Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.11.2011, 08:28   #1
Schwutzy
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



Hallo,

beim Start von Windows öffnet automatisch auch notepad.
Notepad bleibt dabei leer, es wird also kein Text geschrieben.

Wenn man Notepad wieder schliesst, öffnet sich das Programm erneut.

Habe nach W32.HLLW.Qaz.A gesucht und das Symantec removal Tool ausprobiert - Keine infizierten Dateien gefunden.

Habe in Regedit folgende Einträge:

HKEY_CLASSES_ROOT\Unknown\shell\openas\command:

%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

und

HKEY_CLASSES_ROOT\Unknown\shell\opendlg\command:

%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1


Habt Ihr da ne Idee was das sein kann und was ich noch tun kann?

Vielen Dank!

Alt 24.11.2011, 12:50   #2
markusg
/// Malware-holic
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



hi
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe

    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 24.11.2011, 13:41   #3
Schwutzy
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



Ich hoffe das dies die richtigen Dateien sind.

Vielen Dank
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.11.2011 13:20:23 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stephan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 49,88% Memory free
11,98 Gb Paging File | 9,00 Gb Available in Paging File | 75,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 282,17 Gb Free Space | 60,60% Space Free | Partition Type: NTFS
Drive H: | 1397,26 Gb Total Space | 3,59 Gb Free Space | 0,26% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 257,95 Gb Free Space | 13,85% Space Free | Partition Type: NTFS
Drive K: | 1863,01 Gb Total Space | 196,96 Gb Free Space | 10,57% Space Free | Partition Type: NTFS
Drive Z: | 1374,85 Gb Total Space | 940,80 Gb Free Space | 68,43% Space Free | Partition Type: NTFS
 
