Gema-Trojaner / weißer Bildschirm

bickle · 13.04.2012, 02:15

Hallo

Habe mir heute den berüchtigten Gema-Trojaner eingefangen.
Jetzt bleibt auch im abgesicherten Modus der Bildschirm weiß und der Taskmanager geht nicht mehr. Ich habe nun nach der OTLPE-Anleitung aus http://www.trojaner-board.de/110177-...ngefangen.html ein OTL-Logfile erstellt. Aus den anderen Beiträgen entnehme ich, dass die Bereinigung immer individuell zu lösen ist. Bitte helft mir schnell, brauche mein Gerät dringend zum arbeiten. Vielen herzlichen Dank schon im Voraus!

mfg bickle

kira · 13.04.2012, 06:49

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du oder durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTLPE

Starte die OTLPE
Kopiere folgendes Skript (unverändert inkl. :OTL, also - nach dem "Code", alles was in der Codebox steht -
)):

Code:

ATTFilter

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\KONI_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKU\KONI_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\KONI_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\KONI_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
IE - HKU\UpdatusUser_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin]  File not found
O4 - Startup: D:\Users\KONI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O20:64bit: - HKLM Winlogon: Shell - (C:\Windows\Temp\oddjxs\setup.exe) - D:\Windows\Temp\oddjxs\setup.exe ()
O31 - SafeBoot: AlternateShell - C:\Windows\Temp\oddjxs\setup.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/23 15:09:04 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\Shell\AutoRun\command - "" = G:\start.exe
[2012/04/12 20:19:37 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 20:19:23 | 000,000,935 | ---- | M] () -- D:\Users\KONI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk
[2012/04/12 19:26:51 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-393081721-2415347556-3973794520-1000UA.job
[2012/04/12 15:33:01 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 16:06:00 | 000,001,064 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-393081721-2415347556-3973794520-1000Core.job
@Alternate Data Stream - 1274 bytes -> D:\Users\KONI\AppData\Local:U8vljWkbD4sAen8I0yQKJ0
@Alternate Data Stream - 1270 bytes -> D:\Users\KONI\AppData\Local:xx4Uazme8L4l5jq4O82XqqCY3
@Alternate Data Stream - 1268 bytes -> D:\Users\KONI\AppData\Local:qI1vDTMpDyZPaDsbMeDXa
@Alternate Data Stream - 1044 bytes -> D:\Users\KONI\AppData\Local\Temp:T72pwXVxM3ULNfWZy

:Files
C:\Windows\Temp\oddjxs\setup.exe
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Run Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Boote neu und schaue nach, ob Du schon im normalen Modus arbeiten kannst?
wenn ja, so geht es weiter:

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
Systemscan mit OTL - nicht mehr das OTLPE starten!

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

bickle · 13.04.2012, 11:06

Hey Kira

Danke für die schnelle Hilfe. ich arbeite jetzt deine Liste ab und melde mich dann wieder. Vielen, vielen Dank - Toll, dass ihr so einen Service anbietet

Schritt 2.
File nach OTL-Fix:

04132012_162337.txt

Code:

ATTFilter

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\KONI_ON_D\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\KONI_ON_D\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\KONI_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\KONI_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File D:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
File HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
File HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) not found.
HKU\UpdatusUser_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry key HKEY_USERS\LocalService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\UpdatusUser_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
D:\Users\KONI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\Temp\oddjxs\setup.exe deleted successfully.
D:\Windows\Temp\oddjxs\setup.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cf6798b-2899-11e0-bfde-c80aa9bf30c2}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b6954f-9ca4-11e0-8352-c80aa9bf30c2}\ not found.
File G:\start.exe not found.
D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File D:\Users\KONI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.exe.lnk not found.
D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393081721-2415347556-3973794520-1000UA.job moved successfully.
D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
D:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-393081721-2415347556-3973794520-1000Core.job moved successfully.
ADS D:\Users\KONI\AppData\Local:U8vljWkbD4sAen8I0yQKJ0 deleted successfully.
ADS D:\Users\KONI\AppData\Local:xx4Uazme8L4l5jq4O82XqqCY3 deleted successfully.
ADS D:\Users\KONI\AppData\Local:qI1vDTMpDyZPaDsbMeDXa deleted successfully.
ADS D:\Users\KONI\AppData\Local\Temp:T72pwXVxM3ULNfWZy deleted successfully.
========== FILES ==========
File\Folder C:\Windows\Temp\oddjxs\setup.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
D:\cmd.bat deleted successfully.
D:\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\"AlternateShell"|"cmd.exe" /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
 
