Starsear.ch nach Firefox-Plugin download

riera77 · 28.12.2011, 23:19

Zitat:

Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Avast
Microsoft Security Essentials

Habe MSE installiert

Weitere Probleme sind bisher keine aufgetreten. Ich hoffe das bleibt auch so. Wenn etwas demnächst auftritt, werde ich mich melden.
Vielen Dank für die Bereinigung!

Larusso · 29.12.2011, 01:57

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt

riera77 · 29.12.2011, 22:44

Code:

ATTFilter

OTL logfile created on: 29.12.2011 22:33:25 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 44,38% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 67,96 Gb Free Space | 46,43% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,71 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.26 00:28:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.26 00:28:34 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.11 20:45:34 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2009.05.14 11:05:48 | 000,688,432 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\N5ShellExtension.dll
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.29 22:33:17 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D59A4D-1DFE-4811-BEF1-E148E6B9D2E5}\MpKsl211648ec.sys -- (MpKsl211648ec)
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.29 00:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.28 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.28 13:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.28 13:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.28 13:10:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 13:10:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 13:10:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.15 00:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 00:48:15 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 00:48:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 00:48:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 00:48:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 00:48:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 15:09:13 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 15:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 15:08:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 15:08:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 15:08:46 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 15:08:45 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 22:28:26 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 22:28:26 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 22:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 22:20:48 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 16:15:04 | 000,656,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.28 16:15:04 | 000,618,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 16:15:04 | 000,554,314 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.28 16:15:04 | 000,131,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.28 16:15:04 | 000,107,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.28 16:15:04 | 000,090,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.28 13:10:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 13:10:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 13:10:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 13:10:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.28 12:38:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 17:42:46 | 002,776,251 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 16:22:49 | 002,776,251 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.28 12:38:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.28 12:38:13 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,554,314 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,090,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,656,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,131,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 29.12.2011 22:33:25 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 44,38% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 67,96 Gb Free Space | 46,43% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,71 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"AudibleManager" = AudibleManager
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2011 12:03:48 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 12:05:47 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = 
 
Error - 24.12.2011 12:08:26 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 12:08:37 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:50:05 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:52:06 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = 
 
Error - 24.12.2011 21:56:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 21:56:23 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.12.2011 10:45:07 | Computer Name = Saki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApVxdWin.exe, Version: 12.10.12.17,
 Zeitstempel: 0x4da5ae5b  Name des fehlerhaften Moduls: PSAUI.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e82ceac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05636688
ID
 des fehlerhaften Prozesses: 0xcd8  Startzeit der fehlerhaften Anwendung: 0x01ccc4a511b2280b
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Panda Security\Panda Antivirus Pro
 2012\ApVxdWin.exe  Pfad des fehlerhaften Moduls: PSAUI.dll  Berichtskennung: 5de12503-3099-11e1-aeda-00247e83dc50
 
Error - 27.12.2011 18:36:04 | Computer Name = Saki-PC | Source = Windows Backup | ID = 4104
Description = 
 
[ System Events ]
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:20:53 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 29.12.2011 17:20:53 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 11  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >

Larusso · 30.12.2011, 01:01

Well done

Wenn du keine offenen Probleme mehr hast, sind wir hier fertig.
Bitte folge die letzten paar Schritte

Starte bitte Defogger und klicke den Re-enable Button.
Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen.

Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier.

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

riera77 · 30.12.2011, 12:56

OK, alles runter geladen und installiert. System auf Vordermann gebracht (Updates und co.). Fragen habe ich keine. Beschreibungen waren sehr gut.

Wie weiter oben, bedanke ich mich noch mal für die Bereinigung und wünsche alles Gute für das neue Jahr!

Gruß

Larusso · 30.12.2011, 14:41

Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

riera77 · 23.01.2012, 22:42

Hallo Larusso, schau doch bitte in deine privaten Nachrichten. Hattest ja geschrieben, dass ich dir eine PM schicken soll falls etwas ist.
Vielen Dank & Gruß

Larusso · 24.01.2012, 00:26

Auch ich darf einmal auf was vergessen, oder nicht ?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

riera77 · 25.01.2012, 01:00

Klar, wollte nur darauf hinweisen

Code:

ATTFilter

OTL Extras logfile created on: 25.01.2012 00:46:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 71,06% Memory free
3,49 Gb Paging File | 2,25 Gb Available in Paging File | 64,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,42 Gb Free Space | 47,42% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,58 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive E: | 417,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 2,05 Gb Free Space | 55,72% Space Free | Partition Type: FAT32
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"SpywareBlaster_is1" = SpywareBlaster 4.5
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 18:09:36 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.01.2012 18:11:55 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 14.01.2012 18:38:40 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.01.2012 18:40:49 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 15.01.2012 19:08:06 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.01.2012 19:10:02 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 17.01.2012 16:25:10 | Computer Name = Saki-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = Fehler bei der um 2012-01-17T19:46:17.896826900Z gestarteten Sicherung.
 Fehlercode: "2155348269" (%%2155348269). Suchen Sie in den Ereignisdetails nach
 einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben
 wurde.
 