Computer Name: STEPHANPC01 | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stephan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Stephan\AppData\Roaming\notepad.exe ()
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TAPICall\TAPICall_Core.exe (CONVERGIT GmbH)
PRC - C:\Users\Stephan\AppData\Local\Apps\2.0\4Y4P2V41.C5Y\24DLQLBA.5VR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\PROGRA~2\WinTV\TVServer\CAPTUR~3.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - c:\Programme\Logitech\Logitech WebCam Software\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files (x86)\FeedReader30\feedreader.exe ()
PRC - C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()
PRC - C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
PRC - C:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe ()
PRC - C:\Program Files (x86)\WinTV\WinTV7\hcwcitray.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\PersMan\VBTDiaryMonitor.exe (Vizual Business Tools Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Users\Stephan\AppData\Roaming\notepad.exe ()
MOD - C:\Users\Stephan\AppData\Local\Apps\2.0\4Y4P2V41.C5Y\24DLQLBA.5VR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\HPFaxUtilities.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\Alerts.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\PLSDMXMLObjects.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\HPAppTools.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\LEDMXMLObjects.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\AppConstants.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\DMBaseObjects.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\HPToolkit.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTools.dll ()
MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll ()
MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\FeedReader30\feedreader.exe ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()
MOD - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()
MOD - C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
MOD - C:\Program Files (x86)\MultiScreen\MGResGer.dll ()
MOD - C:\Program Files (x86)\MultiScreen\ServiceHook.dll ()
MOD - C:\Program Files (x86)\MultiScreen\MultiMon.dll ()
MOD - C:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe ()
MOD - C:\Program Files (x86)\WinTV\WinTV7\hcwcitray.exe ()
MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\IDAPI32.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\idsql32.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\IDPDX32.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\idbat32.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\IDR20009.DLL ()
MOD - C:\Program Files (x86)\Borland\Common Files\BDE\BANTAM.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (hcw88vid) -- C:\Windows\SysNative\drivers\hcw88vid.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (HCW88TSE) -- C:\Windows\SysNative\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (hcw88rc5) -- C:\Windows\SysNative\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw88bda) -- C:\Windows\SysNative\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (HCW88XBAR) -- C:\Windows\SysNative\drivers\hcw88bar.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HCW88AUD) -- C:\Windows\SysNative\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LVUVC64) Logitech Webcam 600(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (GigasetGenericUSB_x64) -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys (Siemens Home and Office Communication Devices GmbH & Co. KG)
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (WinTVCIUSB) Hauppauge WinTV-CI USB (11xxx) -- C:\Windows\SysNative\drivers\hcw11.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinTVCIUSBBDA) Hauppauge WinTV-CI BDA (11xxx) -- C:\Windows\SysNative\drivers\hcw11bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111122.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111122.003\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\elbycdio.sys (Elaborate Bytes AG)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (FLASHSYS) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys ()
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 A6 44 D7 88 0A CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2011.08.01 13:49:20 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.178.29 NPI8BFEEB.fritz.box
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Color LaserJet CM2320 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HPPQVideo] "C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDFServiceEngine] C:\Program Files (x86)\PDF Suite\PDFServiceEngine.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Stephan\AppData\Local\Apps\2.0\4Y4P2V41.C5Y\24DLQLBA.5VR\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [feedreader.exe] C:\Program Files (x86)\FeedReader30\feedreader.exe ()
O4 - HKCU..\Run: [notepad] C:\Users\Stephan\AppData\Roaming\notepad.exe ()
O4 - HKCU..\Run: [Windows Audio HDi Driver] C:\Users\Stephan\AppData\Roaming\audiohd.exe ()
O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk =  File not found
O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\Stephan\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll/314 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: NSA Setting - C:\Program Files (x86)\ZyXEL\Link Capture\ip.html ()
O8:64bit: - Extra context menu item: Send to NSA - C:\Program Files (x86)\ZyXEL\Link Capture\Link Capture.html ()
