Windows-Verschlüsselungs Trojaner bei Netbook mit Win7Starter

EviK1122 · 18.05.2012, 09:14

Hallo liebes Forum,
durch Öffnen einer Email (Zahlungsaufforderung mit mehreren tausend EUR!) bzw dessen Mailanhang wurde gestern ein Trojaner auf unser Netbook geladen. Die Meldung nach Starten des Netbook lautet wie folgt:

"Sie haben sich mit einem Windows-Verschlüsselungs Trojaner infiziert.

Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. Das Besuchen von Seiten mit pornografischen und infizierten Inhalten hat dazu geführt, das Ihr System von einem Computerverschlüsselungstrojaner befallen wurde. Dieses Virus verschlüsselt Ihre Festplatte mit einem 256 Bit AES Schlüssel und eine selbstständige Entschlüsselung ist nicht mehr machbar.

Um das System wiederherstellen zu können, müssen Sie ein zusätzliches Sicherheitupdate herunterladen. Diese Update ist ein kostenpflichtiges Upgrade für infizierte Windowssysteme. Kostenpflichtig ist es, weil es nicht zum ursprünglichen Windowspaket gehört und nur dafür entwickelt wurde um Ihnen zu helfen ihre Daten nicht zu verlieren. Bitte schalten Sie den Computer nicht aus, sonst kann es vorkommen das der Virus nicht beseitigt werden kann und Sie ihre Daten komplett verlieren. Dieses Update beschützt ihr System vollständig von Virus und Schadprogrammen stabilisiert ihr Computersystem und verhindert den Datenverlust.

Damit ihr Computer schnellstens entsperrt wird, nutzen Sie bitte die schnelle und diskrete Zahlungsmöglichkeit durch Paysafecard oder Ukash. Diese Karten können Sie an fast jeder Tankstelle oder einem Kiosk in Ihrer Nähe kaufen. Diese Codes gibts auch überall da, wo Sie Handyaufladekarten erwerben können. Sofort nach der Eingabe und der Gültigkeitsprüfung wird das Update auf Ihren Computer automatisch heruntergeladen und installiert. Ihr System wird sofort entschlüsselt und von dem Trojaner befreit.
..."
100 EURO Paysafecard Code bzw Ukash werden verlangt.

Auf dem Netbook ist Windows7Starter installiert. Das Netbook hat kein CD-Laufwerk oder -Brenner.
Der Startbildschirm ist noch unverändert mit dem Hinweis und den Eingabefeldern des Paysafecard/-bzw Ukash Codes.
Ich habe noch keine Versuche gemacht das Netbook im abgesicherten Modus o.ä. zu starten...

Da auch schon andere ähnliche Beiträge zu diesem Thema verfasst sind und ich auch nicht wirklich ein PC-Held bin, ist meine Frage und Bitte: Könnt ihr mir auch beim Netbook helfen den Trojaner wieder los zu werden?

Ich möchte nicht einfach einen bereits geposteten Lösungsvorschlag durchgehen ohne von euch ein passendes OK dazu.. vermutlich ist eh jedes Problem doch wieder irgendwie anders (?).

Weiss mir hier jemand von Euch Rat?
Vielen Dank vorab!!!

EviK1122

kira · 19.05.2012, 11:14

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Grundsätzlich muss ein infiziertes System als kompromittiert gelten, und man kann nie ganz sicher sein, dass man alle Folgen der Infektion beseitigen konnte. -> Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest:

Berichte mir bitte genau, was Du am PC (im betroffenen Benutzerkonto) machen kannst? - erwarte von Dir natürlich eine sehr genaue und kurze Schilderung:

1. Windows starten u. Befehle ausführen im normalen Modus?
2. Windows starten u. Befehle ausführen im abgesicherten Modus?:-> Drücke beim Hochfahren des Rechners [F8] solange, bis du eine auswahlmöglichkeit hast:
- wähle hier: "Abgesicherter Modus"
3. ins Internet gehen über "Abgesicherter Modus mit Netzwerktreibern"? - z.B Programme herunterladen?
Drücke beim Hochfahren des rechners [F8] solange, bis du eine auswahlmöglichkeit hast:

- Abgesicherter Modus
- Abgesicherter Modus mit Netzwerktreibern
- Abgesicherter Modus mit Eingabeaufforderung

4.
► noch ein Tipp, ist einen Versuch wert (wenn z.B ein zweiter Rechner nicht zur Verfügung steht):
kannst Du:
-> im abgesicherten Modus [F8] ein neue Benutzerkonten anlegen und von dort versuchen ins Internet gehen?
♦ PC neu starten
♦ Drücke bevor das Windows-Logo erscheint, mehrmals die F8-Taste.
♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus.
-> Benutzerkonten in Windows XP
-> Benutzerkonten in Windows Vista
-> Erstellen eines Benutzerkontos/Wien 7
-> Kann ich auch bei Windows 7 mehrere Benutzerkonten haben?

gruß
kira

EviK1122 · 21.05.2012, 10:05

Hallo Kira,
vielen Dank für die Antwort.

Win starten u Befehle ausführen im normalen Modus: nicht möglich da sofort das Verschlüsselungsfenster beim Hochfahren kommt.
Win starten u Befehle ausführen im abgesicherten Modus: möglich
Win starten im abges.Modus mit Netzwerktreibern: möglich

Da ein zweiter Rechner vorhanden ist, habe ich auch bereits Malwarebytes und OTL.exe heruntergeladen und mittels USB Stick beim betroffenen PC aufgespielt.
Der Scan durch Malwarebytes erbrachte 7 infizierte Objekte, diese habe ich auch geslöscht. Nach Neustart konnte Win normal gestartet werden. Dann Malwarebytes Update durchgeführt und erneut gescannt, keine neuen Befunde.Logfile beigefügt.

Desweiteren ist mir eben aufgefallen, dass das erste erstellte Logfile nach 1. Scan gar nicht auf dem USB Stick abgespeichert wurde. Wenn ich nun die Datei auf Malwarebytes erneut aufrufe, hier ist sie nämlich noch vorhanden, dann ist sie unleserlich. Siehe Anlage. Was ist denn hier passiert?? Die 7 gefundenen Trojaner sind im QuarantäneOrdner , kann ich diese löschen? Bitte kurze Info hierzu ,danke.

Der Scan mit OTL.exe läuft gerade.
Ergebnis:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/21/2012 10:38:03 AM - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.02% Memory free
3.98 Gb Paging File | 2.74 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.68 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.68 Gb Free Space | 3.38% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.10% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
PRC - C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\plugins\nps.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
MOD - C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll ()
MOD - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WUSBResource.dll ()
MOD - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\CompInfo.dll ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (CableAssociation) -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120520.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120520.009\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys (Symantec Corporation)
DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys (Symantec Corporation)
DRV - (C2xxUSB) -- C:\Windows\System32\drivers\C2xxUSB73.sys (Samsung Electronics)
DRV - (C2XXCOM) -- C:\Windows\System32\drivers\C2XXCOM73.sys (Samsung Electronics)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (C2xxUsbStorage) -- C:\Windows\System32\drivers\C2xSTR73.sys (Samsung Electronics)
DRV - (dlkmd) -- C:\Windows\System32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\System32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (HWARadio) -- C:\Windows\System32\drivers\WSR_RCI.SYS ()
DRV - (DWA) -- C:\Windows\System32\drivers\WSR_DWA.SYS ()
DRV - (hwa) -- C:\Windows\System32\drivers\WSR_HWA.SYS ()
DRV - (WSR_USF) -- C:\Windows\System32\drivers\WSR_USF.sys ()
DRV - (DLCopyFilter) -- C:\Windows\System32\drivers\WSR_TBF.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A7928C5-E509-4FC9-A420-E340E4393AD5}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/21 19:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/21 10:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/15 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/29 11:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/15 22:18:47 | 000,000,000 | ---D | M]
 