Error - 17.01.2012 16:25:14 | Computer Name = Saki-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 21.01.2012 17:03:36 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.01.2012 17:06:53 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
[ System Events ]
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:12 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:45 | Computer Name = Saki-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 25.01.2012 00:46:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 71,06% Memory free
3,49 Gb Paging File | 2,25 Gb Available in Paging File | 64,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,42 Gb Free Space | 47,42% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,58 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive E: | 417,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 2,05 Gb Free Space | 55,72% Space Free | Partition Type: FAT32
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.25 00:36:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Downloads\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Saki\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.12.03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.30 12:36:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011.12.30 12:36:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.12.03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2010.01.26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2012.01.19 19:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2011.12.30 12:20:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.31 00:03:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2012.01.11 18:08:46 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.28 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.28 13:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.28 13:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: LiveVDO plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Saki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.23 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\recording1469954000.3gpp_data
[2012.01.23 17:17:04 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2012.01.23 17:17:03 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2012.01.23 17:17:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2012.01.23 17:17:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2012.01.23 17:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012.01.23 17:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.01.23 17:11:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.23 17:11:15 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2012.01.23 17:11:15 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2012.01.23 17:11:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2012.01.23 17:11:14 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2012.01.23 17:11:14 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2012.01.23 17:11:13 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2012.01.23 17:11:13 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2012.01.23 17:11:12 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2012.01.23 17:11:11 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2012.01.23 17:11:10 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2012.01.23 17:11:09 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2012.01.23 17:11:08 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2012.01.23 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.01.23 17:10:20 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Babylon
[2012.01.23 17:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.01.23 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Babylon
[2012.01.23 17:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012.01.23 15:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012.01.23 13:49:09 | 000,664,504 | ---- | C] (Softwareentwicklung Patric Remus -ArchiCrypt) -- C:\Users\Saki\Desktop\AntiBundestrojaner.exe
[2012.01.23 13:42:48 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.01.18 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\{691B4F2C-E4D7-447B-9072-7A549C17F70E}
[2012.01.18 14:06:45 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\{C00F7A5B-BBEA-4F8D-A011-A6D06AB822B9}
[2012.01.18 00:03:49 | 000,000,000 | R--D | C] -- C:\Users\Saki\Dropbox
[2012.01.17 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.01.17 23:56:58 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Dropbox
[2012.01.11 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\SD Card
[2011.12.31 12:50:47 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\Backup Desire Dez 11
[2011.12.31 00:02:19 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoft
[2011.12.31 00:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.30 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011.12.30 15:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.30 15:24:36 | 000,000,000 | ---D | C] -- C:\Users\Saki\Documents\VirtualDJ
[2011.12.30 12:32:40 | 000,000,000 | ---D | C] -- C:\b0e0ddd14395ce2604
[2011.12.30 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.30 12:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.12.30 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011.12.29 23:34:05 | 012,030,044 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2011.12.29 23:34:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2011.12.29 23:34:05 | 000,458,844 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2011.12.29 23:33:58 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2011.12.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.28 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 21:10:51 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 21:10:51 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 19:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 19:34:33 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 21:07:49 | 000,002,326 | ---- | M] () -- C:\Users\Saki\Desktop\Google Chrome (2).lnk
[2012.01.23 21:03:09 | 000,220,030 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.aup
[2012.01.23 17:21:59 | 068,262,797 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.MP3
[2012.01.23 17:10:38 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.01.23 15:24:17 | 000,000,913 | ---- | M] () -- C:\Users\Saki\Desktop\Audacity.lnk
[2012.01.18 00:03:49 | 000,001,037 | ---- | M] () -- C:\Users\Saki\Desktop\Dropbox.lnk
