SMART HDD Schwierigkeiten bei der Entfernung

Larusso · 20.06.2012, 17:47

aaaaa, das was anderes

Anderen USB Slot versucht ?

moloko · 20.06.2012, 18:11

das habe ich nicht, ......aber soeben entdeckt, dass ich das tool auch im normalen modus vom stick starten KÖNNTE.... ist das sinnvoll? geht das auch? oder reparaturmodus, wie beschrieben und versuch eines anderen slots?

danke!

Larusso · 20.06.2012, 21:19

Nein, das Tool ist nicht für den Normalmodus entwickelt.

moloko · 21.06.2012, 19:59

Guten Abend Daniel, es hat funktioniert. Hier der Inhalt der erstellten frst.txt Datei:

Zitat:

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 21-06-2012 20:51:29
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2010-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Ernst & Gogg\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-27] (Google Inc.)
HKU\Ernst & Gogg\...\Run: [] [x]
HKU\Ernst & Gogg\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-31] (Nokia)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [185632 2007-07-24] (Protexis Inc.)

========================== Drivers (Whitelisted) =============

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [116752 2010-09-24] (ATI Technologies, Inc.)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-11-01] (Nokia)
3 iaStor; C:\Windows\system32\DRIVERS\iaStor.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-06-21 10:24 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 10:24 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 10:24 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 10:24 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 10:23 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 10:23 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 08:41 - 2012-06-20 08:41 - 00000000 ____D C:\Users\Ernst & Gogg\Documents\OneNote-Notizbücher
2012-06-15 01:29 - 2012-06-15 01:29 - 00607260 ____R (Swearware) C:\Users\Ernst & Gogg\Desktop\dds.com
2012-06-14 06:15 - 2012-06-14 06:15 - 00145408 ____A C:\Users\Ernst & Gogg\Desktop\DEMOForderungen.xls
2012-06-13 13:20 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 13:20 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 13:20 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 13:20 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 13:20 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 13:20 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 13:20 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 13:20 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 13:20 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 13:20 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 13:20 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 13:20 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 13:20 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 13:20 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 13:20 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 13:20 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 13:20 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 13:20 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 13:20 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 13:19 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 13:19 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 13:19 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 13:19 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 13:19 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 13:19 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 13:19 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 13:19 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 13:19 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 13:18 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 13:18 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 13:18 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 13:18 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 13:18 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 13:18 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 13:18 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 13:18 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 13:18 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 13:18 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 13:18 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 13:18 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 13:18 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 13:18 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 13:18 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 13:18 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:18 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 11:57 - 2012-06-13 11:57 - 00001416 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[4].txt
2012-06-13 11:56 - 2012-06-13 11:56 - 00001297 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[3].txt
2012-06-13 11:54 - 2012-06-13 11:54 - 00001794 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[2].txt
2012-06-13 11:53 - 2012-06-13 11:53 - 00001883 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[1].txt
2012-06-13 11:52 - 2012-06-13 11:54 - 00000000 ____D C:\Users\Ernst & Gogg\Desktop\RK_Quarantine
2012-06-13 11:52 - 2012-06-13 11:52 - 01521152 ____A C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe
2012-06-13 11:15 - 2012-06-13 06:13 - 00001156 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-06-13 11:08 - 2012-06-13 11:08 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Ernst & Gogg\Desktop\unhide.exe
2012-06-13 09:58 - 2012-06-13 09:58 - 01012656 ____A C:\Users\Ernst & Gogg\Desktop\iExplore.exe
2012-06-13 09:11 - 2012-06-13 09:11 - 00000702 ____A C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk
2012-06-13 08:37 - 2012-06-13 08:37 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Local\Threat Expert
2012-06-13 07:04 - 2012-06-14 12:55 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-06-13 06:58 - 2012-06-14 11:13 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-13 06:58 - 2012-06-13 06:58 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\TestApp
2012-06-13 06:58 - 2012-05-11 01:14 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-06-13 06:35 - 2012-06-13 06:55 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-13 06:35 - 2012-06-13 06:55 - 00000000 ____D C:\sh4ldr
2012-06-13 06:35 - 2012-06-13 06:35 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-13 06:34 - 2012-06-13 06:34 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe
2012-06-13 06:23 - 2012-06-13 06:33 - 01012656 ____A C:\Users\Ernst & Gogg\Desktop\rkill.com
2012-06-13 06:19 - 2012-06-13 06:21 - 00244294 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_16.19.58_log.txt
2012-06-13 06:19 - 2012-06-13 06:19 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe
2012-06-13 06:07 - 2012-06-04 22:28 - 00001995 ____A C:\Users\Public\Desktop\Kostenlose Angebote.lnk
2012-06-13 06:07 - 2012-06-04 22:28 - 00001132 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-13 06:07 - 2012-05-19 07:06 - 00001892 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-13 06:07 - 2012-05-17 23:11 - 00002041 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-06-13 06:07 - 2012-05-02 22:54 - 00002136 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-06-13 06:07 - 2012-04-20 13:32 - 00002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-06-13 06:07 - 2012-04-17 03:04 - 00000968 ____A C:\Users\Public\Desktop\Versandhelfer.lnk
2012-06-13 06:07 - 2012-02-22 00:07 - 00002085 ____A C:\Users\Public\Desktop\Nokia PC Suite.lnk
2012-06-13 06:07 - 2011-10-05 23:44 - 00002163 ____A C:\Users\Public\Desktop\DivX Plus Converter.lnk
2012-06-13 06:07 - 2011-10-05 23:43 - 00001159 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-06-13 06:07 - 2011-05-11 02:12 - 00001113 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-06-13 06:07 - 2011-04-25 23:26 - 00001127 ____A C:\Users\Public\Desktop\GetDataBack for FAT.lnk
2012-06-13 06:07 - 2011-04-25 22:31 - 00001184 ____A C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2012-06-13 06:07 - 2011-03-02 03:48 - 00001150 ____A C:\Users\Public\Desktop\7-PDF Maker.lnk
2012-06-13 06:07 - 2011-03-02 01:42 - 00001601 ____A C:\Users\Public\Desktop\Gebührenformulare.lnk
2012-06-13 06:07 - 2011-03-02 01:37 - 00001596 ____A C:\Users\Public\Desktop\Handbuch des Wohnungseigentumsrechts.lnk
2012-06-13 06:07 - 2011-03-02 01:31 - 00001594 ____A C:\Users\Public\Desktop\Praxismodul Arbeits- und Sozialversicherungsrecht.lnk
2012-06-13 06:07 - 2011-03-02 01:19 - 00001602 ____A C:\Users\Public\Desktop\Formularpraxis - Verlag Dr. Otto Schmidt.lnk
2012-06-13 06:07 - 2011-02-28 12:01 - 00001277 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2012-06-13 06:07 - 2011-02-27 08:05 - 00001797 ____A C:\Users\Public\Desktop\Browserwahl.lnk
2012-06-13 06:07 - 2010-10-25 00:24 - 00002448 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-13 06:07 - 2010-08-30 12:01 - 00001943 ____A C:\Users\Public\Desktop\MEDION Serviceportal.lnk
2012-06-13 06:07 - 2010-08-26 06:51 - 00001931 ____A C:\Users\Public\Desktop\MEDIONhome.lnk
2012-06-13 05:58 - 2012-06-13 11:15 - 00010460 ____A C:\Users\Ernst & Gogg\Desktop\unhide.txt
2012-06-13 05:50 - 2012-06-13 05:50 - 00003682 ____A C:\Users\Ernst & Gogg\Desktop\mbam-log-2012-06-13 (15-50-09).txt
2012-06-13 05:45 - 2012-06-13 06:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 05:45 - 2012-06-13 05:45 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\Malwarebytes
2012-06-13 05:45 - 2012-06-13 05:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-13 05:45 - 2012-04-04 05:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-13 05:44 - 2012-06-13 05:45 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe
2012-06-13 05:24 - 2012-06-13 11:18 - 00000024 ____A C:\users\ERNST
2012-06-12 22:29 - 2012-06-12 22:30 - 00000000 ____D C:\Users\Ernst & Gogg\Desktop\Fehlerberichte
2012-06-12 06:15 - 2012-06-12 06:15 - 00262144 ____N C:\Windows\Minidump\061212-37892-01.dmp
2012-06-12 00:43 - 2012-06-12 00:44 - 00299080 ____A C:\Users\Ernst & Gogg\Downloads\ticketdirect853834974.pdf
2012-06-04 22:28 - 2012-06-04 22:28 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-23 00:49 - 2012-05-23 00:49 - 00084138 ____A C:\Users\Ernst & Gogg\Downloads\=_x-unknown_B_RnJlaWdlcMOkY2tfZsO8cl9GbMO8Z2Vfdm9uX25hY2hfVVNBLnBkZg==_=