User: KONI
->Temp folder emptied: 6898467052 bytes
->Temporary Internet Files folder emptied: 20227820 bytes
->Java cache emptied: 3684292 bytes
->Google Chrome cache emptied: 224259186 bytes
->Flash cache emptied: 229802 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123259332 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
 
Total Files Cleaned = 6,933.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04132012_162337

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...

So, kann jetzt im Normalen Modus arbeiten. Allerdings zeigt mein Sophos gerade noch einen Virus/Spyware'Mal/Generic-L an. Hängt das mit dem Gema-Trojaner zusammen, oder ist das ein weiterer Parasit??

3.
Log-Datei Malwarebytes Anti-Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.13.02

Windows 7 x64 FAT
Internet Explorer 9.0.8112.16421
KONI :: KONI-PC [Administrator]

Schutz: Aktiviert

13.04.2012 17:55:10
mbam-log-2012-04-13 (19-45-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 550937
Laufzeit: 1 Stunde(n), 46 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\KONI\Downloads\SoftonicDownloader_for_isobuddy.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\KONI\Downloads\SoftonicDownloader_fuer_izarc.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\KONI\Downloads\SoftonicDownloader_fuer_oovoo.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

4.
OTL.txt

Code:

ATTFilter

OTL logfile created on: 13.04.2012 19:50:23 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\KONI\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 63,90% Memory free
7,60 Gb Paging File | 6,16 Gb Available in Paging File | 81,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 12,69 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
Drive D: | 269,37 Gb Total Space | 1,04 Gb Free Space | 0,38% Space Free | Partition Type: NTFS
Drive I: | 1,97 Gb Total Space | 1,66 Gb Free Space | 84,57% Space Free | Partition Type: FAT
 
Computer Name: KONI-PC | User Name: KONI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.13 12:17:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\KONI\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.08 21:11:27 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.02.18 19:01:04 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011.02.18 19:01:02 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011.02.18 19:00:22 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.02.18 19:00:12 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010.07.20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
PRC - [2010.04.07 05:23:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\mi-raysat_3dsMax2008_32.dll -- (autostore)
SRV - [2012.04.12 00:18:59 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.30 17:35:36 | 000,151,064 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2012.03.08 21:11:27 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.09.23 21:23:49 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.02.18 19:01:04 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011.02.18 19:00:22 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.02.18 19:00:12 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.10.08 15:08:42 | 000,149,504 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010.07.20 17:54:04 | 000,205,312 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE -- (M4LIC)
SRV - [2010.04.07 05:23:00 | 001,800,808 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.20 10:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.15 21:59:44 | 000,907,264 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009.09.15 21:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.06.22 09:58:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.02.18 19:00:50 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.02.18 19:00:37 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011.02.18 19:00:10 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2010.10.21 17:00:02 | 000,032,424 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV:64bit: - [2010.10.07 16:39:18 | 000,307,888 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.05.12 15:42:50 | 000,070,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CBDisk.sys -- (CBDisk)
DRV:64bit: - [2010.03.10 12:23:48 | 000,300,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.02.24 21:31:42 | 000,215,040 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.02.11 01:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.15 18:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010.01.08 13:51:40 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.14 12:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.12.01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.12.01 01:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.10.19 00:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.10.03 07:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.15 21:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009.08.29 04:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.29 04:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.16 14:14:14 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.08 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.08.06 12:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 50 CB 43 4C B6 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KONI\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.10.25 19:31:28 | 000,000,000 | ---D | M]
 