[2012.01.17 23:58:33 | 000,001,017 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.13 14:39:59 | 000,656,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.13 14:39:59 | 000,618,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.13 14:39:59 | 000,554,314 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012.01.13 14:39:59 | 000,131,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.13 14:39:59 | 000,107,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.13 14:39:59 | 000,090,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012.01.04 16:59:53 | 000,000,158 | ---- | M] () -- C:\Users\Saki\Desktop\attachment.php
[2012.01.04 14:08:16 | 143,032,131 | ---- | M] () -- C:\Users\Saki\Desktop\3.14.405.1_WildFirE_V1.zip
[2011.12.31 12:48:58 | 091,151,315 | ---- | M] () -- C:\Users\Saki\Desktop\update-cm-7.1.0-Desire-signed.zip
[2011.12.30 21:13:36 | 000,000,146 | ---- | M] () -- C:\Users\Saki\Desktop\Sound - Verknüpfung.lnk
[2011.12.30 20:32:24 | 000,302,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 12:38:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.23 21:06:44 | 000,002,326 | ---- | C] () -- C:\Users\Saki\Desktop\Google Chrome (2).lnk
[2012.01.23 21:03:09 | 000,220,030 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.aup
[2012.01.23 17:21:50 | 068,262,797 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.MP3
[2012.01.23 17:17:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.01.23 17:11:14 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2012.01.23 17:11:14 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.23 17:11:13 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2012.01.23 17:11:12 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2012.01.23 17:11:12 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2012.01.23 17:11:11 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2012.01.23 17:11:10 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2012.01.23 17:11:09 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2012.01.23 17:11:08 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2012.01.23 17:11:08 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2012.01.23 17:10:35 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.01.23 15:24:17 | 000,000,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.01.23 15:24:17 | 000,000,913 | ---- | C] () -- C:\Users\Saki\Desktop\Audacity.lnk
[2012.01.18 00:03:49 | 000,001,037 | ---- | C] () -- C:\Users\Saki\Desktop\Dropbox.lnk
[2012.01.17 23:58:33 | 000,001,017 | ---- | C] () -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.04 16:59:51 | 000,000,158 | ---- | C] () -- C:\Users\Saki\Desktop\attachment.php
[2012.01.04 14:03:22 | 143,032,131 | ---- | C] () -- C:\Users\Saki\Desktop\3.14.405.1_WildFirE_V1.zip
[2011.12.31 13:01:32 | 002,776,251 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.31 12:45:03 | 091,151,315 | ---- | C] () -- C:\Users\Saki\Desktop\update-cm-7.1.0-Desire-signed.zip
[2011.12.30 21:13:36 | 000,000,146 | ---- | C] () -- C:\Users\Saki\Desktop\Sound - Verknüpfung.lnk
[2011.12.29 23:34:06 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011.12.28 12:38:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.28 12:38:13 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,554,314 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,090,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,656,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,131,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.11.27 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Ashampoo
[2012.01.23 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Babylon
[2012.01.25 00:00:04 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Dropbox
[2011.12.31 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoft
[2011.12.31 00:03:01 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.04.06 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\gtk-2.0
[2011.10.09 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC
[2011.04.27 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.03 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Nitro PDF
[2010.09.28 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\OpenOffice.org
[2011.03.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Opera
[2011.04.06 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Scribus
[2011.05.28 15:13:06 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\ScummVM
[2012.01.24 02:50:51 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.06.12 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Steganos
[2010.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\streamripper
[2011.11.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\TP
[2011.07.05 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Windows Live Writer
[2011.12.28 13:02:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.22 02:32:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.11.04 13:41:57 | 000,000,000 | ---D | M] -- C:\ADB
[2011.12.30 12:33:10 | 000,000,000 | ---D | M] -- C:\b0e0ddd14395ce2604
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.25 16:24:43 | 000,000,000 | ---D | M] -- C:\FRST
[2011.12.02 22:30:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.23 17:17:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.23 17:10:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.22 19:20:47 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.12.29 23:31:06 | 000,000,000 | ---D | M] -- C:\swsetup
[2012.01.25 00:49:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.29 22:58:31 | 000,000,000 | ---D | M] -- C:\system.sav
[2010.09.22 19:20:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.23 17:14:27 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 01:16:25
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Gruß

Larusso · 25.01.2012, 08:15

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:otl
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
:commands
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
Kopiere nun den Inhalt hier in Deinen Thread

Sollte jetzt verschwunden sein.

Larusso · 31.01.2012, 16:44

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

29.12.2011, 01:57	#32
Larusso /// Selecta Jahrusso	Starsear.ch nach Firefox-Plugin download Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt __________________ __________________

30.12.2011, 14:41	#36
Larusso /// Selecta Jahrusso	Starsear.ch nach Firefox-Plugin download Froh das wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen __________________ --> Starsear.ch nach Firefox-Plugin download

Starsear.ch nach Firefox-Plugin download

Plagegeister aller Art und deren Bekämpfung: Starsear.ch nach Firefox-Plugin download