============ 3 Months Modified Files and Folders =============

2012-06-21 20:51 - 2012-06-21 20:51 - 00000000 ____D C:\FRST
2012-06-21 20:48 - 2010-12-15 04:08 - 00000000 __SHD C:\System Volume Information
2012-06-21 10:47 - 2011-02-27 06:05 - 02049656 ____A C:\Windows\WindowsUpdate.log
2012-06-21 10:37 - 2012-04-04 22:26 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-21 10:30 - 2011-02-27 06:07 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-21 00:30 - 2011-02-27 06:07 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-20 08:41 - 2012-06-20 08:41 - 00000000 ____D C:\Users\Ernst & Gogg\Documents\OneNote-Notizbücher
2012-06-20 00:20 - 2012-04-01 14:03 - 00000000 ___SD C:\Users\Ernst & Gogg\Documents\Meine Datenquellen
2012-06-19 23:23 - 2009-07-13 20:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-19 23:23 - 2009-07-13 20:45 - 00010096 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-19 23:17 - 2011-07-28 23:11 - 00000000 ___RD C:\Users\Ernst & Gogg\Dropbox
2012-06-19 23:17 - 2011-07-28 22:55 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox
2012-06-19 23:16 - 2011-02-27 14:47 - 4294221824 __ASH C:\pagefile.sys
2012-06-19 23:16 - 2011-02-27 14:47 - 3220664320 __ASH C:\hiberfil.sys
2012-06-19 23:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-19 23:16 - 2009-07-13 20:51 - 00269738 ____A C:\Windows\setupact.log
2012-06-19 07:05 - 2010-05-12 00:18 - 00654150 ____A C:\Windows\System32\perfh007.dat
2012-06-19 07:05 - 2010-05-12 00:18 - 00130022 ____A C:\Windows\System32\perfc007.dat
2012-06-19 07:05 - 2009-07-13 21:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-18 23:01 - 2012-02-21 10:49 - 00392130 ____A C:\Windows\ntbtlog.txt
2012-06-15 01:29 - 2012-06-15 01:29 - 00607260 ____R (Swearware) C:\Users\Ernst & Gogg\Desktop\dds.com
2012-06-14 12:55 - 2012-06-13 07:04 - 00000000 ____D C:\Program Files (x86)\PC Tools
2012-06-14 12:55 - 2010-07-07 08:17 - 00154864 ____A C:\Windows\PFRO.log
2012-06-14 11:13 - 2012-06-13 06:58 - 00000000 ____D C:\Users\All Users\PC Tools
2012-06-14 11:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2012-06-14 06:15 - 2012-06-14 06:15 - 00145408 ____A C:\Users\Ernst & Gogg\Desktop\DEMOForderungen.xls
2012-06-14 06:08 - 2011-06-08 02:20 - 00000000 ____D C:\GVService
2012-06-14 06:08 - 2011-02-27 06:12 - 00000000 ___RD C:\Users\Ernst & Gogg\AppData\Local\VirtualStore
2012-06-13 14:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-13 13:37 - 2009-07-13 20:45 - 00426808 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 13:34 - 2011-02-27 13:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-13 13:26 - 2010-07-07 07:49 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 11:57 - 2012-06-13 11:57 - 00001416 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[4].txt
2012-06-13 11:56 - 2012-06-13 11:56 - 00001297 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[3].txt
2012-06-13 11:54 - 2012-06-13 11:54 - 00001794 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[2].txt
2012-06-13 11:54 - 2012-06-13 11:52 - 00000000 ____D C:\Users\Ernst & Gogg\Desktop\RK_Quarantine
2012-06-13 11:53 - 2012-06-13 11:53 - 00001883 ____A C:\Users\Ernst & Gogg\Desktop\RKreport[1].txt
2012-06-13 11:52 - 2012-06-13 11:52 - 01521152 ____A C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe
2012-06-13 11:18 - 2012-06-13 05:24 - 00000024 ____A C:\users\ERNST
2012-06-13 11:16 - 2009-07-13 19:20 - 00000000 ____D C:\ProgramData
2012-06-13 11:15 - 2012-06-13 05:58 - 00010460 ____A C:\Users\Ernst & Gogg\Desktop\unhide.txt
2012-06-13 11:08 - 2012-06-13 11:08 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Ernst & Gogg\Desktop\unhide.exe
2012-06-13 09:58 - 2012-06-13 09:58 - 01012656 ____A C:\Users\Ernst & Gogg\Desktop\iExplore.exe
2012-06-13 09:11 - 2012-06-13 09:11 - 00000702 ____A C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk
2012-06-13 08:37 - 2012-06-13 08:37 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Local\Threat Expert
2012-06-13 07:04 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2012-06-13 06:58 - 2012-06-13 06:58 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\TestApp
2012-06-13 06:55 - 2012-06-13 06:35 - 00000000 ____D C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-13 06:55 - 2012-06-13 06:35 - 00000000 ____D C:\sh4ldr
2012-06-13 06:35 - 2012-06-13 06:35 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-06-13 06:35 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files
2012-06-13 06:34 - 2012-06-13 06:34 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe
2012-06-13 06:33 - 2012-06-13 06:23 - 01012656 ____A C:\Users\Ernst & Gogg\Desktop\rkill.com
2012-06-13 06:21 - 2012-06-13 06:19 - 00244294 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_16.19.58_log.txt
2012-06-13 06:19 - 2012-06-13 06:19 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe
2012-06-13 06:14 - 2012-06-13 05:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 06:13 - 2012-06-13 11:15 - 00001156 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2012-06-13 05:50 - 2012-06-13 05:50 - 00003682 ____A C:\Users\Ernst & Gogg\Desktop\mbam-log-2012-06-13 (15-50-09).txt
2012-06-13 05:45 - 2012-06-13 05:45 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\Malwarebytes
2012-06-13 05:45 - 2012-06-13 05:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-13 05:45 - 2012-06-13 05:44 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe
2012-06-13 05:24 - 2009-07-13 19:20 - 00000000 ___RD C:\Users
2012-06-13 03:49 - 2011-07-28 23:11 - 00001042 ____A C:\Users\Ernst & Gogg\Desktop\Dropbox.lnk
2012-06-12 22:30 - 2012-06-12 22:29 - 00000000 ____D C:\Users\Ernst & Gogg\Desktop\Fehlerberichte
2012-06-12 22:26 - 2012-04-04 22:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-12 22:26 - 2011-05-23 10:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-12 06:15 - 2012-06-12 06:15 - 00262144 ____N C:\Windows\Minidump\061212-37892-01.dmp
2012-06-12 06:15 - 2011-04-01 11:33 - 00000000 ____D C:\Windows\Minidump
2012-06-12 00:44 - 2012-06-12 00:43 - 00299080 ____A C:\Users\Ernst & Gogg\Downloads\ticketdirect853834974.pdf
2012-06-12 00:16 - 2012-01-11 00:11 - 00000000 ____D C:\Users\Ernst & Gogg\Urlaub 2012
2012-06-04 22:28 - 2012-06-13 06:07 - 00001995 ____A C:\Users\Public\Desktop\Kostenlose Angebote.lnk
2012-06-04 22:28 - 2012-06-13 06:07 - 00001132 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-04 22:28 - 2012-06-04 22:28 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-04 22:28 - 2012-06-04 22:28 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-04 22:28 - 2011-03-02 03:56 - 00000000 ____D C:\Program Files (x86)\Real
2012-06-04 22:28 - 2011-03-02 03:55 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\Real