[2011/08/28 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012/05/02 09:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions
[2012/05/08 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/08 10:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 15:39:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/14 08:32:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/18 00:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/18 00:13:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/18 00:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/18 00:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/11/15 20:51:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/03/18 00:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/18 00:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A5D70D-C503-4027-965C-836222D5C93F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell\AutoRun\command - "" = E:\AutoInstaller.exe
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/21 10:36:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/20 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012/05/20 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 17:19:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/17 23:34:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Ymwpzlf
[2012/05/11 19:09:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 10:18:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 10:18:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 10:18:31 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 10:17:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/09 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/09 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/08 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/08 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\Oliver Feeß\AppData\Roaming\Skype
[2012/05/08 10:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/08 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/08 10:05:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/08 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/21 10:26:00 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/21 10:26:00 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/21 10:25:59 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/21 10:25:59 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/21 10:10:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 10:10:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 10:01:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/21 10:01:44 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 17:19:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/11 20:18:43 | 000,351,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 17:28:46 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 20:34:43 | 265,407,707 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/08 10:05:04 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/04 17:59:22 | 000,094,667 | ---- | M] () -- C:\Users\*\Desktop\notfall_angaben.pdf
[2012/05/02 09:53:48 | 000,019,137 | ---- | M] () -- C:\Users\*\Desktop\Ausgaben Haushalt 2012 Monat 02u03.ods
[2012/04/29 11:25:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/20 17:19:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/04 17:59:22 | 000,094,667 | ---- | C] () -- C:\Users\*\Desktop\notfall_angaben.pdf
[2012/04/22 10:35:55 | 001,530,229 | ---- | C] () -- C:\Users\*\Desktop\IMG_3404.JPG
[2011/11/08 23:19:22 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2011/04/21 19:30:03 | 000,001,940 | ---- | C] () -- C:\Users\*\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 22:43:19 | 000,015,360 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2010/09/19 12:52:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/09/19 12:52:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/09/19 12:52:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/09/19 12:52:24 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/07 13:35:30 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/07 13:08:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

< End of report >

--- --- ---

und Datei Extras.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/21/2012 10:38:03 AM - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.02% Memory free
3.98 Gb Paging File | 2.74 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.68 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.68 Gb Free Space | 3.38% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.10% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E425D33-0956-4EB6-AC50-FF236EF05767}" = lport=139 | protocol=6 | dir=in | app=system | 
"{290B67A1-0691-4C20-B1B1-B314FB5785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{473F3CB6-ED73-4903-A749-B9069E4C58E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A0EB61C-0F77-4630-883D-EC7E8A585C54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F296B59-D1D2-47BC-ACC1-4FE87B34C9FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC4DAA0A-E7AC-4479-95B7-3E35F834C566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADE05382-2A52-4B81-8712-EBBEE8213CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C5CF888F-3309-47F4-98A7-56295854E910}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7ABA5A1-2E2E-4171-AE2D-9D49FA2693CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EA3288AA-8A50-4571-ACA6-BD4670625626}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ED714B9D-528A-4F6F-A936-AFDAF864A5B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1FC3DC8-1D38-40E6-A834-78199D349920}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2CA26EE-878D-472A-996A-4B5C4C2D9724}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FEE0EB4E-77C4-4B3C-B5AA-4B26EC5A7184}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F699A7-221D-425B-BF75-2475CEFB827D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{15A124B7-D701-4173-9AB1-B29F0CD4C378}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{17D9C80F-C955-4531-8F32-045A073AD144}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25639F02-A936-4E91-A365-5DC39F5AB6DC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{393BD412-E8D1-4F68-8234-C4CB9BC25FC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FB7A23A-A380-4E0A-BBBE-72F12FE309DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63BA7410-30D9-4BF1-98DE-C5A45B320250}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6BF6F79B-4C5F-4858-A879-95138952E68E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{803A19FB-7650-441F-8CB7-5DC77BA1324E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96734967-E3A9-4B57-9985-FBFB5A8ABD57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A5B4F268-4914-4B58-BC74-06192D261CFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A72B7596-2AFD-480D-8C7F-FBE1367987A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3CE8302-E5FC-4D1F-986C-1CE6FF5F8577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D3C96C86-045E-4F1A-BBEF-050B23DC8E11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E27F6AC6-AFF4-422D-8080-AB651399EB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E5138A0E-E03F-4A9E-B1A1-180C1F1EB1A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EAF2D55D-C75B-4580-816D-AF45BADCADD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{ED651F4F-7447-4A15-8464-C9195FAD842A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F3774624-65A2-4241-A8F2-A1F10F587B80}" = dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software  1.10.27.1
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D02505DA-696D-4114-84F7-72A468A074B9}" = devolo Vianect AIR TV
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3F95061-0427-4386-AB03-1556CBE52927}" = Samsung Connection Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F10613-0F49-4001-AC23-B6F5163F838D}" = DisplayLink Core Software
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"SpeedSim" = SpeedSim
"ST6UNST #1" = WinProvex-Adressbuch 5.10
"ST6UNST #2" = WinProvex-Terminplaner 5.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/14/2011 8:26:39 AM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x63ec46f8
ID
 des fehlerhaften Prozesses: 0x1350  Startzeit der fehlerhaften Anwendung: 0x01cc8a6c6efea75f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: c39623c0-f65f-11e0-b681-506313bbe583
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 10/17/2011 2:40:52 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:42:31 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:50 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:51 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:50:35 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:51:54 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2011 2:18:09 PM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x668246f8
ID
 des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cc8e8b4efcd37f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: b24c3a4c-fa7e-11e0-a38d-506313bbe583
 
[ System Events ]
Error - 5/20/2012 12:20:33 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:33 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:33 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:59 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:59 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:59 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:47:01 PM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/21/2012 4:02:27 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/21/2012 4:03:16 AM | Computer Name = * | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.115
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 5/21/2012 4:11:20 AM | Computer Name = * | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

Gruß,
EviK1122

kira · 21.05.2012, 21:08

Zitat:

Zitat von EviK1122

Die 7 gefundenen Trojaner sind im QuarantäneOrdner , kann ich diese löschen?

Ja, kannst die Funde löschen

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A7928C5-E509-4FC9-A420-E340E4393AD5}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[2012/03/18 00:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/18 00:13:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/18 00:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/18 00:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/18 00:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell\AutoRun\command - "" = E:\AutoInstaller.exe
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell\AutoRun\command - "" = E:\Startme.exe

:Files
C:\Users\*\AppData\Roaming\Ymwpzlf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

EviK1122 · 22.05.2012, 15:35

Hallo,

zu Punkt 1:
Logfile GMER:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-22 11:50:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AC1
Running: 4hkvjgti.exe; Driver: C:\Users\*\AppData\Local\Temp\kflyyaog.sys


---- System - GMER 1.0.15 ----

SSDT            860A1800                                                                                         ZwAlertResumeThread
SSDT            860C6168                                                                                         ZwAlertThread
SSDT            86140CB8                                                                                         ZwAllocateVirtualMemory
SSDT            860B2A70                                                                                         ZwAlpcConnectPort
SSDT            860C6988                                                                                         ZwAssignProcessToJobObject
SSDT            8612FC60                                                                                         ZwCreateMutant
SSDT            860D7F18                                                                                         ZwCreateSymbolicLinkObject
SSDT            860D7348                                                                                         ZwCreateThread
SSDT            860C67E0                                                                                         ZwCreateThreadEx
SSDT            86131F90                                                                                         ZwDebugActiveProcess
SSDT            860D7090                                                                                         ZwDuplicateObject
SSDT            8613FDC8                                                                                         ZwFreeVirtualMemory
SSDT            860C6588                                                                                         ZwImpersonateAnonymousToken
SSDT            860AFB28                                                                                         ZwImpersonateThread
SSDT            85F4E048                                                                                         ZwLoadDriver
SSDT            84F52FB0                                                                                         ZwMapViewOfSection
SSDT            8612FBE0                                                                                         ZwOpenEvent
SSDT            860D7230                                                                                         ZwOpenProcess
SSDT            86140D88                                                                                         ZwOpenProcessToken
SSDT            860B1E48                                                                                         ZwOpenSection
SSDT            860D7160                                                                                         ZwOpenThread
SSDT            860C6898                                                                                         ZwProtectVirtualMemory
SSDT            860C62D8                                                                                         ZwResumeThread
SSDT            84F521D8                                                                                         ZwSetContextThread
SSDT            84F52008                                                                                         ZwSetInformationProcess
SSDT            860B1D40                                                                                         ZwSetSystemInformation
SSDT            860B1F08                                                                                         ZwSuspendProcess
SSDT            860C63B8                                                                                         ZwSuspendThread
SSDT            860D7548                                                                                         ZwTerminateProcess
SSDT            84F52088                                                                                         ZwTerminateThread
SSDT            860A17B0                                                                                         ZwUnmapViewOfSection
SSDT            86140AA8                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         820573C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82090D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                              82097D90 8 Bytes  [00, 18, 0A, 86, 68, 61, 0C, ...] {ADD [EAX], BL; OR AL, [ESI-0x79f39e98]}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                              82097DA8 4 Bytes  [B8, 0C, 14, 86]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              82097DB4 4 Bytes  [70, 2A, 0B, 86]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                              82097E08 4 Bytes  [88, 69, 0C, 86]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                              82097E84 4 Bytes  [60, FC, 12, 86]
.text           ...                                                                                              
.text           autochk.exe                                                                                      003011D1 3 Bytes  [E2, 98, 47] {LOOP 0xffffffffffffff9a; INC EDI}
.text           autochk.exe                                                                                      003011D7 2 Bytes  [88, 5C]
.text           autochk.exe                                                                                      003011DA 1 Byte  [53]
.text           autochk.exe                                                                                      003011DA 3 Bytes  [53, 00, 79]
.text           autochk.exe                                                                                      003011DE 1 Byte  [73]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076e26c9c                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fedcf2                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fedd81                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313bbe583                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313bbe583@f81edfb5fc96         0x7B 0x0E 0x14 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313bbe583@002108302710         0x72 0x9F 0xFA 0x78 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313bbe583@d82a7ed037b5         0x2E 0x0C 0x5C 0xB9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313bbe583@9c4a7bbe3406         0xDE 0x81 0xBB 0x65 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076e26c9c (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fedcf2 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fedd81 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313bbe583 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313bbe583@f81edfb5fc96             0x7B 0x0E 0x14 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313bbe583@002108302710             0x72 0x9F 0xFA 0x78 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313bbe583@d82a7ed037b5             0x2E 0x0C 0x5C 0xB9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313bbe583@9c4a7bbe3406             0xDE 0x81 0xBB 0x65 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

zu 2., Logfile MBR-T:

Code:

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

zu 3., Logfile OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/21/2012 10:38:03 AM - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.02% Memory free
3.98 Gb Paging File | 2.74 Gb Available in Paging File | 68.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.68 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.68 Gb Free Space | 3.38% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.10% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
PRC - C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
PRC - C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\plugins\nps.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
MOD - C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll ()
MOD - C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll ()
MOD - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WUSBResource.dll ()
MOD - C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\CompInfo.dll ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe (Symantec Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (CableAssociation) -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe (Wisair Ltd.)
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120520.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120520.009\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys (Symantec Corporation)
DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys (Symantec Corporation)
DRV - (C2xxUSB) -- C:\Windows\System32\drivers\C2xxUSB73.sys (Samsung Electronics)
DRV - (C2XXCOM) -- C:\Windows\System32\drivers\C2XXCOM73.sys (Samsung Electronics)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (C2xxUsbStorage) -- C:\Windows\System32\drivers\C2xSTR73.sys (Samsung Electronics)
DRV - (dlkmd) -- C:\Windows\System32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\System32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (HWARadio) -- C:\Windows\System32\drivers\WSR_RCI.SYS ()
DRV - (DWA) -- C:\Windows\System32\drivers\WSR_DWA.SYS ()
DRV - (hwa) -- C:\Windows\System32\drivers\WSR_HWA.SYS ()
DRV - (WSR_USF) -- C:\Windows\System32\drivers\WSR_USF.sys ()
DRV - (DLCopyFilter) -- C:\Windows\System32\drivers\WSR_TBF.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4A7928C5-E509-4FC9-A420-E340E4393AD5}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de___DE392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/21 19:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/21 10:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/15 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/29 11:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/15 22:18:47 | 000,000,000 | ---D | M]
 
[2011/08/28 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012/05/02 09:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions
[2012/05/08 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/08 10:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 15:39:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/14 08:32:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/18 00:13:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/18 00:13:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/18 00:13:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/18 00:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/11/15 20:51:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/03/18 00:13:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/18 00:13:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A5D70D-C503-4027-965C-836222D5C93F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\Shell\AutoRun\command - "" = E:\AutoInstaller.exe
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell - "" = AutoRun
O33 - MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/21 10:36:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/20 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012/05/20 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 17:19:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/17 23:34:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Ymwpzlf
[2012/05/11 19:09:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 10:18:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 10:18:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 10:18:31 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 10:17:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/09 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/09 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/08 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/08 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype
[2012/05/08 10:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/08 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/08 10:05:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/08 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/21 10:26:00 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/21 10:26:00 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/21 10:25:59 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/21 10:25:59 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/21 10:10:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 10:10:02 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 10:01:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/21 10:01:44 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 17:19:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/11 20:18:43 | 000,351,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 17:28:46 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 20:34:43 | 265,407,707 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/08 10:05:04 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/04 17:59:22 | 000,094,667 | ---- | M] () -- C:\Users\*\Desktop\notfall_angaben.pdf
[2012/05/02 09:53:48 | 000,019,137 | ---- | M] () -- C:\Users\*\Desktop\Ausgaben Haushalt 2012 Monat 02u03.ods
[2012/04/29 11:25:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/20 17:19:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/04 17:59:22 | 000,094,667 | ---- | C] () -- C:\Users\*\Desktop\notfall_angaben.pdf
[2012/04/22 10:35:55 | 001,530,229 | ---- | C] () -- C:\Users\*\Desktop\IMG_3404.JPG
[2011/11/08 23:19:22 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2011/04/21 19:30:03 | 000,001,940 | ---- | C] () -- C:\Users\*\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 22:43:19 | 000,015,360 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2010/09/19 12:52:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/09/19 12:52:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/09/19 12:52:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/09/19 12:52:24 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/07 13:35:30 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/07 13:08:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

< End of report >

--- --- ---

zu 4., Logfile CCleaner:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A7928C5-E509-4FC9-A420-E340E4393AD5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A7928C5-E509-4FC9-A420-E340E4393AD5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08c44f3b-cd9f-11e0-b690-506313bbe583}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08c44f3b-cd9f-11e0-b690-506313bbe583}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08c44f3b-cd9f-11e0-b690-506313bbe583}\ not found.
File E:\AutoInstaller.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc00a53d-231a-11e1-a265-506313bbe583}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc00a53d-231a-11e1-a265-506313bbe583}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc00a53d-231a-11e1-a265-506313bbe583}\ not found.
File E:\Startme.exe not found.
========== FILES ==========
File\Folder C:\Users\*\AppData\Roaming\Ymwpzlf not found.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\*\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *
->Temp folder emptied: 113724429 bytes
->Temporary Internet Files folder emptied: 5152069 bytes
->Java cache emptied: 11552 bytes
->FireFox cache emptied: 54703472 bytes
->Flash cache emptied: 38453 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1631524 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 167.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05222012_131008

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

die beiden Logfiles vom zweiten OTL Scan folgen gleich.
ich hoffe du kannst was damit anfangen...
danke nochmal für die hilfe!!

evik1122

EviK1122 · 22.05.2012, 15:36

Hier die Logfiles zu 5., Rescan OTL

Logfile OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/22/2012 1:33:04 PM - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.82% Memory free
3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.75 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.00% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/01/17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/17 14:09:46 | 000,131,072 | ---- | M] (Samsung Electronics.) -- C:\Program Files\Samsung Connection Manager\ModemPnPService.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/06/24 17:15:14 | 002,516,816 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe
PRC - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe
PRC - [2010/05/12 16:13:03 | 000,783,720 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/05/12 16:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/03/29 14:00:30 | 001,411,720 | ---- | M] (T-Systems International GmbH) -- C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe
PRC - [2009/11/20 06:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:13:00 | 000,079,360 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2009/10/02 17:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/18 19:57:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/31 13:17:32 | 000,129,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\plugins\nps.dll
MOD - [2011/01/31 13:15:08 | 002,551,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/01/31 13:15:08 | 002,277,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/01/31 13:15:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/01/31 13:15:08 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011/01/31 13:15:08 | 000,026,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011/01/31 13:15:06 | 010,837,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/01/31 13:15:06 | 008,151,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/01/31 13:15:06 | 002,186,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/01/31 13:15:06 | 001,283,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/01/31 13:15:06 | 000,675,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/01/31 13:15:06 | 000,339,456 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/01/31 13:15:06 | 000,266,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/01/31 13:15:06 | 000,190,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/01/31 12:54:42 | 000,790,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/01/31 12:52:56 | 000,345,088 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/01/31 12:52:56 | 000,180,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011/01/31 12:52:56 | 000,028,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011/01/31 12:52:00 | 000,680,448 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010/11/15 14:41:18 | 000,034,184 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010/11/15 10:13:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010/11/15 10:12:46 | 000,015,360 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010/11/15 10:12:46 | 000,013,824 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010/09/23 18:34:40 | 008,151,040 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010/09/23 18:25:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010/09/23 18:24:02 | 000,339,456 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010/09/23 18:23:50 | 002,277,888 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2010/07/05 18:42:46 | 000,088,384 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WUSBResource.dll
MOD - [2010/06/24 17:15:20 | 000,048,440 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\CompInfo.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 15:39:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe -- (CableAssociation)
SRV - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/16 08:25:11 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120521.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:25:11 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120521.020\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 02:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120518.002\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/20 19:10:19 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/20 19:10:19 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/11 20:01:02 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/12/02 21:08:58 | 000,021,888 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/04 16:58:36 | 000,036,352 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xxUSB73.sys -- (C2xxUSB)
DRV - [2010/08/09 11:06:24 | 000,038,912 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2XXCOM73.sys -- (C2XXCOM)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/10 15:15:06 | 000,006,656 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xSTR73.sys -- (C2xxUsbStorage)
DRV - [2010/05/12 16:13:26 | 000,171,632 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/05/12 16:13:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/05/10 13:37:52 | 000,142,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/05/10 13:37:38 | 000,483,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/05/10 13:37:14 | 000,794,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/05/10 13:02:28 | 000,046,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_USF.sys -- (WSR_USF)
DRV - [2010/02/21 19:46:42 | 000,049,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_TBF.sys -- (DLCopyFilter)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2004/05/17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\plcndis5.sys -- (PLCNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/21 19:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/22 13:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/15 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/29 11:25:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/15 22:18:47 | 000,000,000 | ---D | M]
 