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll/314 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: NSA Setting - C:\Program Files (x86)\ZyXEL\Link Capture\ip.html ()
O8 - Extra context menu item: Send to NSA - C:\Program Files (x86)\ZyXEL\Link Capture\Link Capture.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: liebherr.com ([www.livision] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {2A8A99EE-E87E-47EC-9201-860620CF1046} https://www.lias.liebherr.com/camosHtml/i?RES=res/camosRTX.cab (camosRTX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E83DF16-EC67-4766-90E3-F0F4AEF78170}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{911EC057-3CD4-43A1-9EC0-0DD64D899E3A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TING.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.24 13:05:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2011.11.23 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Maschinenvergleiche LICOS
[2011.11.20 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Angebote
[2011.11.15 20:37:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.11 13:13:39 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Skype
[2011.11.11 13:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.11 13:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.11.11 13:13:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.11.11 13:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.11.11 10:47:28 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Local\LogiShrd
[2011.11.11 10:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011.11.11 10:47:06 | 000,000,000 | ---D | C] -- C:\Users\Stephan\AppData\Roaming\Leadertech
[2011.11.11 10:46:33 | 000,767,000 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2011.11.11 10:46:33 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2011.11.11 10:46:33 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2011.11.11 10:46:33 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2011.11.11 10:46:32 | 006,379,288 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvuvc64.sys
[2011.11.11 10:46:32 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2011.11.11 10:46:32 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2011.11.11 10:46:20 | 000,327,704 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2011.11.11 10:46:20 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco12101110.dll
[2011.11.11 10:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.11.11 10:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011.11.11 10:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.11.11 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2011.11.11 10:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011.11.05 13:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2011.11.05 13:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2011.11.05 13:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.24 13:05:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2011.11.24 12:25:32 | 000,018,698 | ---- | M] () -- C:\jctInLeDom.xml
[2011.11.23 20:12:34 | 000,041,912 | ---- | M] () -- C:\fixqaz.exe
[2011.11.23 20:12:06 | 000,041,912 | ---- | M] () -- C:\Users\Stephan\Documents\fixqaz.exe
[2011.11.23 17:33:46 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 17:33:46 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 17:31:33 | 001,536,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 17:31:33 | 000,670,022 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 17:31:33 | 000,628,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 17:31:33 | 000,136,450 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 17:31:33 | 000,111,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 17:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.23 17:24:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.11.23 17:24:03 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 15:39:47 | 000,153,153 | ---- | M] () -- C:\Users\Stephan\Documents\Maschinenvergleiche.xps
[2011.11.22 20:14:43 | 002,430,814 | ---- | M] () -- C:\Users\Stephan\Desktop\135_2_Liebherr-Abgasreinigungssysteme_10.2011.pdf
[2011.11.22 20:12:56 | 000,210,923 | ---- | M] () -- C:\Users\Stephan\Desktop\135_1_Umstellung auf Abgassstufe IIIB Tier 4i_11.2011.pdf
[2011.11.21 19:24:18 | 000,267,728 | ---- | M] () -- C:\Users\Stephan\Documents\Deponien in Nordrhein - Stand November 2007.pdf
[2011.11.19 14:14:11 | 000,561,845 | ---- | M] () -- C:\Users\Stephan\Documents\ka Liste.pdf
[2011.11.16 11:33:52 | 001,526,501 | ---- | M] () -- C:\Users\Stephan\Documents\Urlaub 2011 - 2012.pdf
[2011.11.15 20:37:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.15 20:36:44 | 000,001,045 | ---- | M] () -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.11 13:13:31 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.11 10:52:55 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011.11.11 10:44:37 | 000,002,105 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk
[2011.11.10 11:17:43 | 000,020,444 | ---- | M] () -- C:\Users\Stephan\Documents\AG110978,liebherr.pdf
[2011.11.10 11:17:43 | 000,020,009 | ---- | M] () -- C:\Users\Stephan\Documents\AG110979,liebherr.pdf
[2011.11.07 14:54:47 | 002,343,520 | ---- | M] () -- C:\Users\Stephan\Desktop\mcdonalds_gutscheine.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.23 20:12:34 | 000,041,912 | ---- | C] () -- C:\fixqaz.exe
[2011.11.23 20:12:02 | 000,041,912 | ---- | C] () -- C:\Users\Stephan\Documents\fixqaz.exe
[2011.11.23 15:40:04 | 000,153,153 | ---- | C] () -- C:\Users\Stephan\Documents\Maschinenvergleiche.xps