2012-06-02 14:19 - 2012-06-21 10:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-21 10:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 05:19 - 2012-06-21 10:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 10:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-23 00:49 - 2012-05-23 00:49 - 00084138 ____A C:\Users\Ernst & Gogg\Downloads\=_x-unknown_B_RnJlaWdlcMOkY2tfZsO8cl9GbMO8Z2Vfdm9uX25hY2hfVVNBLnBkZg==_=
2012-05-19 07:07 - 2012-05-19 07:06 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-19 07:06 - 2012-06-13 06:07 - 00001892 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-19 07:06 - 2012-05-19 07:06 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-17 23:16 - 2012-05-17 23:16 - 00000000 ____D C:\Users\Ernst & Gogg\AppData\Roaming\Avira
2012-05-17 23:11 - 2012-06-13 06:07 - 00002041 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-05-17 23:11 - 2012-05-17 23:11 - 00000000 ____D C:\Users\All Users\Avira
2012-05-17 23:11 - 2012-05-17 23:11 - 00000000 ____D C:\Program Files (x86)\Avira
2012-05-17 18:47 - 2012-06-13 13:19 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 13:19 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 13:19 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 13:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 13:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 13:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 13:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 13:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 13:20 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:55 - 2012-06-13 13:19 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:54 - 2012-06-13 13:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 13:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 13:20 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 13:20 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 13:19 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 13:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 13:19 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 13:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 13:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 13:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 13:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 13:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 13:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:29 - 2012-06-13 13:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:27 - 2012-06-13 13:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 13:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 13:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 13:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 13:18 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 10:34 - 2012-05-14 10:34 - 00033792 ____A C:\Users\Ernst & Gogg\Downloads\NewAttedanceSheetHeidelbergCementFinance(2) (1).doc
2012-05-11 01:14 - 2012-06-13 06:58 - 00251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-05-10 17:36 - 2010-07-07 07:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 17:01 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-05 10:37 - 2012-04-04 22:37 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-13 13:18 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 13:18 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 13:18 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 22:54 - 2012-06-13 06:07 - 00002136 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-05-02 22:54 - 2011-03-01 23:52 - 00000000 ____D C:\Users\All Users\NokiaInstallerCache
2012-05-02 05:24 - 2012-05-17 23:11 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-04-30 21:40 - 2012-06-13 13:18 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 13:18 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 00:20 - 2012-05-17 23:11 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-04-25 21:41 - 2012-06-13 13:18 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 13:18 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 13:18 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 23:18 - 2012-04-24 23:18 - 00022073 ____A C:\Users\Ernst & Gogg\Downloads\SRH Klausur Zivilrecht Lösung.docx
2012-04-24 14:32 - 2012-05-17 23:11 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-04-24 08:35 - 2012-04-24 08:35 - 00261178 ____A C:\Users\Ernst & Gogg\Downloads\voice.wav
2012-04-23 21:37 - 2012-06-13 13:18 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 13:18 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 13:18 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 13:18 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 13:18 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 13:18 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 22:36 - 2012-04-22 22:36 - 22259528 ____A C:\Users\Ernst & Gogg\Desktop\vlc-2.0.1-win32.exe
2012-04-22 22:31 - 2011-02-27 06:29 - 00000000 ____D C:\Users\Ernst & Gogg\Documents\MedionRechner
2012-04-22 19:37 - 2012-04-22 19:37 - 00262144 ____A C:\Windows\DUMP222f.DMP
2012-04-20 13:32 - 2012-06-13 06:07 - 00002259 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-20 13:32 - 2011-02-27 06:07 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-18 10:56 - 2012-04-18 10:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 10:56 - 2012-04-18 10:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-17 03:04 - 2012-06-13 06:07 - 00000968 ____A C:\Users\Public\Desktop\Versandhelfer.lnk
2012-04-17 03:04 - 2012-04-17 03:04 - 00000417 ____A C:\Users\Ernst & Gogg\AppData\Roaming\dpdhl.versandhelfer.medionpc_state.xml
2012-04-17 03:04 - 2012-04-17 03:04 - 00000000 ____D C:\Program Files (x86)\Versandhelfer
2012-04-16 17:09 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-07 04:31 - 2012-06-13 13:18 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-13 13:18 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-04 05:56 - 2012-06-13 05:45 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 02:34 - 2012-04-04 02:34 - 00479371 ____A C:\Users\Ernst & Gogg\Downloads\Heike DC APR12
2012-03-30 03:35 - 2012-05-09 20:27 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4095.29 MB
Available physical RAM: 3464.18 MB
Total Pagefile: 4093.44 MB
Available Pagefile: 3444.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Boot) (Fixed) (Total:1366.17 GB) (Free:1084.19 GB) NTFS
2 Drive e: (Recover) (Fixed) (Total:30 GB) (Free:10.37 GB) NTFS
7 Drive j: (TravelDrive) (Removable) (Total:1.92 GB) (Free:1.2 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1397 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 1366 GB 101 MB
Partition 3 Primary 30 GB 1366 GB
Partition 4 OEM 1024 MB 1396 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Boot NTFS Partition 1366 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recover NTFS Partition 30 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 NTFS Partition 1024 MB Healthy Hidden