[2011/08/28 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012/05/02 09:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions
[2012/05/08 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/08 10:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 15:39:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/14 08:32:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/18 00:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/11/15 20:51:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A5D70D-C503-4027-965C-836222D5C93F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/22 13:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 13:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 13:18:05 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/22 13:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/21 17:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/21 17:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/21 10:36:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/20 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012/05/20 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 17:19:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/17 23:34:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Ymwpzlf
[2012/05/11 19:09:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 10:18:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 10:18:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 10:18:31 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 10:17:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/09 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/09 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/08 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/08 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype
[2012/05/08 10:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/08 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/08 10:05:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/08 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/22 13:22:19 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 13:22:19 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 13:19:14 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 13:12:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/22 13:12:01 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/22 11:23:26 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:54:40 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/21 10:55:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/21 10:26:00 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/21 10:26:00 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/21 10:25:59 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/21 10:25:59 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/19 18:01:18 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/11 20:18:43 | 000,351,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 17:28:46 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 20:34:43 | 265,407,707 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/08 10:05:04 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/02 09:53:48 | 000,019,137 | ---- | M] () -- C:\Users\*\Desktop\Ausgaben Haushalt 2012 Monat 02u03.ods
[2012/04/29 11:25:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/22 13:19:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 12:43:58 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:58:46 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/20 17:19:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/08 23:19:22 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2011/04/21 19:30:03 | 000,001,940 | ---- | C] () -- C:\Users\*\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 22:43:19 | 000,015,360 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2010/09/19 12:52:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/09/19 12:52:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/09/19 12:52:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/09/19 12:52:24 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/07 13:35:30 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/07 13:08:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/08/11 21:49:05 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\.#
[2011/04/22 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/09 23:45:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2011/03/15 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia
[2011/03/15 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia Ovi Suite
[2011/11/18 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011/03/16 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC Suite
[2011/11/05 21:11:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SpeedSim
[2010/08/21 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\T-Online
[2011/04/15 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Tific
[2012/05/20 18:16:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ymwpzlf
[2011/03/03 23:06:27 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(59).TXT
[2012/04/06 15:41:21 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und Logfile Extras.txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/22/2012 1:33:04 PM - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.82% Memory free
3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.75 Gb Free Space | 54.88% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.85 Gb Free Space | 99.00% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E425D33-0956-4EB6-AC50-FF236EF05767}" = lport=139 | protocol=6 | dir=in | app=system | 
"{290B67A1-0691-4C20-B1B1-B314FB5785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{473F3CB6-ED73-4903-A749-B9069E4C58E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A0EB61C-0F77-4630-883D-EC7E8A585C54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F296B59-D1D2-47BC-ACC1-4FE87B34C9FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC4DAA0A-E7AC-4479-95B7-3E35F834C566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADE05382-2A52-4B81-8712-EBBEE8213CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C5CF888F-3309-47F4-98A7-56295854E910}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7ABA5A1-2E2E-4171-AE2D-9D49FA2693CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EA3288AA-8A50-4571-ACA6-BD4670625626}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ED714B9D-528A-4F6F-A936-AFDAF864A5B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1FC3DC8-1D38-40E6-A834-78199D349920}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2CA26EE-878D-472A-996A-4B5C4C2D9724}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FEE0EB4E-77C4-4B3C-B5AA-4B26EC5A7184}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F699A7-221D-425B-BF75-2475CEFB827D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{15A124B7-D701-4173-9AB1-B29F0CD4C378}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{17D9C80F-C955-4531-8F32-045A073AD144}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25639F02-A936-4E91-A365-5DC39F5AB6DC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{393BD412-E8D1-4F68-8234-C4CB9BC25FC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FB7A23A-A380-4E0A-BBBE-72F12FE309DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63BA7410-30D9-4BF1-98DE-C5A45B320250}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6BF6F79B-4C5F-4858-A879-95138952E68E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{803A19FB-7650-441F-8CB7-5DC77BA1324E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96734967-E3A9-4B57-9985-FBFB5A8ABD57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A5B4F268-4914-4B58-BC74-06192D261CFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A72B7596-2AFD-480D-8C7F-FBE1367987A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3CE8302-E5FC-4D1F-986C-1CE6FF5F8577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D3C96C86-045E-4F1A-BBEF-050B23DC8E11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E27F6AC6-AFF4-422D-8080-AB651399EB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E5138A0E-E03F-4A9E-B1A1-180C1F1EB1A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EAF2D55D-C75B-4580-816D-AF45BADCADD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{ED651F4F-7447-4A15-8464-C9195FAD842A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F3774624-65A2-4241-A8F2-A1F10F587B80}" = dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software  1.10.27.1
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D02505DA-696D-4114-84F7-72A468A074B9}" = devolo Vianect AIR TV
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3F95061-0427-4386-AB03-1556CBE52927}" = Samsung Connection Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F10613-0F49-4001-AC23-B6F5163F838D}" = DisplayLink Core Software
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"SpeedSim" = SpeedSim
"ST6UNST #1" = WinProvex-Adressbuch 5.10
"ST6UNST #2" = WinProvex-Terminplaner 5.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/14/2011 8:26:39 AM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x63ec46f8
ID
 des fehlerhaften Prozesses: 0x1350  Startzeit der fehlerhaften Anwendung: 0x01cc8a6c6efea75f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: c39623c0-f65f-11e0-b681-506313bbe583
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 10/17/2011 2:40:52 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:42:31 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:50 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:51 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:50:35 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:51:54 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2011 2:18:09 PM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x668246f8
ID
 des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cc8e8b4efcd37f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: b24c3a4c-fa7e-11e0-a38d-506313bbe583
 
[ System Events ]
Error - 5/20/2012 12:20:59 PM | Computer Name = * | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:20:59 PM | Computer Name = *| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 5/20/2012 12:47:01 PM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/21/2012 4:02:27 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/21/2012 4:03:16 AM | Computer Name = * | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.115
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 5/21/2012 4:11:20 AM | Computer Name = * | Source = bowser | ID = 8003
Description = 
 
Error - 5/21/2012 10:32:15 AM | Computer Name = *| Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/22/2012 4:41:50 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/22/2012 7:10:10 AM | Computer Name = *| Source = Service Control Manager | ID = 7031
Description = Der Dienst "DisplayLinkManager" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 5/22/2012 7:12:34 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >

--- --- ---

Gruß
EviK1122

EviK1122 · 22.05.2012, 15:37

beitrag gelöscht da doppelt gesendet

kira · 22.05.2012, 22:07

Punkt 4. fehlt noch, bitte nachreichen:-> http://www.trojaner-board.de/115335-...tml#post831666

EviK1122 · 23.05.2012, 09:17

Sorry, hier Punkt 4: CCleaner

Code:

ATTFilter

7-Zip 9.20		20.05.2012		
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	17.08.2010	6,00MB	10.1.82.76
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	26.12.2011	6,00MB	11.1.102.55
Adobe Reader 9.5.1 - Deutsch	Adobe Systems Incorporated	28.04.2012	118,5MB	9.5.1
Alice Greenfingers	Oberon Media	06.08.2010		
AnyPC Client	Doctorsoft	09.12.2009		1.0.0.23
Apple Application Support	Apple Inc.	08.05.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	08.05.2012	24,2MB	5.1.1.4
Apple Software Update	Apple Inc.	22.08.2011	2,38MB	2.1.3.127
Atheros Client Installation Program	Atheros	09.12.2009		1.0.1.0805
BatteryLifeExtender	Samsung	09.12.2009	14,3MB	1.0.1
Bonjour	Apple Inc.	01.11.2011	0,98MB	3.0.0.10
CCleaner	Piriform	21.05.2012		3.18
ChargeableUSB	SAMSUNG	09.12.2009		1.0.0.0
Compatibility Pack für 2007 Office System	Microsoft Corporation	10.05.2012	221MB	12.0.6612.1000
CyberLink YouCam	CyberLink Corp.	06.08.2010	77,5MB	2.0.3304
Dairy Dash	Oberon Media	06.08.2010		
devolo dLAN-Konfigurationsassistent	devolo AG	31.07.2011		9.0.0.0
devolo EasyClean	devolo AG	31.07.2011		3.0.0.0
devolo EasyShare	devolo AG	31.07.2011		4.0.0.0
devolo Informer	devolo AG	31.07.2011		15.0.0.0
devolo Vianect AIR Manager	devolo AG	01.12.2010	10,2MB	14.2.51.16
devolo Vianect AIR TV	devolo	01.12.2010	1,24MB	5.3.26044.0
DHTML Editing Component	Microsoft Corporation	20.08.2010	0,54MB	6.02.0001
DisplayLink Core Software	DisplayLink Corp.	01.12.2010	13,8MB	5.3.24903.0
Easy Display Manager	Samsung Electronics Co., Ltd.	09.12.2009		3.0
Easy Network Manager	Samsung	09.12.2009	19,1MB	4.2.4
Easy Resolution Manager	Samsung	09.12.2009	5,51MB	1.0.0
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	09.12.2009		3.0.0.5
EasyBatteryManager	Samsung	09.12.2009		4.0.0.3
Farm Frenzy 2	Oberon Media	06.08.2010		
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	21.04.2011	10,7MB	
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	21.04.2011	36,0MB	
Game Pack	Oberon Media, Inc.	06.08.2010		5.3.0.10
Go-Go Gourmet	Oberon Media	06.08.2010		
Google Toolbar for Internet Explorer	Google Inc.	09.08.2010		
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	09.12.2009	54,3MB	8.14.10.1972
Intel® Matrix Storage Manager	Intel Corporation	09.12.2009		
iTunes	Apple Inc.	08.05.2012	157,4MB	10.6.1.7
Java(TM) 6 Update 31	Oracle	13.03.2012	95,1MB	6.0.310
LightScribe System Software  1.10.27.1	hxxp://www.lightscribe.com	08.10.2010	22,7MB	1.10.27.1
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	20.05.2012	18,0MB	1.61.0.1400
Marvell Miniport Driver	Marvell	09.12.2009		11.22.3.3
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	14.09.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	14.09.2010	2,94MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	19.03.2012		12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	14.09.2010	0,50MB	2.0.4024.1
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	10.05.2012	119,6MB	12.0.6612.1000
Microsoft Office Suite Activation Assistant	Microsoft Corporation	06.08.2010	8,37MB	2.9
Microsoft Silverlight	Microsoft Corporation	10.05.2012	228MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	06.08.2010	1,72MB	3.1.0000
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	19.09.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	01.06.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	18.09.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	17.11.2011	0,22MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	10.04.2012	878MB	9.7.0621
Mozilla Firefox 12.0 (x86 de)	Mozilla	05.05.2012	37,8MB	12.0
Mozilla Maintenance Service	Mozilla	05.05.2012	0,21MB	12.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.10.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	09.10.2010	1,33MB	4.20.9876.0
NAVIGON Fresh 3.2.0	NAVIGON	18.09.2010		3.2.0
Nero 7 Essentials	Nero AG	08.10.2010	1.111MB	7.03.0918
Nokia Connectivity Cable Driver	Nokia	14.03.2011	3,27MB	7.1.36.0
Nokia Ovi Suite	Nokia	14.03.2011		3.0.0.290
Nokia Ovi Suite Software Updater	Nokia Corporation	14.03.2011	42,2MB	02.06.006.44298
Norton 360	Symantec Corporation	23.04.2011		5.2.1.3
OpenOffice.org 3.3	OpenOffice.org	17.11.2011	413MB	3.3.9567
PC Connectivity Solution	Nokia	14.03.2011	12,9MB	10.50.2.0
QuickTime	Apple Inc.	01.11.2011	73,3MB	7.71.80.42
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.12.2009		6.0.1.5983
REALTEK Wireless LAN Software	REALTEK Semiconductor Corp.	09.12.2009		1.01.0088
Safari	Apple Inc.	08.05.2012	104,3MB	5.34.55.3
Samsung Connection Manager	Samsung Electronics	22.08.2011	20,8MB	111
Samsung Recovery Solution 4	Samsung	09.12.2009		4.0.0.42
Samsung Support Center	Samsung	09.12.2009	40,9MB	1.0.21
Samsung Update Plus	Samsung Electronics Co., Ltd.	09.12.2009		2.0
Skype Click to Call	Skype Technologies S.A.	07.05.2012	16,2MB	5.11.9874
Skype™ 5.9	Skype Technologies S.A.	07.05.2012	19,3MB	5.9.115
SpeedSim		31.10.2011		0.9.8.1b
Synaptics Pointing Device Driver	Synaptics Incorporated	09.12.2009		14.0.10.0
T-Home Dialerschutz-Software		21.08.2010		
T-Online 6.0		20.08.2010		
T-Online WLAN-Access Finder		20.08.2010		
Uninstall 1.0.0.1		21.04.2011	10,9MB	
User Guide		09.12.2009		1.0
WIDCOMM Bluetooth Software	Broadcom Corporation	06.08.2010	88,5MB	6.2.1.800
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)	Broadcom	06.08.2010		07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)	Broadcom	06.08.2010		09/11/2009 6.2.0.9407
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	06.08.2010		07/28/2009 6.2.0.9800
Windows Live Essentials	Microsoft Corporation	06.08.2010		14.0.8089.0726
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	14.09.2010	5,52MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	06.08.2010	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	06.08.2010	0,22MB	14.0.8014.1029
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	14.03.2011		08/22/2008 7.0.0.0
WinProvex-Adressbuch 5.10		04.06.2011		
WinProvex-Terminplaner 5.32		04.06.2011

kira · 23.05.2012, 14:32

Systemreinigung und Prüfung:

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = 

:Files
C:\Users\*\AppData\Roaming\Ymwpzlf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Adobe Reader aktualisieren :
- Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

5.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

EviK1122 · 24.05.2012, 16:58

Hallo,
hier das Logfile zu 1., Fixen mit OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
C:\Users\*\AppData\Roaming\Ymwpzlf folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\*\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *
->Temp folder emptied: 92399551 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5826860 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7000 bytes
RecycleBin emptied: 142706 bytes
 
Total Files Cleaned = 94.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05232012_154333

Files\Folders moved on Reboot...
File move failed. C:\Users\*\AppData\Local\Temp\{D5878294-C113-43c5-A24F-FC333C52015A}\BIT734C.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Java aktualisiert, Adobe Reader Update erfolgt; mit CCleaner gereinigt.

Logfile Superantispyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/23/2012 at 06:00 PM

Application Version : 5.0.1150

Core Rules Database Version : 8635
Trace Rules Database Version: 6447

Scan type       : Complete Scan
Total Scan Time : 01:17:47

Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 897
Memory threats detected   : 0
Registry items scanned    : 36721
Registry threats detected : 0
File items scanned        : 56732
File threats detected     : 1

Trojan.Agent/Gen-Cryptor[Egun]
	C:\PROGRAM FILES\WINPROVEX\TERMINPLANER\STARTKAL.EXE

Logfile ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fbd53975eaf6640885002ed719bfa33
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 02:52:10
# local_time=2012-05-24 04:52:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 84 2392971 88502531 0 0
# compatibility_mode=5893 16776574 100 94 6134904 89471226 0 0
# compatibility_mode=8192 67108863 100 0 325 325 0 0
# scanned=113986
# found=0
# cleaned=0
# scan_time=31095