[2011.11.22 20:14:43 | 002,430,814 | ---- | C] () -- C:\Users\Stephan\Desktop\135_2_Liebherr-Abgasreinigungssysteme_10.2011.pdf
[2011.11.22 20:12:56 | 000,210,923 | ---- | C] () -- C:\Users\Stephan\Desktop\135_1_Umstellung auf Abgassstufe IIIB Tier 4i_11.2011.pdf
[2011.11.21 19:24:18 | 000,267,728 | ---- | C] () -- C:\Users\Stephan\Documents\Deponien in Nordrhein - Stand November 2007.pdf
[2011.11.19 14:14:27 | 000,561,845 | ---- | C] () -- C:\Users\Stephan\Documents\ka Liste.pdf
[2011.11.16 11:34:30 | 001,526,501 | ---- | C] () -- C:\Users\Stephan\Documents\Urlaub 2011 - 2012.pdf
[2011.11.15 20:36:44 | 000,001,045 | ---- | C] () -- C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.11 13:13:31 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.11 10:52:55 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2011.11.11 10:46:20 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2011.11.11 10:46:20 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2011.11.11 10:44:37 | 000,002,105 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Webkamera-Software.lnk
[2011.11.11 10:43:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.11.10 11:17:43 | 000,020,444 | ---- | C] () -- C:\Users\Stephan\Documents\AG110978,liebherr.pdf
[2011.11.10 11:17:43 | 000,020,009 | ---- | C] () -- C:\Users\Stephan\Documents\AG110979,liebherr.pdf
[2011.11.07 14:54:47 | 002,343,520 | ---- | C] () -- C:\Users\Stephan\Desktop\mcdonalds_gutscheine.pdf
[2011.10.17 08:36:19 | 000,054,784 | -H-- | C] () -- C:\Users\Stephan\AppData\Roaming\audiohd.exe
[2011.10.17 08:36:18 | 000,054,784 | -H-- | C] () -- C:\Users\Stephan\AppData\Roaming\notepad.exe
[2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.08.11 12:48:17 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC8100W.DAT
[2011.08.01 13:54:58 | 000,199,151 | ---- | C] () -- C:\Windows\hppins12.dat.temp
[2011.08.01 13:48:39 | 000,000,759 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.08.01 13:45:27 | 000,194,987 | ---- | C] () -- C:\Windows\hppins12.dat
[2011.08.01 13:45:27 | 000,007,855 | ---- | C] () -- C:\Windows\hppmdl12.dat
[2011.02.17 19:49:39 | 000,001,530 | ---- | C] () -- C:\Windows\_isenv31.ini
[2010.10.10 18:34:50 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.26 15:37:30 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2010.09.26 15:37:08 | 000,002,302 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.08.25 19:33:58 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.25 19:33:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010.08.25 19:33:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.25 19:33:04 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.22 12:30:29 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010.06.22 12:30:29 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010.06.22 12:30:29 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010.06.22 12:30:29 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010.06.22 12:30:29 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010.06.22 12:30:29 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010.06.22 12:30:29 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010.06.22 12:30:29 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010.06.22 12:30:29 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010.06.22 12:30:29 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010.06.22 12:30:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010.06.22 12:30:29 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010.06.22 12:30:29 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010.06.22 12:30:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010.06.22 12:30:29 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010.06.22 12:30:29 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010.06.22 12:30:29 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010.06.22 12:30:29 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010.06.22 12:30:29 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.05.18 10:13:19 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv5
[2010.03.10 11:11:28 | 000,212,448 | ---- | C] () -- C:\Windows\SysWow64\Dbclient.dll
[2010.03.10 11:00:21 | 000,435,200 | ---- | C] () -- C:\Windows\SysWow64\Ilfilt32.dll
[2010.03.10 11:00:21 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\I3tif32.dll
[2010.03.10 11:00:21 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\I3spec32.dll
[2010.03.10 11:00:21 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\I3dxf32.dll
[2010.03.10 11:00:20 | 000,425,984 | ---- | C] () -- C:\Windows\SysWow64\Crde96v3.dll
[2010.03.10 11:00:20 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\Tutil32.dll
[2010.03.01 17:49:38 | 000,000,178 | ---- | C] () -- C:\Users\Stephan\AppData\Roaming\default.rss
[2010.02.21 15:43:46 | 004,359,680 | ---- | C] () -- C:\Windows\SysWow64\bsdevice.dll
[2010.02.21 15:43:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\Blu-Ray Ripper.dat
[2010.02.21 15:43:28 | 000,000,177 | ---- | C] () -- C:\Windows\pro Blu-Ray Ripper.ini
[2010.02.21 15:43:28 | 000,000,135 | ---- | C] () -- C:\Windows\Blu-Ray Ripper.ini
[2010.02.21 15:43:26 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.02.21 15:43:26 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.02.21 15:41:34 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.19 21:20:19 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.02.19 21:15:43 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2010.02.19 15:19:47 | 001,558,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:B946D9EE