[2010.10.25 19:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KONI\AppData\Roaming\mozilla\Extensions
[2010.10.25 19:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KONI\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010.10.23 19:55:04 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\KONI\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\KONI\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\KONI\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.3_0\.orig
CHR - Extension: AdBlock = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.27_0\
CHR - Extension: Facemoods = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: Skype Click to Call = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\KONI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
Hosts file not found
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA528A2-CB3D-4231-A57F-B00149382A27}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A655850-CB51-449D-A34D-6E8B13D07592}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAFB5848-5A4F-465E-B408-04FCA2526F35}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.23 21:09:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.13 22:23:41 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.04.13 22:23:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.13 17:50:49 | 000,000,000 | ---D | C] -- C:\Users\KONI\AppData\Roaming\Malwarebytes
[2012.04.13 17:50:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.13 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.13 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.13 17:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.12 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\KONI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.04.12 09:27:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.12 09:27:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.12 09:27:54 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.12 09:27:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.12 09:27:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.12 09:27:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.12 09:27:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.12 09:27:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.12 09:27:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.12 09:27:53 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.12 09:27:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.12 09:20:15 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.12 09:20:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.12 09:20:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.12 00:18:59 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.12 00:18:59 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.12 00:18:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.12 00:17:14 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012.04.02 16:46:20 | 004,169,728 | R--- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2012.04.02 16:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Final Draft
[2012.04.02 16:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Draft 8
[2012.04.02 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.03.26 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\KONI\AppData\Roaming\ooVoo Details
[2012.03.26 22:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2012.03.26 22:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.13 19:54:54 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 19:54:54 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.13 19:49:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.13 19:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.13 19:47:17 | 3061,125,120 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.13 17:51:41 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.13 17:51:41 | 000,645,740 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.13 17:51:41 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.13 17:51:41 | 000,127,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.13 17:51:41 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.13 17:50:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.12 21:44:19 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012.04.12 21:35:25 | 000,000,749 | ---- | M] () -- C:\setup.exe.lnk
[2012.04.12 00:18:59 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.12 00:18:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.08 14:02:14 | 004,989,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.13 17:50:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.12 21:35:25 | 000,000,749 | ---- | C] () -- C:\setup.exe.lnk
[2012.04.12 00:19:00 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.12 00:18:25 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012.04.02 16:46:01 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Draft 8.lnk
[2012.01.11 17:48:22 | 000,000,000 | ---- | C] () -- C:\Users\KONI\AppData\Local\{F528A27D-39AC-4097-90F6-6BEC98FA9160}
[2011.07.15 19:27:24 | 000,000,132 | ---- | C] () -- C:\Users\KONI\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.01.07 22:39:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.15 23:40:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.15 23:40:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.11.15 23:40:09 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.15 23:40:09 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.15 23:40:09 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.23 14:56:47 | 000,001,305 | ---- | C] () -- C:\Windows\vm331Rmv.ini
[2010.10.23 14:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.23 14:14:37 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
 
========== LOP Check ==========
 
[2011.06.25 13:45:54 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\.purple
[2011.09.23 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\Autodesk
[2010.11.15 10:20:04 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\Canneverbe Limited
[2011.07.03 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.22 10:09:12 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\DAEMON Tools Lite
[2012.04.08 16:37:27 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\Dropbox
[2010.10.25 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\Greyfirst
[2010.12.20 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\Gutscheinmieze
[2011.01.19 03:48:59 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\MAXON
[2012.03.26 22:14:23 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\ooVoo Details
[2010.11.12 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\OpenOffice.org
[2010.12.05 14:54:13 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\PACE Anti-Piracy
[2010.12.05 14:57:07 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.12.16 02:25:04 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\TeamViewer
[2012.04.12 16:37:37 | 000,000,000 | ---D | M] -- C:\Users\KONI\AppData\Roaming\TIPP10
[2012.03.27 12:15:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 13.04.2012 19:50:23 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\KONI\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 63,90% Memory free
7,60 Gb Paging File | 6,16 Gb Available in Paging File | 81,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 12,69 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
Drive D: | 269,37 Gb Total Space | 1,04 Gb Free Space | 0,38% Space Free | Partition Type: NTFS
Drive I: | 1,97 Gb Total Space | 1,66 Gb Free Space | 84,57% Space Free | Partition Type: FAT
 