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 16 KB

======================================================================================================

Disk: 4
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J TravelDrive FAT Removable 1967 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-19 10:38

======================= End Of Log ==========================

Larusso · 22.06.2012, 07:06

Starte bitte FRST erneut. Diesmal schreibe in die Search: Box folgendes

Zitat:

iastor.sys

Klicke auf den Search Button und poste die search.txt, welche auf deinem USB Stick erstelllt wurde.

moloko · 22.06.2012, 07:56

Guten Morgen,

kurze Nachfrage: meinst Du mit "SearchBox" das fenster welches sich NACH dem Start durch j:\frst64.exe öffnet und wo ich das erste mal "scan" geklickt habe?

Danke!

ich habe es nun verstanden: also hier das ergebnis:

Zitat:

Farbar Recovery Scan Tool Version: 17-06-2012 04
Ran by SYSTEM at 2012-06-22 10:43:53
Running from J:\

================== Search: "iastor.sys" ===================

====== End Of Search ======

Larusso · 22.06.2012, 09:57

Gefällt mir nicht :/

Welche Probleme sind eigentlich noch vorhanden. Die Logfile sieht ganz gut aus.

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

moloko · 22.06.2012, 10:21

TDSS hat nichjts gefunden, ein Log kann ich nirgends finden. Ich hatte das Programm bereits gespeichert und gerade upgedatet. Es lief bereits letzte Woche gemäß den Anleitungen hier. Auch damals keine Funde, kein Log, jedenfalls nihct gefunden.

Im Moment sind für mich als ANWENDER keine Probleme im Betrieb erkennbar.

Es ist folgendes nach der Infektion aufgefallen:
1.
Ich habe eine drive and go externe Festplatte am Rechner. Dorthin sichert Windows immer Sonntags. Die letzte Sicherung ist gescheitert. Windows meldet: Fehler beim Lesen aus der Schattenkopie auf einem der zu sichernden Volumes.
Fehlercode: 0x81000037

2.
Nach der Infektion werden auf dieser Festplatte neben dem Sicherungsordner keine weiteren Dateien/Ordner mehr angezeigt; es handelt sich im wesntlichen um Bilder und Videos Während meinen bereinigungversuchen nach der hiesigen Anleitung war die Platte vom Rechner getrennt; auch als unhide.exe lief, das die Dateien hier wieder umfänglich sichtbar gemacht hat.

Ansonsten fällt mir nichts auf.

Beste Grüße!

BTW:
Ich habe Logs der Scans und Bereinigungen von Mallwarebyts und RougeKiller, die ich angewendet habe; sind diese (noch) von Interesse?

Larusso · 22.06.2012, 10:37

Zitat:

Ich habe eine drive and go externe Festplatte am Rechner

Ich bin leider ein Tech-Noob ( ja, auch wir können nicht alles ) aber kann ich mir das wie eine Art RAID vorstellen ?

Geht nämlich darum, dass ein Treiber, welcher sehr wahrscheinlich für dies zuständig ist, fehlt.

Poste mir mal bitte die aktuellste Logfile von RogueKiller

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5 
/md5start
services.exe
user32.dll
iastor.*
/md5stop
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

moloko · 22.06.2012, 10:50

ddie platte heißt so. das ist eine gewöhnliche ext. platte mittel steckmodul und schine auf der oberseite des gehäuses platziert.....
tdss hat übrigens einen ziemlich langen report wohl erstllt, den kann ich aber nur ansehen nicht mittels rechtsklick kopieren aber...

hier zunächst die gewünschten logs von rougekiller:

Code:

ATTFilter

 
ogueKiller V7.5.4 [06/07/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Ernst & Gogg [Admin Rechte]
Funktion: Scannen --Datum: 06/13/2012 21:53:16

¤¤¤ Böswillige Prozesse: 0 ¤¤¤

¤¤¤ Registry-Einträge: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : JAVA (C:\Windows\java.vbs) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2881200875-1395689310-235358202-1001[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++
--- User ---
[MBR] bade5fca886393466c3abe2c4d96c73e
[BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[1].txt >>
RKreport[1].txt