zu Punkt 9, Scan OTL

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/24/2012 5:10:40 PM - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.67% Memory free
3.98 Gb Paging File | 2.50 Gb Available in Paging File | 62.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.50 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.13% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/01/17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/17 14:09:46 | 000,131,072 | ---- | M] (Samsung Electronics.) -- C:\Program Files\Samsung Connection Manager\ModemPnPService.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/06/24 17:15:14 | 002,516,816 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe
PRC - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe
PRC - [2010/05/12 16:13:03 | 000,783,720 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/05/12 16:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2009/11/20 06:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2009/10/02 17:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/24 07:48:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/24 07:48:28 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/23 16:41:19 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/23 16:41:19 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/18 19:57:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/31 13:17:32 | 000,129,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\plugins\nps.dll
MOD - [2011/01/31 13:15:08 | 002,551,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/01/31 13:15:08 | 002,277,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/01/31 13:15:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/01/31 13:15:08 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011/01/31 13:15:08 | 000,026,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011/01/31 13:15:06 | 010,837,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/01/31 13:15:06 | 008,151,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/01/31 13:15:06 | 002,186,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/01/31 13:15:06 | 001,283,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/01/31 13:15:06 | 000,675,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/01/31 13:15:06 | 000,339,456 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/01/31 13:15:06 | 000,266,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/01/31 13:15:06 | 000,190,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/01/31 12:54:42 | 000,790,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/01/31 12:52:56 | 000,345,088 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/01/31 12:52:56 | 000,180,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011/01/31 12:52:56 | 000,028,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011/01/31 12:52:00 | 000,680,448 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010/11/15 14:41:18 | 000,034,184 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010/11/15 10:13:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010/11/15 10:12:46 | 000,015,360 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010/11/15 10:12:46 | 000,013,824 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010/09/23 18:34:40 | 008,151,040 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010/09/23 18:25:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010/09/23 18:24:02 | 000,339,456 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010/09/23 18:23:50 | 002,277,888 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2010/07/05 18:42:46 | 000,088,384 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WUSBResource.dll
MOD - [2010/06/24 17:15:20 | 000,048,440 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\CompInfo.dll
MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 15:39:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe -- (CableAssociation)
SRV - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/16 08:25:11 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120523.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:25:11 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120523.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 02:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120523.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/19 21:39:28 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/20 19:10:19 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/11 20:01:02 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/12/02 21:08:58 | 000,021,888 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/04 16:58:36 | 000,036,352 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xxUSB73.sys -- (C2xxUSB)
DRV - [2010/08/09 11:06:24 | 000,038,912 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2XXCOM73.sys -- (C2XXCOM)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/10 15:15:06 | 000,006,656 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xSTR73.sys -- (C2xxUsbStorage)
DRV - [2010/05/12 16:13:26 | 000,171,632 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/05/12 16:13:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/05/10 13:37:52 | 000,142,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/05/10 13:37:38 | 000,483,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/05/10 13:37:14 | 000,794,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/05/10 13:02:28 | 000,046,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_USF.sys -- (WSR_USF)
DRV - [2010/02/21 19:46:42 | 000,049,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_TBF.sys -- (DLCopyFilter)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2004/05/17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\plcndis5.sys -- (PLCNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/21 19:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/24 07:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/15 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/23 16:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/15 22:18:47 | 000,000,000 | ---D | M]
 
[2011/08/28 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012/05/24 08:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions
[2012/05/24 08:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions\staged
[2012/05/08 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/08 10:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 15:39:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/18 00:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/11/15 20:51:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A5D70D-C503-4027-965C-836222D5C93F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/23 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/23 16:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/23 16:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/23 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/23 16:38:24 | 017,273,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\*\Desktop\SUPERAntiSpyware.exe
[2012/05/23 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/23 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/23 16:12:20 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/05/23 16:12:20 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/05/23 16:11:46 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/05/23 16:11:46 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/05/22 13:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 13:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 13:18:05 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/22 13:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/21 17:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/21 17:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/21 10:36:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/20 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012/05/20 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 17:19:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/10 10:18:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 10:18:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 10:18:31 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 10:17:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/09 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/09 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/08 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/08 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype
[2012/05/08 10:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/08 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/08 10:05:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/08 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/24 11:05:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/24 07:55:00 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 07:55:00 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 07:46:22 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 16:39:41 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 16:32:56 | 000,286,354 | ---- | M] () -- C:\Users\*\Documents\cc_20120523_163220.reg
[2012/05/23 16:11:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/05/23 16:11:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/05/23 15:52:06 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/05/23 15:47:56 | 017,273,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\*\Desktop\SUPERAntiSpyware.exe
[2012/05/22 13:19:14 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 11:23:26 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:54:40 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/21 10:55:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/21 10:26:00 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/21 10:26:00 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/21 10:25:59 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/21 10:25:59 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/19 18:01:18 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/11 20:18:43 | 000,351,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 17:28:46 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/02 09:53:48 | 000,019,137 | ---- | M] () -- C:\Users\*\Desktop\Ausgaben Haushalt 2012 Monat 02u03.ods
[2012/04/29 11:25:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/23 16:39:41 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 16:32:39 | 000,286,354 | ---- | C] () -- C:\Users\*\Documents\cc_20120523_163220.reg
[2012/05/23 15:52:06 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/05/22 13:19:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 12:43:58 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:58:46 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/20 17:19:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/08 23:19:22 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2011/04/21 19:30:03 | 000,001,940 | ---- | C] () -- C:\Users\*\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 22:43:19 | 000,015,360 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2010/09/19 12:52:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/09/19 12:52:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/09/19 12:52:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/09/19 12:52:24 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/07 13:35:30 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/07 13:08:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/08/11 21:49:05 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\.#
[2011/04/22 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/09 23:45:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2011/03/15 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia
[2011/03/15 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia Ovi Suite
[2011/11/18 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011/03/16 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC Suite
[2011/11/05 21:11:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SpeedSim
[2010/08/21 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\T-Online
[2011/04/15 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Tific
[2011/03/03 23:06:27 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(59).TXT
[2012/04/06 15:41:21 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und Extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/24/2012 5:10:41 PM - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.67% Memory free
3.98 Gb Paging File | 2.50 Gb Available in Paging File | 62.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.50 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.13% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E425D33-0956-4EB6-AC50-FF236EF05767}" = lport=139 | protocol=6 | dir=in | app=system | 
"{290B67A1-0691-4C20-B1B1-B314FB5785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{473F3CB6-ED73-4903-A749-B9069E4C58E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A0EB61C-0F77-4630-883D-EC7E8A585C54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F296B59-D1D2-47BC-ACC1-4FE87B34C9FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC4DAA0A-E7AC-4479-95B7-3E35F834C566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADE05382-2A52-4B81-8712-EBBEE8213CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C5CF888F-3309-47F4-98A7-56295854E910}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7ABA5A1-2E2E-4171-AE2D-9D49FA2693CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EA3288AA-8A50-4571-ACA6-BD4670625626}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ED714B9D-528A-4F6F-A936-AFDAF864A5B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1FC3DC8-1D38-40E6-A834-78199D349920}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2CA26EE-878D-472A-996A-4B5C4C2D9724}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FEE0EB4E-77C4-4B3C-B5AA-4B26EC5A7184}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F699A7-221D-425B-BF75-2475CEFB827D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{15A124B7-D701-4173-9AB1-B29F0CD4C378}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{17D9C80F-C955-4531-8F32-045A073AD144}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25639F02-A936-4E91-A365-5DC39F5AB6DC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{393BD412-E8D1-4F68-8234-C4CB9BC25FC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FB7A23A-A380-4E0A-BBBE-72F12FE309DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63BA7410-30D9-4BF1-98DE-C5A45B320250}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{803A19FB-7650-441F-8CB7-5DC77BA1324E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96734967-E3A9-4B57-9985-FBFB5A8ABD57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A5B4F268-4914-4B58-BC74-06192D261CFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A72B7596-2AFD-480D-8C7F-FBE1367987A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3CE8302-E5FC-4D1F-986C-1CE6FF5F8577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D3C96C86-045E-4F1A-BBEF-050B23DC8E11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E27F6AC6-AFF4-422D-8080-AB651399EB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E5138A0E-E03F-4A9E-B1A1-180C1F1EB1A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EAF2D55D-C75B-4580-816D-AF45BADCADD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{ED651F4F-7447-4A15-8464-C9195FAD842A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F3774624-65A2-4241-A8F2-A1F10F587B80}" = dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software  1.10.27.1
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D02505DA-696D-4114-84F7-72A468A074B9}" = devolo Vianect AIR TV
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3F95061-0427-4386-AB03-1556CBE52927}" = Samsung Connection Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F10613-0F49-4001-AC23-B6F5163F838D}" = DisplayLink Core Software
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"SpeedSim" = SpeedSim
"ST6UNST #1" = WinProvex-Adressbuch 5.10
"ST6UNST #2" = WinProvex-Terminplaner 5.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/14/2011 8:26:39 AM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x63ec46f8
ID
 des fehlerhaften Prozesses: 0x1350  Startzeit der fehlerhaften Anwendung: 0x01cc8a6c6efea75f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: c39623c0-f65f-11e0-b681-506313bbe583
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 10/17/2011 2:40:52 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:42:31 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:50 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:51 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:50:35 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:51:54 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2011 2:18:09 PM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x668246f8
ID
 des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cc8e8b4efcd37f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: b24c3a4c-fa7e-11e0-a38d-506313bbe583
 