< End of report >
         
--- --- ---




und die 2.:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.11.2011 13:20:27 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stephan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 49,88% Memory free
11,98 Gb Paging File | 9,00 Gb Available in Paging File | 75,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 282,17 Gb Free Space | 60,60% Space Free | Partition Type: NTFS
Drive H: | 1397,26 Gb Total Space | 3,59 Gb Free Space | 0,26% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 257,95 Gb Free Space | 13,85% Space Free | Partition Type: NTFS
Drive K: | 1863,01 Gb Total Space | 196,96 Gb Free Space | 10,57% Space Free | Partition Type: NTFS
Drive Z: | 1374,85 Gb Total Space | 940,80 Gb Free Space | 68,43% Space Free | Partition Type: NTFS
 
Computer Name: STEPHANPC01 | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PSFtp\PSFtp.exe" = C:\Program Files (x86)\PSFtp\PSFtp.exe:*:Enabled:PSFtp -- (Pleis Software)
"C:\Program Files (x86)\PSFtp\PSFtp.exe" = C:\Program Files (x86)\PSFtp\PSFtp.exe:*:Enabled:PSFtp -- (Pleis Software)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\PSFtp\PSFtp.exe" = C:\Program Files (x86)\PSFtp\PSFtp.exe:*:Enabled:PSFtp -- (Pleis Software)
"C:\Program Files (x86)\PSFtp\PSFtp.exe" = C:\Program Files (x86)\PSFtp\PSFtp.exe:*:Enabled:PSFtp -- (Pleis Software)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG8100_series" = Canon MG8100 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8505C641-422E-4E3C-B6B0-0F070E289FDD}" = TAPI Services for FRITZ!Box
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A8D232A5-667B-44C5-AF79-BDFADBFD013B}" = Symantec AntiVirus Win64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD3C6C39-EF26-40BD-8EF0-5D758BB002CC}" = HPOARInstall_x64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0085EB84-3710-429A-A8B0-0E33FDCCE17A}" = Lias Schnittstelle X32
"{02cde829-fb07-4d52-b651-9f9d60a2ea35}" = Nero 9
"{0B8FA866-D2B9-45EA-928D-61CF32735427}" = hppPQVideoCM2320
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{24495227-1B47-4D55-AC27-167B6BC3FF73}" = hppScanToCM2320
"{2c2f4c57-83a8-4790-a281-e83d306a9199}" = Gigaset QuickSync
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{4161DEB5-736E-42D0-B49D-88DDE9696440}" = camos Runtime 9.4
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4F3C4874-D5D9-41A0-B8DE-FD7CA4690CE3}" = BPS650
"{501E4F62-257C-4FCE-960C-ABA85DC60AB0}" = hppTLBXFXCM2320
"{511CA535-9CB1-4128-A30C-5F4C5D4AB848}" = hppFaxUtilityCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{8075BFA9-9D37-49FE-8479-E218CFC7A7FC}" = camosWinClient 9.4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F23458E-82AD-4ADA-8B74-F25E506BA192}" = TAPICall 4.1.4
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO HD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A7285D92-27EE-4D91-AB57-5EF326B572C6}" = hpzTLBXFX
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AE7C40B6-9C6D-4022-B017-A41A6B7FA4D3}" = hppManualsCM2320
"{B009CA39-449B-4733-B12D-DDBEC83F1963}" = NDU
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1A504BC-EB2A-4D67-A49F-E557C58AC17F}" = RegioGraph Planung 11
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CEA9CB53-4C31-4079-AD8C-1EAF1A01B899}" = Europa City Premium 3/2010t - NQ (C:\ProgramData\PTV-AG\map&guide professional\17\maps\EuropePremium.geo)
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DD7D788B-D6C2-4CB1-AACC-8614D6C21D7C}" = hppCLJCM2320
"{DE6D4CC5-41B9-41ED-A725-EBB25409F2AF}" = map&guide professional 2011
"{de82df33-3386-4f1d-82f4-e4732386d4b9}" = Nero 9 Trial
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.17a
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"Afterburner" = MSI Afterburner 1.0.0
"Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.4
"Audiograbber" = Audiograbber 1.83 SE 
"AviSynth" = AviSynth 2.5
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Badaboom" = Badaboom 1.2.0.85
"BestHDSoft Blu-Ray Ripper_is1" = BestHDSoft Blu-Ray Ripper 1.8.1
"Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
"Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
"Canon MG8100 series Benutzerregistrierung" = Canon MG8100 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedReader_is1" = FeedReader
"FileZilla Client" = FileZilla Client 3.3.5.1
"FormatFactory" = FormatFactory 2.60
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"FTP Commander Pro" = FTP Commander Pro
"HaaliMkx" = Haali Media Splitter
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HP Toner Cartridge Authentication" = HP Toner Cartridge Authentication
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IsoBuster_is1" = IsoBuster 2.6
"Lexware personalmanager" = Lexware personalmanager
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Liveupdate4_is1" = Liveupdate4
"Logitech Vid" = Logitech Vid HD
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Phoner_is1" = Phoner 2.58
"PSFtp_is1" = PSFtp Version 1.8
"QuickPar" = QuickPar 0.9
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"ratDVD" = ratDVD 0.76.1408
"Rename Master_is1" = Rename Master
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 6" = TeamViewer 6
"Tftpd64" = Tftpd64 Standalone Edition (remove only)
"UseNeXT_is1" = UseNeXT
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WISO Geld-Tip Kassenbuch" = WISO Geld-Tip Kassenbuch
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"NSA Link Capture IE Plugin" = NSA Link Capture
"PDF Suite" = PDF Suite v9.0.5.22
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.11.2011 10:33:08 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Risk: Trojan.ADH in File: Z:\sharesZyxel\Software\DVD-Cloner
 VII (7) v7.0.990 + HD&BluRay Unterstütz\CRACK\DVD-Cloner7.exe by: Manual scan. 
 Action: Cleaned by Deletion.  Action Description:      
 