Code:

ATTFilter

RogueKiller V7.5.4 [06/07/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Ernst & Gogg [Admin Rechte]
Funktion: Entfernen --Datum: 06/13/2012 21:54:23

¤¤¤ Böswillige Prozesse: 0 ¤¤¤

¤¤¤ Registry-Einträge: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : GPHmiBRaKXsSREO.exe (C:\ProgramData\GPHmiBRaKXsSREO.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : JAVA (C:\Windows\java.vbs) -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++
--- User ---
[MBR] bade5fca886393466c3abe2c4d96c73e
[BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Code:

ATTFilter

RogueKiller V7.5.4 [06/07/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Ernst & Gogg [Admin Rechte]
Funktion: Scannen --Datum: 06/13/2012 21:56:03

¤¤¤ Böswillige Prozesse: 0 ¤¤¤

¤¤¤ Registry-Einträge: 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST315005 41AS SATA Disk Device +++++
--- User ---
[MBR] bade5fca886393466c3abe2c4d96c73e
[BSP] 4eda00d3cc03b8a3dbff798c7360e3a9 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1398953 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2865262592 | Size: 30720 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 2928177152 | Size: 1024 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Code:

ATTFilter

RogueKiller V7.5.4 [06/07/2012]durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: hxxp://tigzyrk.blogspot.com

Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in: Normal Modus
Benutzer: Ernst & Gogg [Admin Rechte]
Funktion: Reparierte Verknüpfungen --Datum: 06/13/2012 21:57:17

¤¤¤ Böswillige Prozesse: 0 ¤¤¤

¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤

¤¤¤ Dateiattribute wiederhergestellt: ¤¤¤
Desktop: Success 0 / Fail 0
Schnellstart: Success 0 / Fail 0
Programme: Success 2 / Fail 0
Startmenü: Success 0 / Fail 0
Benutzer Ordner: Success 109 / Fail 0
Eigene Dateien: Success 0 / Fail 0
Mein Favoriten: Success 0 / Fail 0
Meine Bilder: Success 0 / Fail 0
Meine Musik: Success 1532 / Fail 0
Meine Videos: Success 0 / Fail 0
Lokale Laufwerke: Success 37 / Fail 0
Sicherungskopie: [FOUND] Success 0 / Fail 227

Laufwerke:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infektion : Rogue.FakeHDD ¤¤¤

Abgeschlossen : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

otl kommt arbeitsbedingt etwas später..

grüße

moloko · 22.06.2012, 11:23

...und hier also die otl-logs. .....

[CODE]
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/22/2012 12:07:30 PM - Run 1
OTL by OldTimer - Version 3.2.51.0     Folder = C:\Users\Ernst & Gogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.36% Memory free
8.00 Gb Paging File | 6.15 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1083.14 Gb Free Space | 79.28% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.37 Gb Free Space | 34.58% Space Free | Partition Type: NTFS
Drive I: | 465.65 Gb Total Space | 194.47 Gb Free Space | 41.76% Space Free | Partition Type: FAT32
Drive J: | 1.92 Gb Total Space | 1.20 Gb Free Space | 62.52% Space Free | Partition Type: FAT
 