[ System Events ]
Error - 5/23/2012 9:54:12 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/23/2012 10:35:20 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/23/2012 10:36:04 AM | Computer Name = * | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 5/23/2012 10:36:04 AM | Computer Name = * | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 5/24/2012 1:47:05 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/24/2012 1:47:33 AM | Computer Name = * | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.115
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 5/24/2012 1:47:37 AM | Computer Name = * | Source = Service Control Manager | ID = 7023
Description = Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:   %%-2147417831
 
Error - 5/24/2012 1:48:03 AM | Computer Name = * | Source = DCOM | ID = 10010
Description = 
 
Error - 5/24/2012 1:48:04 AM | Computer Name = * | Source = bowser | ID = 8003
Description = 
 
Error - 5/24/2012 4:30:33 AM | Computer Name = * | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

--- --- ---

bisher hab ich keine Störung am PC bemerkt, ich werde jetzt testen und dann nochmal kurz posten.
Vielen Dank nochmal.
Gruß

EviK1122 · 24.05.2012, 17:00

Hallo,
hier das Logfile zu 1., Fixen mit OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
C:\Users\*\AppData\Roaming\Ymwpzlf folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\*\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *
->Temp folder emptied: 92399551 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5826860 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7000 bytes
RecycleBin emptied: 142706 bytes
 
Total Files Cleaned = 94.00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05232012_154333

Files\Folders moved on Reboot...
File move failed. C:\Users\*\AppData\Local\Temp\{D5878294-C113-43c5-A24F-FC333C52015A}\BIT734C.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Java aktualisiert, Adobe Reader Update erfolgt; mit CCleaner gereinigt.

Logfile Superantispyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/23/2012 at 06:00 PM

Application Version : 5.0.1150

Core Rules Database Version : 8635
Trace Rules Database Version: 6447

Scan type       : Complete Scan
Total Scan Time : 01:17:47

Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 897
Memory threats detected   : 0
Registry items scanned    : 36721
Registry threats detected : 0
File items scanned        : 56732
File threats detected     : 1

Trojan.Agent/Gen-Cryptor[Egun]
	C:\PROGRAM FILES\WINPROVEX\TERMINPLANER\STARTKAL.EXE

Logfile ESET Online Scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fbd53975eaf6640885002ed719bfa33
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 02:52:10
# local_time=2012-05-24 04:52:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3589 16777213 100 84 2392971 88502531 0 0
# compatibility_mode=5893 16776574 100 94 6134904 89471226 0 0
# compatibility_mode=8192 67108863 100 0 325 325 0 0
# scanned=113986
# found=0
# cleaned=0
# scan_time=31095

zu Punkt 9, Scan OTL

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/24/2012 5:10:40 PM - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.67% Memory free
3.98 Gb Paging File | 2.50 Gb Available in Paging File | 62.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.50 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.13% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/05/21 22:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/31 13:16:40 | 000,703,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/01/17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/17 14:09:46 | 000,131,072 | ---- | M] (Samsung Electronics.) -- C:\Program Files\Samsung Connection Manager\ModemPnPService.exe
PRC - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/11/23 18:49:24 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
PRC - [2010/06/24 17:15:14 | 002,516,816 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe
PRC - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe
PRC - [2010/05/12 16:13:03 | 000,783,720 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010/05/12 16:13:01 | 000,832,872 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2009/11/20 06:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 11:12:58 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/02 17:48:26 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2009/10/02 17:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/24 07:48:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/24 07:48:28 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/23 16:41:19 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/05/23 16:41:19 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/11/18 19:57:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/31 13:17:32 | 000,129,408 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\plugins\nps.dll
MOD - [2011/01/31 13:15:08 | 002,551,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/01/31 13:15:08 | 002,277,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/01/31 13:15:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/01/31 13:15:08 | 000,196,608 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
MOD - [2011/01/31 13:15:08 | 000,026,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
MOD - [2011/01/31 13:15:06 | 010,837,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/01/31 13:15:06 | 008,151,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/01/31 13:15:06 | 002,186,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/01/31 13:15:06 | 001,283,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/01/31 13:15:06 | 000,675,840 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/01/31 13:15:06 | 000,339,456 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/01/31 13:15:06 | 000,266,752 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/01/31 13:15:06 | 000,190,464 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/01/31 12:54:42 | 000,790,016 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/01/31 12:52:56 | 000,345,088 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/01/31 12:52:56 | 000,180,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\noaipcclient.dll
MOD - [2011/01/31 12:52:56 | 000,028,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\wrtserviceipcclient.dll
MOD - [2011/01/31 12:52:00 | 000,680,448 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2010/11/15 14:41:18 | 000,367,496 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
MOD - [2010/11/15 14:41:18 | 000,034,184 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\wrtserviceipcserver.dll
MOD - [2010/11/15 10:13:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorage.dll
MOD - [2010/11/15 10:12:46 | 000,015,360 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\cryptodll.dll
MOD - [2010/11/15 10:12:46 | 000,013,824 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\qtsecurestorageserver.dll
MOD - [2010/09/23 18:34:40 | 008,151,040 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtGui4.dll
MOD - [2010/09/23 18:25:08 | 000,912,384 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtNetwork4.dll
MOD - [2010/09/23 18:24:02 | 000,339,456 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtXml4.dll
MOD - [2010/09/23 18:23:50 | 002,277,888 | ---- | M] () -- C:\Program Files\Common Files\Nokia\NoA\QtCore4.dll
MOD - [2010/07/05 18:42:46 | 000,088,384 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WUSBResource.dll
MOD - [2010/06/24 17:15:20 | 000,048,440 | ---- | M] () -- C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\CompInfo.dll
MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2007/08/14 14:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/06 15:39:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe -- (N360)
SRV - [2010/12/08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/24 17:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) [Auto | Running] -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe -- (CableAssociation)
SRV - [2010/05/12 16:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/05/16 08:25:11 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120523.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 08:25:11 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120523.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 02:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120523.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/19 21:39:28 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120517.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/20 19:10:19 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/11 20:01:02 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502010.003\symds.sys -- (SymDS)
DRV - [2010/12/02 21:08:58 | 000,021,888 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 03:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/04 16:58:36 | 000,036,352 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xxUSB73.sys -- (C2xxUSB)
DRV - [2010/08/09 11:06:24 | 000,038,912 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2XXCOM73.sys -- (C2XXCOM)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/10 15:15:06 | 000,006,656 | ---- | M] (Samsung Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\C2xSTR73.sys -- (C2xxUsbStorage)
DRV - [2010/05/12 16:13:26 | 000,171,632 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2010/05/12 16:13:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/05/10 13:37:52 | 000,142,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio)
DRV - [2010/05/10 13:37:38 | 000,483,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA)
DRV - [2010/05/10 13:37:14 | 000,794,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa)
DRV - [2010/05/10 13:02:28 | 000,046,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_USF.sys -- (WSR_USF)
DRV - [2010/02/21 19:46:42 | 000,049,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_TBF.sys -- (DLCopyFilter)
DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/10/15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2004/05/17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\plcndis5.sys -- (PLCNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/21 19:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_7_5 [2012/05/24 07:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/15 22:18:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/06 15:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/23 16:12:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/15 22:18:47 | 000,000,000 | ---D | M]
 