Error - 23.11.2011 10:57:48 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711726
Description =       Security Risk Found!Risk: Trojan.ADH in File: Z:\sharesZyxel\Software\SlySoft
 CloneDVD v2.9.2.7 Final - Deutsch - (die p\CDVD PORTABLE\CloneDVD_Portable_2.9.2.7_Multilingual.paf.exe
 by: Manual scan.  Action: Clean failed : Quarantine failed.  Action Description:
 The file was left unchanged.    
 
Error - 23.11.2011 10:57:50 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711685
Description =       Risk Found!Risk: Trojan.ADH in File: \\192.168.178.22\video\shareszyxel\software\convert
 x to dvd 4 v4.0.9.322a - multilanguage - w\vso keygen\thecx2d4keygen.exe by: Manual
 scan.  Action: Cleaned by Deletion.  Action Description:      Risk:  in File: Internet
 browser temporary file cache by: Manual scan.  Action: Clean failed : Quarantine
 failed.  Action Description: The file was deleted successfully.    Risk Found!Risk:
 Trojan.ADH in File: \\192.168.178.22\video\shareszyxel\software\dvd-cloner vii 
(7) v7.0.990 + hd&bluray unterstütz\crack\dvd-cloner7.exe by: Manual scan.  Action:
 Cleaned by Deletion.  Action Description:      Risk:  in File: Internet browser temporary
 file cache by: Manual scan.  Action: Clean failed : Quarantine failed.  Action 
Description: The file was deleted successfully.    
 
Error - 23.11.2011 10:57:51 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Risk: Trojan.ADH in File: Z:\sharesZyxel\Software\SlySoft
 CloneDVD v2.9.2.7 Final - Deutsch - (die p\CDVD PORTABLE\CloneDVD_Portable_2.9.2.7_Multilingual.paf.exe
 by: Manual scan.  Action: Cleaned by Deletion.  Action Description:      
 
Error - 23.11.2011 11:36:05 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711726
Description =       Security Risk Found!Risk: Heuristic.ADH in File: Z:\sharesZyxel\Nadine\eigene
 Dateien\Downloads\Videograbber5.0.exe by: Manual scan.  Action: Clean failed : 
Quarantine failed.  Action Description: The file was left unchanged.    
 
Error - 23.11.2011 11:36:08 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Risk: Heuristic.ADH in File: Z:\sharesZyxel\Nadine\eigene
 Dateien\Downloads\Videograbber5.0.exe by: Manual scan.  Action: Cleaned by Deletion.
  Action Description:      
 
Error - 23.11.2011 11:42:05 | Computer Name = StephanPC01 | Source = Symantec AntiVirus | ID = 16711685
Description =       Risk Found!Risk: Trojan.ADH in File: \\192.168.178.22\video\shareszyxel\software\slysoft
 clonedvd v2.9.2.7 final - deutsch - (die p\cdvd portable\clonedvd_portable_2.9.2.7_multilingual.paf.exe
 by: Manual scan.  Action: Cleaned by Deletion.  Action Description:      Risk:  in 
File: Internet browser temporary file cache by: Manual scan.  Action: Clean failed
 : Quarantine failed.  Action Description: The file was deleted successfully.    Risk
 Found!Risk: Heuristic.ADH in File: \\192.168.178.22\video\shareszyxel\nadine\eigene
 dateien\downloads\videograbber5.0.exe by: Manual scan.  Action: Cleaned by Deletion.
  Action Description:      Risk:  in File: Internet browser temporary file cache by:
 Manual scan.  Action: Clean failed : Quarantine failed.  Action Description: The
 file was deleted successfully.    
 