Computer Name: MEDION01 | User Name: Ernst & Gogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/22 12:05:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe
PRC - [2012/06/05 08:28:06 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/17 13:04:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/01 09:11:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 14:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/17 19:53:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/17 13:04:30 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe
MOD - [2012/02/01 09:12:34 | 000,423,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/02/01 09:12:32 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/02/01 09:12:30 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/02/01 09:12:14 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/02/01 09:12:14 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/02/01 09:11:28 | 000,437,632 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/11/11 04:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/06/13 08:26:35 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/06/14 11:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/05/15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE420
IE - HKCU\..\SearchScopes\{AAF08C6E-80BB-469E-8A50-15A07B470FD6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE420
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/02 13:47:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/02 13:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/02/22 09:44:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/05 08:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/22 09:44:26 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968D1D2D-689F-407A-9952-71D7A2706EF2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/22 12:05:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe
[2012/06/22 11:37:32 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe
[2012/06/22 06:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/20 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Documents\OneNote-Notizbücher
[2012/06/15 11:29:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ernst & Gogg\Desktop\dds.com
[2012/06/13 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Desktop\RK_Quarantine
[2012/06/13 21:08:29 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ernst & Gogg\Desktop\unhide.exe
[2012/06/13 18:37:02 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Local\Threat Expert
[2012/06/13 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/13 16:58:50 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/13 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/13 16:58:26 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\TestApp
[2012/06/13 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/13 16:35:55 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/13 16:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/13 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/13 16:34:44 | 000,725,408 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe
[2012/06/13 15:45:32 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\Malwarebytes
[2012/06/13 15:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/13 15:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/13 15:45:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/13 15:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 15:44:54 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe
[2012/06/13 13:48:51 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/06/13 08:29:22 | 000,000,000 | ---D | C] -- C:\Users\Ernst & Gogg\Desktop\Fehlerberichte
[2012/06/05 08:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/05 08:28:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/05 08:28:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2011/03/02 11:27:39 | 000,359,936 | ---- | C] (SHI Elektronische Medien GmbH) -- C:\Users\Ernst & Gogg\IPView.exe
[2011/03/02 11:19:57 | 000,167,936 | ---- | C] (ADVOLINE GmbH & Co. KG) -- C:\Users\Ernst & Gogg\progset.exe
[2011/03/02 11:19:57 | 000,144,384 | ---- | C] (Verlag Dr. Otto-Schmidt) -- C:\Users\Ernst & Gogg\Formularpraxis.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/22 12:05:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ernst & Gogg\Desktop\OTL.exe
[2012/06/22 11:37:38 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.exe
[2012/06/22 11:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 11:30:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 11:04:21 | 002,109,806 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.zip
[2012/06/22 10:56:29 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 10:56:29 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 10:49:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/22 10:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 10:48:55 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 18:41:19 | 000,001,387 | ---- | M] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/19 17:05:12 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/19 17:05:12 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/06/19 17:05:12 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/19 17:05:12 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/06/19 17:05:12 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 11:29:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ernst & Gogg\Desktop\dds.com
[2012/06/13 23:37:31 | 000,426,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 21:52:55 | 001,521,152 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe
[2012/06/13 21:08:29 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ernst & Gogg\Desktop\unhide.exe
[2012/06/13 19:58:16 | 001,012,656 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\iExplore.exe
[2012/06/13 19:11:09 | 000,000,702 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk
[2012/06/13 16:34:46 | 000,725,408 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Ernst & Gogg\Desktop\SpyHunter-Installer.exe
[2012/06/13 16:33:12 | 001,012,656 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\rkill.com
[2012/06/13 16:13:16 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/13 15:45:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ernst & Gogg\Desktop\malwarebytes_antimalware_1.61.exe