Computer Name: KONI-PC | User Name: KONI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{954AB6B3-B4B4-43C0-9355-DE8A888446D4}" = MacDrive 8
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"26DF6674D7C1C08AE6A9F0AB0F04558F369FF15F" = Windows Driver Package - Broadcom Bluetooth  (12/01/2009 6.2.0.9411)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows-Treiberpaket - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"B540836D57069F83653778772EE56C5408F1B192" = Windows-Treiberpaket - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)
"MAXONB6EC381C" = CINEMA 4D 11.514
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{146EF662-0071-4EF5-A1FC-3143C56B7FF1}" = Sid Meier's Civilization Chronicles
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_Access_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_Access_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_Access_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_Access_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_Access_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_Access_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_Access_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FECD0210-722B-4D1E-A5F2-7253D2EAA9B4}" = Mobile Mouse Server
"Access" = Microsoft Office Access 2007
"Adobe AIR" = Adobe AIR
"Celtx (2.7)" = Celtx (2.7)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Desperados 1.0" = Desperados 1.0
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"facemoods" = facemoods
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"NVIDIA.Updatus" = NVIDIA Updatus
"Pidgin" = Pidgin
"TeamViewer 6" = TeamViewer 6
"TIPP10_is1" = TIPP10 Version 2.1.0
"VideoMach" = VideoMach
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.04.2012 07:34:11 | Computer Name = KONI-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 12.04.2012 11:25:58 | Computer Name = KONI-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.04.2012 11:27:27 | Computer Name = KONI-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.04.2012 11:27:39 | Computer Name = KONI-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.04.2012 11:27:44 | Computer Name = KONI-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.04.2012 11:28:47 | Computer Name = KONI-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 12.04.2012 13:17:01 | Computer Name = KONI-PC | Source = Sophos Anti-Virus | ID = 2424870
Description = Virus/Spyware 'Mal/Generic-L' konnte nicht entfernt werden. Es traten
 Fehler auf.
 
Error - 12.04.2012 13:17:13 | Computer Name = KONI-PC | Source = Sophos Anti-Virus | ID = 2424870
Description = Virus/Spyware 'Mal/Generic-L' konnte nicht entfernt werden. Es traten
 Fehler auf.
 
Error - 12.04.2012 13:38:03 | Computer Name = KONI-PC | Source = Sophos Anti-Virus | ID = 2424870
Description = Virus/Spyware 'Mal/Generic-L' konnte nicht entfernt werden. Es traten
 Fehler auf.
 
Error - 12.04.2012 13:40:52 | Computer Name = KONI-PC | Source = Sophos Anti-Virus | ID = 2424870
Description = Virus/Spyware 'Mal/Generic-L' konnte nicht entfernt werden. Es traten
 Fehler auf.
 
[ System Events ]
Error - 13.04.2012 12:23:17 | Computer Name = KONI-PC | Source = SAVOnAccess | ID = 3997781
Description =   Der Scan von Datei [...\Device\HarddiskVolume2\Windows\assembly\temp\@]
 wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert.
 Prozess svchost.exe, (Überprüfung des Zeitstempels [ 1cd19912c500543]).  
 
Error - 13.04.2012 12:23:17 | Computer Name = KONI-PC | Source = SAVOnAccess | ID = 3997781
Description =   Der Scan von Datei [...\Device\HarddiskVolume2\Users\Public\Libraries\desktop.ini]
 wurde nach einer Zeitüberschreitung/Auslastung durchgeführt. Sie wird protokolliert.
 Prozess wmpnetwk.exe, (Überprüfung des Zeitstempels [ 1cd1991bbe5c68a]).  
 
Error - 13.04.2012 13:47:45 | Computer Name = KONI-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 13.04.2012 13:47:45 | Computer Name = KONI-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 13.04.2012 13:47:47 | Computer Name = KONI-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 13.04.2012 13:47:50 | Computer Name = KONI-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 13.04.2012 13:47:52 | Computer Name = KONI-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 13.04.2012 13:47:56 | Computer Name = KONI-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 13.04.2012 13:47:56 | Computer Name = KONI-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 13.04.2012 13:48:20 | Computer Name = KONI-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >

5.
Installierte Programme

install.txt

Code:

ATTFilter

Adobe AIR	Adobe Systems Inc.	30.10.2010		2.5.0.16600
Adobe Community Help	Adobe Systems Incorporated	24.10.2010		3.0.0.400
Adobe Creative Suite 5 Master Collection	Adobe Systems Incorporated	24.10.2010	1.217MB	5.0
Adobe Digital Editions		20.11.2011		
Adobe Flash Player 10 Plugin	Adobe Systems, Inc.	24.10.2010	2,39MB	10.1.52.14
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	11.04.2012	6,00MB	11.2.202.228
Adobe Media Player	Adobe Systems Incorporated	24.10.2010		1.8
Adobe Reader 9.4.1 - Deutsch	Adobe Systems Incorporated	21.11.2010	245MB	9.4.1
ALPS Touch Pad Driver	Alps Electric	22.10.2010		Version 7.102.1611.201
Apple Application Support	Apple Inc.	30.10.2011	61,2MB	2.1.5
Apple Mobile Device Support	Apple Inc.	30.10.2011	24,4MB	4.0.0.96
Apple Software Update	Apple Inc.	21.08.2011	2,38MB	2.1.3.127
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	22.10.2010		1.0.0.26
Autodesk Backburner 2012.0.0	Autodesk, Inc.	22.09.2011	13,0MB	2012.0.0
Autodesk DirectConnect 2012 64-bit	Autodesk	22.09.2011		6.0.443.0
Autodesk MatchMover 2012 64-bit	Autodesk	22.09.2011	125,9MB	14.00.0000
Autodesk Maya 2012 64-bit	Autodesk	22.09.2011		14.0.0.0
Bonjour	Apple Inc.	30.10.2011	2,00MB	3.0.0.10
Broadcom 802.11 Wireless Driver		22.10.2010		1.0.0.0
CCleaner	Piriform	12.04.2012		3.17
CDBurnerXP	CDBurnerXP	14.11.2010	16,5MB	4.3.7.2423
Celtx (2.7)	Greyfirst	22.10.2010		2.7 (en-US)
CINEMA 4D 11.514	MAXON Computer GmbH	18.01.2011	3.477MB	11.514
Composite 2012 64-bit	Autodesk	22.09.2011	387MB	7.0.0
DAEMON Tools Lite	DT Soft Ltd	21.06.2011		4.40.2.0131
Desperados 1.0		28.08.2011		
DivX-Setup	DivX, Inc. 	25.10.2010		2.1.2.2
Dropbox	Dropbox, Inc.	24.02.2012		1.2.52
DVD Shrink 3.2	DVD Shrink	18.11.2010		
Energy Management	Lenovo	22.10.2010		5.4.2.0
facemoods		18.01.2011		
Final Draft	Final Draft, Inc.	01.04.2012	44,3MB	8.0.3.120
Free WMA to MP3 Converter 1.16	Jodix Technologies Ltd.	22.04.2011		
Google Chrome	Google Inc.	22.10.2010		18.0.1025.152
Google Earth	Google	18.11.2011	92,7MB	6.1.0.5001
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	23.10.2010		8.15.10.2092
Intel® PROSet/Wireless WiMAX Software	Intel Corporation	22.10.2010	13,5MB	2.00.0011
iTunes	Apple Inc.	30.10.2011	169,5MB	10.5.0.142
IZArc 4.1.6	Ivan Zahariev	13.09.2011	13,4MB	4.1.6
Java(TM) 6 Update 30	Sun Microsystems, Inc.	28.10.2010	97,2MB	6.0.300
JDownloader	AppWork UG (haftungsbeschränkt)	18.01.2011		
K-Lite Mega Codec Pack 6.5.0		14.11.2010	44,3MB	6.5.0
Lenovo Bluetooth with Enhanced Data Rate Software	Broadcom Corporation	22.10.2010	144,4MB	6.2.1.900
Lenovo EasyCamera	Vimicro	22.10.2010		2.10.0223.1
Lenovo EasyCamera	Lenovo EasyCamera	22.10.2010		6.96.2018.02
Lenovo MuteSync	Lenovo	22.10.2010	0,38MB	1.0.0.2
Lenovo OneKey Recovery	CyberLink Corp.	22.10.2010		7.0.1230
Lenovo_Wireless_Driver	Lenovo	22.10.2010		1.02.01
Logitech Touch Mouse Server 1.0	Logitech Inc.	15.12.2010		1.0
MacDrive 8	Mediafour Corporation	31.01.2011	10,5MB	8.0.7.38
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	12.04.2012	18,0MB	1.61.0.1400
Microsoft Office Access 2007	Microsoft Corporation	29.02.2012		12.0.6612.1000