[2011/08/28 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012/05/24 08:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions
[2012/05/24 08:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\r282o2ed.default\extensions\staged
[2012/05/08 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/08 10:06:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/06 15:39:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/18 00:13:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/11/15 20:51:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.1.3\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Blackcomb] C:\Program Files\Samsung Connection Manager\ModemPnPService.exe (Samsung Electronics.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A5D70D-C503-4027-965C-836222D5C93F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/23 16:40:49 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/23 16:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/23 16:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/23 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/23 16:38:24 | 017,273,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\*\Desktop\SUPERAntiSpyware.exe
[2012/05/23 16:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/23 16:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/23 16:12:20 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/05/23 16:12:20 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/05/23 16:11:46 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/05/23 16:11:46 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/05/22 13:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 13:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 13:18:05 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/22 13:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/21 17:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/21 17:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/21 10:36:58 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/20 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2012/05/20 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/20 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 17:19:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/05/20 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/10 10:18:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 10:18:31 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 10:18:31 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 10:17:54 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/09 17:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/09 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/08 10:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/05/08 10:06:08 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype
[2012/05/08 10:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/08 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/08 10:05:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/05/08 10:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/05/06 15:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/24 11:05:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/24 07:55:00 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 07:55:00 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 07:46:22 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 16:39:41 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 16:32:56 | 000,286,354 | ---- | M] () -- C:\Users\*\Documents\cc_20120523_163220.reg
[2012/05/23 16:11:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/05/23 16:11:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/05/23 15:52:06 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2012/05/23 15:47:56 | 017,273,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\*\Desktop\SUPERAntiSpyware.exe
[2012/05/22 13:19:14 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 11:23:26 | 000,089,088 | ---- | M] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:54:40 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/21 10:55:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/21 10:26:00 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/21 10:26:00 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/21 10:25:59 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/21 10:25:59 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/20 17:07:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012/05/19 18:01:18 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup318.exe
[2012/05/11 20:18:43 | 000,351,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 17:28:46 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/02 09:53:48 | 000,019,137 | ---- | M] () -- C:\Users\*\Desktop\Ausgaben Haushalt 2012 Monat 02u03.ods
[2012/04/29 11:25:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/23 16:39:41 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 16:32:39 | 000,286,354 | ---- | C] () -- C:\Users\*\Documents\cc_20120523_163220.reg
[2012/05/23 15:52:06 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2012/05/22 13:19:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 12:43:58 | 000,089,088 | ---- | C] () -- C:\windows\System32\mbr.exe
[2012/05/22 10:58:46 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\4hkvjgti.exe
[2012/05/20 17:19:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/09 17:25:49 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/08 10:05:04 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/08 23:19:22 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2011/04/21 19:30:03 | 000,001,940 | ---- | C] () -- C:\Users\*\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/15 22:43:19 | 000,015,360 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd9.dll
[2010/12/02 21:09:03 | 000,000,000 | ---- | C] () -- C:\windows\System32\dlumd10.dll
[2010/09/19 12:52:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2010/09/19 12:52:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2010/09/19 12:52:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2010/09/19 12:52:24 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2010/08/07 13:35:30 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/07 13:08:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/08/11 21:49:05 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\.#
[2011/04/22 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/09 23:45:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GameConsole
[2011/03/15 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia
[2011/03/15 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nokia Ovi Suite
[2011/11/18 19:57:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2011/03/16 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC Suite
[2011/11/05 21:11:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SpeedSim
[2010/08/21 16:39:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\T-Online
[2011/04/15 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Tific
[2011/03/03 23:06:27 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(59).TXT
[2012/04/06 15:41:21 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

und Extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 5/24/2012 5:10:41 PM - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\*\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.67% Memory free
3.98 Gb Paging File | 2.50 Gb Available in Paging File | 62.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 60.50 Gb Free Space | 55.56% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 3.80 Gb Free Space | 3.49% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.83 Gb Free Space | 98.13% Space Free | Partition Type: FAT
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E425D33-0956-4EB6-AC50-FF236EF05767}" = lport=139 | protocol=6 | dir=in | app=system | 
"{290B67A1-0691-4C20-B1B1-B314FB5785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{473F3CB6-ED73-4903-A749-B9069E4C58E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A0EB61C-0F77-4630-883D-EC7E8A585C54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7F296B59-D1D2-47BC-ACC1-4FE87B34C9FB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC4DAA0A-E7AC-4479-95B7-3E35F834C566}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADE05382-2A52-4B81-8712-EBBEE8213CF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C5CF888F-3309-47F4-98A7-56295854E910}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7ABA5A1-2E2E-4171-AE2D-9D49FA2693CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EA3288AA-8A50-4571-ACA6-BD4670625626}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ED714B9D-528A-4F6F-A936-AFDAF864A5B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1FC3DC8-1D38-40E6-A834-78199D349920}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F2CA26EE-878D-472A-996A-4B5C4C2D9724}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FEE0EB4E-77C4-4B3C-B5AA-4B26EC5A7184}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F699A7-221D-425B-BF75-2475CEFB827D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{15A124B7-D701-4173-9AB1-B29F0CD4C378}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{17D9C80F-C955-4531-8F32-045A073AD144}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25639F02-A936-4E91-A365-5DC39F5AB6DC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{393BD412-E8D1-4F68-8234-C4CB9BC25FC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4FB7A23A-A380-4E0A-BBBE-72F12FE309DA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{63BA7410-30D9-4BF1-98DE-C5A45B320250}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{803A19FB-7650-441F-8CB7-5DC77BA1324E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{96734967-E3A9-4B57-9985-FBFB5A8ABD57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A5B4F268-4914-4B58-BC74-06192D261CFB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A72B7596-2AFD-480D-8C7F-FBE1367987A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B3CE8302-E5FC-4D1F-986C-1CE6FF5F8577}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D3C96C86-045E-4F1A-BBEF-050B23DC8E11}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E27F6AC6-AFF4-422D-8080-AB651399EB46}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E5138A0E-E03F-4A9E-B1A1-180C1F1EB1A8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EAF2D55D-C75B-4580-816D-AF45BADCADD2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{ED651F4F-7447-4A15-8464-C9195FAD842A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F3774624-65A2-4241-A8F2-A1F10F587B80}" = dir=in | app=c:\program files\itunes\itunes.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28191B83-1D60-44B6-9B08-E854EF6632D5}" = Ovi Desktop Sync Engine
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC42713-B6E7-49AA-A553-A224FE9828A8}" = Nokia Ovi Suite
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software  1.10.27.1
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D02505DA-696D-4114-84F7-72A468A074B9}" = devolo Vianect AIR TV
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3F95061-0427-4386-AB03-1556CBE52927}" = Samsung Connection Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F10613-0F49-4001-AC23-B6F5163F838D}" = DisplayLink Core Software
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"SpeedSim" = SpeedSim
"ST6UNST #1" = WinProvex-Adressbuch 5.10
"ST6UNST #2" = WinProvex-Terminplaner 5.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/14/2011 8:26:39 AM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x63ec46f8
ID
 des fehlerhaften Prozesses: 0x1350  Startzeit der fehlerhaften Anwendung: 0x01cc8a6c6efea75f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: c39623c0-f65f-11e0-b681-506313bbe583
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
 mDNS_reentrancy (0)
 
Error - 10/14/2011 1:33:41 PM | Computer Name = * | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) 
!= mDNS_reentrancy (0)
 
Error - 10/17/2011 2:40:52 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:42:31 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:50 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 2:44:51 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:50:35 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/17/2011 4:51:54 PM | Computer Name = * | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10/19/2011 2:18:09 PM | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 7.0.1.4288,
 Zeitstempel: 0x4e83b93a  Name des fehlerhaften Moduls: xul.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e83b840  Ausnahmecode: 0xc0000005  Fehleroffset: 0x668246f8
ID
 des fehlerhaften Prozesses: 0x15e4  Startzeit der fehlerhaften Anwendung: 0x01cc8e8b4efcd37f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des
 fehlerhaften Moduls: xul.dll  Berichtskennung: b24c3a4c-fa7e-11e0-a38d-506313bbe583
 
[ System Events ]
Error - 5/23/2012 9:54:12 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/23/2012 10:35:20 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/23/2012 10:36:04 AM | Computer Name = * | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 5/23/2012 10:36:04 AM | Computer Name = * | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 5/24/2012 1:47:05 AM | Computer Name = * | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 5/24/2012 1:47:33 AM | Computer Name = * | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.115
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 5/24/2012 1:47:37 AM | Computer Name = * | Source = Service Control Manager | ID = 7023
Description = Der Dienst "iPod-Dienst" wurde mit folgendem Fehler beendet:   %%-2147417831
 
Error - 5/24/2012 1:48:03 AM | Computer Name = * | Source = DCOM | ID = 10010
Description = 
 
Error - 5/24/2012 1:48:04 AM | Computer Name = * | Source = bowser | ID = 8003
Description = 
 
Error - 5/24/2012 4:30:33 AM | Computer Name = * | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

--- --- ---

bisher hab ich keine Störung am PC bemerkt, ich werde jetzt testen und dann nochmal kurz posten.
Vielen Dank nochmal.
Gruß

Hallo,
also bis jetzt finde ich keine Probleme oder Störungen, läuft alles normal. Keine Dateien verändert etc., nichts. Ich hoffe der Trojaner ist jetzt weg und wir können wieder ungestört mit dem Netbook arbeiten...
Vielen Dank für die Unterstützung!!
und für die Zukunft haben wir uns aufs Holzauge geschrieben: "sei wachsam!"...
:-)

Viele Grüße
EviK1122

PS:Sorry für das doppelte Posting gestern.

kira · 25.05.2012, 08:27

Zitat:

Zitat von EviK1122

und für die Zukunft haben wir uns aufs Holzauge geschrieben: "sei wachsam!"...
:-)

Sei mistraurisch, aber die wichtigste ist, regelmäßig Datensicherung machen! Vorbeugen ist (besser) leichter als Heilen!

Im Internet auf jeden Fall immer misstrauisch sein! in einem sozialen Netzwerk persönliche Daten preisgeben auch Fotos, E-Mails öffnen usw

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Windows-Verschlüsselungs Trojaner bei Netbook mit Win7Starter

Log-Analyse und Auswertung: Windows-Verschlüsselungs Trojaner bei Netbook mit Win7Starter