[2012/06/13 13:49:54 | 000,001,060 | ---- | M] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/13 13:49:18 | 000,001,042 | ---- | M] () -- C:\Users\Ernst & Gogg\Desktop\Dropbox.lnk
[2012/06/05 08:28:32 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012/06/05 08:28:32 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/05 08:28:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/22 11:04:14 | 002,109,806 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\tdsskiller.zip
[2012/06/20 18:41:19 | 000,001,387 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012/06/13 21:52:41 | 001,521,152 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\RogueKiller.exe
[2012/06/13 21:15:03 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/13 19:58:16 | 001,012,656 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\iExplore.exe
[2012/06/13 19:11:09 | 000,000,702 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk
[2012/06/13 16:23:05 | 001,012,656 | ---- | C] () -- C:\Users\Ernst & Gogg\Desktop\rkill.com
[2012/06/13 16:07:06 | 000,002,581 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/13 16:07:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/13 16:07:06 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/13 16:07:06 | 000,002,448 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/13 16:07:06 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2012/06/13 16:07:06 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/13 16:07:06 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/13 16:07:06 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012/06/13 16:07:06 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2012/06/13 16:07:06 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/13 16:07:06 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012/06/13 16:07:06 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\MEDION Serviceportal.lnk
[2012/06/13 16:07:06 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\MEDIONhome.lnk
[2012/06/13 16:07:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/13 16:07:06 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012/06/13 16:07:06 | 000,001,602 | ---- | C] () -- C:\Users\Public\Desktop\Formularpraxis - Verlag Dr. Otto Schmidt.lnk
[2012/06/13 16:07:06 | 000,001,601 | ---- | C] () -- C:\Users\Public\Desktop\Gebührenformulare.lnk
[2012/06/13 16:07:06 | 000,001,596 | ---- | C] () -- C:\Users\Public\Desktop\Handbuch des Wohnungseigentumsrechts.lnk
[2012/06/13 16:07:06 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\Praxismodul Arbeits- und Sozialversicherungsrecht.lnk
[2012/06/13 16:07:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/06/13 16:07:06 | 000,001,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/06/13 16:07:06 | 000,001,421 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/13 16:07:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/06/13 16:07:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/06/13 16:07:06 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/06/13 16:07:06 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/06/13 16:07:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/06/13 16:07:06 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/06/13 16:07:06 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/06/13 16:07:06 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/06/13 16:07:06 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012/06/13 16:07:06 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/13 16:07:06 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\7-PDF Maker.lnk
[2012/06/13 16:07:06 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/06/13 16:07:06 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012/06/13 16:07:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 16:07:06 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\Versandhelfer.lnk
[2012/04/17 13:04:08 | 000,000,417 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\dpdhl.versandhelfer.medionpc_state.xml
[2011/12/25 17:09:41 | 000,000,848 | --S- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/26 21:25:36 | 002,882,748 | ---- | C] () -- C:\Users\Ernst & Gogg\Datenrettung Verbatim v. 26.04.2011.st3
[2011/04/03 14:49:03 | 000,000,056 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Roaming\Win-NeKo.ini
[2011/03/02 11:42:09 | 000,118,272 | ---- | C] () -- C:\Users\Ernst & Gogg\Gebührenformulare.dot
[2011/03/02 11:42:09 | 000,005,064 | ---- | C] () -- C:\Users\Ernst & Gogg\Gebührenformulare.INI
[2011/03/02 11:42:07 | 000,077,409 | ---- | C] () -- C:\Users\Ernst & Gogg\Uninst.isu
[2011/03/02 11:42:07 | 000,073,174 | ---- | C] () -- C:\Users\Ernst & Gogg\Readme.pdf
[2011/03/02 11:30:18 | 000,000,313 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2011/03/02 11:27:39 | 000,626,456 | ---- | C] () -- C:\Users\Ernst & Gogg\setup.bmp
[2011/03/02 11:27:39 | 000,567,913 | ---- | C] () -- C:\Users\Ernst & Gogg\userinfo.rtf
[2011/03/02 11:27:39 | 000,374,922 | ---- | C] () -- C:\Users\Ernst & Gogg\IPview.spl
[2011/03/02 11:27:39 | 000,015,624 | ---- | C] () -- C:\Users\Ernst & Gogg\shiinfo.rtf
[2011/03/02 11:27:39 | 000,011,231 | ---- | C] () -- C:\Users\Ernst & Gogg\userinfo_lang.rtf
[2011/03/02 11:27:39 | 000,009,260 | ---- | C] () -- C:\Users\Ernst & Gogg\IPview.mod
[2011/03/02 11:27:39 | 000,005,709 | ---- | C] () -- C:\Users\Ernst & Gogg\orderinfo.rtf
[2011/03/02 11:27:39 | 000,000,434 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintHeader.ptm
[2011/03/02 11:27:39 | 000,000,340 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintBody.ptm
[2011/03/02 11:27:39 | 000,000,227 | ---- | C] () -- C:\Users\Ernst & Gogg\IPVStdPrintFooter.ptm
[2011/03/02 11:27:38 | 000,880,128 | ---- | C] () -- C:\Users\Ernst & Gogg\htmvwrap.dll
[2011/03/02 11:27:38 | 000,020,216 | ---- | C] () -- C:\Users\Ernst & Gogg\Deubner.bmp
[2011/03/02 11:27:38 | 000,005,040 | ---- | C] () -- C:\Users\Ernst & Gogg\hotlineinfo.rtf
[2011/03/02 11:19:57 | 000,048,390 | ---- | C] () -- C:\Users\Ernst & Gogg\Allgemeine Bedienungshinweise.pdf
[2011/03/02 10:06:25 | 000,006,656 | ---- | C] () -- C:\Users\Ernst & Gogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/27 18:13:02 | 000,000,943 | ---- | C] () -- C:\Users\Ernst & Gogg\Eigene Dokumente - Verknüpfung.lnk
[2010/12/03 20:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/03 20:12:37 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/09 16:41:29 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe
 
