52-4602-80C5-8922D5E75E27}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C61BE8E2-E945-4916-9560-50429E4D263C}" = protocol=6 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{DA6351E4-27C8-4B26-A40D-62AE2EC287F9}" = protocol=17 | dir=in | app=c:\program files\sybase\sql anywhere 9\win32\dbsrv9.exe |
"{E06F8B02-5AF9-4E0F-A30A-83EA9A4B5121}" = protocol=6 | dir=in | app=d:\spiele\battlefield 3\bf3.exe |
"{E4CACC43-7F48-4459-8F2D-BA56BA99084C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E758F684-B05F-44EE-8633-0CDDA80AC482}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{F024D87D-7286-492D-93B9-054EC1286AF6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{0E9F83C9-9D2F-49B5-BB56-17155293A796}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{1A3555AA-B566-40A4-A372-549CF95E517B}C:\users\âzagahl\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\âzagahl\appdata\local\akamai\netsession_win.exe |
"TCP Query User{2B244CB1-791A-4BEF-AB4A-77148B411692}C:1\spiele\blizzard\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:1\spiele\blizzard\diablo iii\diablo iii.exe |
"TCP Query User{7FF4C20D-E1BE-4DE1-9E1C-C5064A00E8FA}C:\users\âzagahl\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\âzagahl\appdata\local\akamai\netsession_win.exe |
"UDP Query User{237F3731-8093-4A0A-BD00-A5566C493BA5}C:\users\âzagahl\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\âzagahl\appdata\local\akamai\netsession_win.exe |
"UDP Query User{69B78212-AB95-4076-9FE6-C23383B90162}C:1\spiele\blizzard\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:1\spiele\blizzard\diablo iii\diablo iii.exe |
"UDP Query User{88BDCCE2-3FDF-4F12-AEF4-3721178A309D}C:\users\âzagahl\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\âzagahl\appdata\local\akamai\netsession_win.exe |
"UDP Query User{ADDB0AD3-2E18-453B-B39E-FA1BAB66B563}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89196F9A-2E0B-4197-A3DF-6EF78731EB35}" = Lexware online banking
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2011
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAF15921-FA90-4427-82A2-1852A9BAC99A}" = Lexware Datenbank plus 2011
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"AVS Media Player_is1" = AVS Media Player 4.1.6.80
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Battlelog Web Plugins" = Battlelog Web Plugins
"CCleaner" = CCleaner
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Diablo III" = Diablo III
"Diagnostics 4_5" = Creative-Diagnose
"ESN Sonar-0.70.4" = ESN Sonar
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Host OpenAL" = Host OpenAL
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SysInfo" = Creative Systeminformationen
"TeamViewer 7" = TeamViewer 7
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VISPRO" = Microsoft Office Visio Professional 2007
"WaveStudio 7" = Creative WaveStudio 7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1419635286-4132949951-2211102292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.09.2012 14:44:45 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:30 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:30 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1010
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1005
Description =
 
Error - 10.09.2012 14:49:31 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1018
Description =
 
Error - 10.09.2012 14:49:32 | Computer Name = Âzagahl-PC | Source = Perflib | ID = 1008
Description =
 
[ OSession Events ]
Error - 17.07.2012 03:55:43 | Computer Name = Âzagahl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 546
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.09.2012 06:17:40 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 10.09.2012 06:17:40 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 10.09.2012 07:17:28 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10.09.2012 08:37:52 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10.09.2012 14:25:33 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 10.09.2012 14:39:14 | Computer Name = Âzagahl-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10.09.2012 14:39:15 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 10.09.2012 14:39:15 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 11.09.2012 06:54:00 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 11.09.2012 10:26:41 | Computer Name = Âzagahl-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---


So und jetzt?:dankeschoen:

t'john 12.09.2012 08:42
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
:OTL
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1419635286-4132949951-2211102292-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
O3 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKU\S-1-5-21-1419635286-4132949951-2211102292-1000..\Run: [Akamai NetSession Interface] C:\Users\Âzagahl\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.06 09:04:29 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{6e05c746-4a7f-11e1-913a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e05c746-4a7f-11e1-913a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
O33 - MountPoints2\{c5eabfda-5237-11e1-bb0a-20cf30bb1202}\Shell - "" = AutoRun
O33 - MountPoints2\{c5eabfda-5237-11e1-bb0a-20cf30bb1202}\Shell\AutoRun\command - "" = G:\MI.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.09.09 20:38:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad


:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Âzagahl\AppData\Local\{*}
C:\Users\Âzagahl\AppData\Local\Temp\*.exe
C:\Users\Âzagahl\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

t'john 01.11.2012 04:31
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55