Error - 23.11.2011 19:30:03 | Computer Name = StephanPC01 | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 23.11.2011 19:31:08 | Computer Name = StephanPC01 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\magictune premium\MagicTuneCore.dll.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.manifest.
 
Error - 23.11.2011 19:31:16 | Computer Name = StephanPC01 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ OSession Events ]
Error - 23.04.2010 01:07:26 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2010 01:07:44 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2010 01:11:47 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 23.04.2010 01:16:48 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 274
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 06.10.2010 01:29:33 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.12.2010 06:16:18 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 65155
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 24.12.2010 06:17:56 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 89
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2011 02:07:20 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 171
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2011 12:32:19 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 130
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.10.2011 01:43:36 | Computer Name = StephanPC01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62080
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.11.2011 15:01:22 | Computer Name = StephanPC01 | Source = DCOM | ID = 10010
Description = 
 
Error - 22.11.2011 02:30:05 | Computer Name = StephanPC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR10 
gefunden.
 
Error - 22.11.2011 02:30:59 | Computer Name = StephanPC01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 22.11.2011 02:31:29 | Computer Name = StephanPC01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 22.11.2011 02:31:59 | Computer Name = StephanPC01 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 22.11.2011 18:35:27 | Computer Name = StephanPC01 | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 22.11.2011 18:36:27 | Computer Name = StephanPC01 | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 22.11.2011 18:37:27 | Computer Name = StephanPC01 | Source = srv | ID = 2017
Description = Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren,
 da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher
 erreicht wurde.
 
Error - 23.11.2011 11:36:12 | Computer Name = StephanPC01 | Source = yukonw7 | ID = 458845
Description = MAC FIFO status 1
 
Error - 23.11.2011 12:26:43 | Computer Name = StephanPC01 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht richtig gestartet.
 
 
< End of report >
         
--- --- ---



Vielen Dank für die Hilfe!
__________________

Alt 24.11.2011, 14:05   #4
markusg
/// Malware-holic
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
PRC - C:\Users\Stephan\AppData\Roaming\notepad.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [notepad] C:\Users\Stephan\AppData\Roaming\notepad.exe ()
O4 - HKCU..\Run: [Windows Audio HDi Driver] C:\Users\Stephan\AppData\Roaming\audiohd.exe ()
O4 - Startup: C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll/314 File not found
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files (x86)\PacketVideo\TwonkyBeam\TwonkyIEPlugin.dll/314 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TING.EXE
MOD - C:\Users\Stephan\AppData\Roaming\notepad.exe ()
:Files
C:\Users\Stephan\AppData\Roaming\notepad.exe
C:\Users\Stephan\AppData\Roaming\audiohd.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.11.2011, 15:30   #5
Schwutzy
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



Hallo anbei das Script:

All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== OTL ==========
No active process named notepad.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\notepad deleted successfully.
C:\Users\Stephan\AppData\Roaming\notepad.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Audio HDi Driver deleted successfully.
C:\Users\Stephan\AppData\Roaming\audiohd.exe moved successfully.
C:\Users\Stephan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Playlist\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
File E:\TING.EXE MOD - C:\Users\Stephan\AppData\Roaming\notepad.exe () :Files C:\Users\Stephan\AppData\Roaming\notepad.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Stephan
->Flash cache emptied: 503 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 614818403 bytes
->Java cache emptied: 20678 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1526784 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104062940 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67497 bytes
RecycleBin emptied: 12105850 bytes

Total Files Cleaned = 699,00 mb

Error: Unable to interpret <---------> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11242011_151438

Files\Folders moved on Reboot...
File\Folder C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{4E0C4F28-CDBA-4D60-AEB3-7236EDDBAD14}.tmp not found!
File\Folder C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{06A82552-D76A-4761-B269-BD6B8B2E9E02}.tmp not found!
File\Folder C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3368A251-D579-4A05-ADD2-07840D74149D}.tmp not found!
File\Folder C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6B4155AC-A119-4C9E-B9EB-BC1C8993E4C9}.tmp not found!
File\Folder C:\Users\Stephan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B5D4901F-2952-4275-A6D1-65F384340A8D}.tmp not found!
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
C:\Windows\temp\JET5C52.tmp moved successfully.
C:\Windows\temp\JET64CA.tmp moved successfully.