Microsoft Silverlight	Microsoft Corporation	29.02.2012	22,6MB	5.0.61118.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	30.10.2010	0,24MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	22.09.2011	0,60MB	8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	30.10.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	12.05.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	28.10.2010	2,52MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	22.09.2011	0,23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	18.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	22.09.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	24.09.2011	0,59MB	9.0.30729.6161
Mobile Mouse Server	RPA Tech, Inc	15.12.2010	1,08MB	2.0.3.3
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	24.10.2010	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.10.2010	1,33MB	4.20.9876.0
NVIDIA Drivers	NVIDIA Corporation	22.10.2010	63,0MB	1.10.59.37
NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit	NVIDIA Corporation	22.09.2011	152,9MB	2.60.0216.1828
OneKey Recovery	CyberLink Corp.	23.10.2010		7.0.1230
Onekey Theater	Lenovo	22.10.2010		2.0.1.7
ooVoo	ooVoo LLC.	25.03.2012	23,6MB	3.0.7040
OpenOffice.org 3.2	OpenOffice.org	28.10.2010	380MB	3.2.9502
Pidgin		24.06.2011		2.9.0
QuickTime	Apple Inc.	30.10.2011	73,3MB	7.71.80.42
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	22.10.2010		6.0.1.6057
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	22.10.2010		6.1.7100.30098
Sid Meier's Civilization Chronicles	Firaxis Games	03.07.2011		1.00
Skype Click to Call	Skype Technologies S.A.	29.10.2011	9,96MB	5.6.8442
Skype™ 5.5	Skype Technologies S.A.	29.10.2011	17,0MB	5.5.124
Sophos Anti-Virus	Sophos Plc	04.04.2012	22,6MB	9.5.6
Sophos AutoUpdate	Sophos Plc	02.12.2011	10,4MB	2.5.7
Sophos Virus Removal Tool	Sophos Limited	11.04.2012	84,4MB	2.0
TeamViewer 6	TeamViewer GmbH	15.12.2010		6.0.9947
TIPP10 Version 2.1.0	(c) 2006-2011, Tom Thielicke IT Solutions	11.07.2011		
VideoMach		22.11.2010		
VirtualCloneDrive	Elaborate Bytes	22.10.2010		
VLC media player 1.1.4	VideoLAN	23.10.2010		1.1.4
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)	Broadcom	22.10.2010		07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (12/01/2009 6.2.0.9411)	Broadcom	22.10.2010		12/01/2009 6.2.0.9411
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	22.10.2010		07/28/2009 6.2.0.9800
Windows XP Mode	Microsoft Corporation	29.08.2011	1.161MB	1.3.7600.16422
Windows-Treiberpaket - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)	Intel	22.10.2010		09/15/2009 13.0.0.107
Windows-Treiberpaket - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)	Intel	22.10.2010		09/15/2009 13.0.0.107
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)	Lenovo	22.10.2010		10/19/2009 5.4.0.1
YouTube Downloader 3.3	BienneSoft	02.09.2011

Hallo Kira,
ich habe jetzt alles gemacht, was Du mir geschrieben hast.
Allerdings befinden sich in meiner Sophos-Quarantäne noch drei weitere Bedrohungen, die sich nicht bereinigen lassen:

1. Troj/ZAccess-L - C:\Windows\System32\consrv.dll
2. Mal/Sirefef-AA - C:\Windows\assembly\GAC_32\Desktop.ini
3. Mal/Generic-L - C:\Windows\assembly\temp\U\0000002.$

Kannst Du mir sagen, was es damit auf sich hat und evtl. nochmals weiterhelfen??

Gruß bickle

Gema-Trojaner / weißer Bildschirm

Log-Analyse und Auswertung: Gema-Trojaner / weißer Bildschirm