Registry entries deleted on Reboot...


Ich habe das mit dem hochladen auch gemacht.

Nur drei Fragen hätte ich noch:

Was hab ich da eigentlich gemacht?
Und warum?
Und was war denn los mit meinem PC?

Aber schon jetzt hezlichen Dank!


Alt 24.11.2011, 16:25   #6
markusg
/// Malware-holic
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



hi, wir haben nen backdoor gelöscht.
du nutzt ja symantec, bekommt das regelmäßig updates?
__________________
--> Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?

Alt 24.11.2011, 20:17   #7
Schwutzy
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



Hallo Markusg,

also erst mal recht herzlichen Dank für die Hilfe hier!

Heute angemeldet und schon ist das noch am selben Tag erledigt?

Kann man denn sagen was das macht und wo das kam?

Symantec bekommt Live Updates:

Programm 10.2.0.298
Scan Engine 111.2.0.72
Virus Definition File: 22.11.2011 rev.03

Vielen Dank!

Alt 24.11.2011, 20:28   #8
markusg
/// Malware-holic
 
Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Standard

Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?



passwörter klauen zb.
am ende müssen wir sie alle endern.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?
.dll, automatisch, dateien, dll, einträge, folge, folgende, gesucht, infizierte, leer, programm, regedit, removal, rundll, rundll32.exe, schliesst, shell, shell32.dll, start, start von windows, symantec, system32, tool, virus, virus?, windows, öffnet




Ähnliche Themen: Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?


  1. Bing Bar wird immer wieder installiert
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (1)
  2. l+f: Notepad++ ist Charlie und wird deswegen gehackt
    Nachrichten - 13.01.2015 (0)
  3. Windows7: Rechner hängt sich nach Astromenda immer wieder auf
    Log-Analyse und Auswertung - 24.10.2014 (13)
  4. Windows 7: Leerlauf Scan im BitDefender wird immer wieder ausgeschaltet und Browser Startseite "google" wird geändert
    Log-Analyse und Auswertung - 20.05.2014 (13)
  5. Windows7 Firefox ICMAPP.static wird dauernd geöffnet und neue Startseite mixidj.delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (12)
  6. Es werden immer wieder Pop-ups geöffnet von gqs.donedrive.net
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (11)
  7. hxxp://ww94.btosjs.info wird immer nach irgend einer aufgerufenen website geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.08.2013 (1)
  8. Notepad wird immer wieder geöffnet - Windows-8 - 64bit
    Plagegeister aller Art und deren Bekämpfung - 26.11.2011 (3)
  9. TR/Spy.59392.133 wird immer und immer wieder gefunden...
    Plagegeister aller Art und deren Bekämpfung - 30.10.2011 (11)
  10. Trotz neuinstallation wird Internet immer wieder von Virus geblockt.
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (2)
  11. Datei wird immer wieder erstellt - wer war es?
    Plagegeister aller Art und deren Bekämpfung - 08.03.2010 (3)
  12. Win XP Setup wird immer wieder neu gestartet..
    Alles rund um Windows - 04.05.2009 (7)
  13. Taskmanager wird immer wieder deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (58)
  14. TR/Dropper.gen wird immer wieder angezeigt
    Log-Analyse und Auswertung - 30.03.2009 (3)
  15. Windows öffnet immer automatisch mit Notepad
    Alles rund um Windows - 12.07.2005 (13)
  16. Trojaner SPY.VB.EH.3 wird immer wieder gefunden !
    Log-Analyse und Auswertung - 30.04.2005 (2)
  17. Internet Explorer wird immer geöffnet
    Plagegeister aller Art und deren Bekämpfung - 09.03.2005 (4)

Zum Thema Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? - Hallo, beim Start von Windows öffnet automatisch auch notepad. Notepad bleibt dabei leer, es wird also kein Text geschrieben. Wenn man Notepad wieder schliesst, öffnet sich das Programm erneut. Habe - Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus?...
Archiv
Du betrachtest: Notepad wird immer wieder geöffnet - Windows7 - 64 - Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.