========== LOP Check ==========
 
[2011/03/24 08:52:29 | 000,000,000 | --SD | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\.#
[2011/03/02 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\7-PDFMaker
[2011/02/27 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\ALDI_SUED_Mah_Jong
[2011/03/01 22:42:00 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1
[2012/06/22 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Dropbox
[2011/02/28 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Foxit Software
[2011/12/05 20:52:35 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\kock
[2012/02/22 09:45:05 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia
[2011/03/02 10:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia Ovi Suite
[2012/02/22 10:00:53 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Nokia Suite
[2011/03/02 10:01:06 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\PC Suite
[2012/06/13 16:58:26 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\TestApp
[2011/06/05 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Windows Live Writer
[2011/06/08 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\Workshop
[2011/12/09 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Roaming\xmldm
[2011/06/02 21:04:37 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/02/21 19:31:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/29 17:59:28 | 000,000,000 | ---D | M] -- C:\CanoScan
[2011/02/27 16:05:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/06/22 06:52:06 | 000,000,000 | ---D | M] -- C:\FRST
[2012/06/14 16:08:04 | 000,000,000 | ---D | M] -- C:\GVService
[2011/02/27 23:09:53 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/06/13 16:35:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/06/13 17:04:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/06/13 21:16:50 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011/02/27 16:05:08 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/06/13 16:55:52 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2012/06/22 12:09:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/13 15:24:35 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/14 21:13:00 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
 
< %localappdata%\*. /5  >
[2012/06/20 18:41:08 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Local\Microsoft
[2012/06/22 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\Ernst & Gogg\AppData\Local\Temp
 
< MD5 for: IASTOR.SYS[1].HTM  >
[2012/06/22 09:40:54 | 000,025,298 | ---- | M] () MD5=B7825CAC387CD914C1E7E15DBF97F857 -- C:\Users\Ernst & Gogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4BUG8CL\iastor.sys[1].htm
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\dc27c38d9b7eaf96642aee3cb3400730\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

--- --- ---

Code:

ATTFilter

TL Extras logfile created on: 6/22/2012 12:07:30 PM - Run 1
OTL by OldTimer - Version 3.2.51.0     Folder = C:\Users\Ernst & Gogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.36% Memory free
8.00 Gb Paging File | 6.15 Gb Available in Paging File | 76.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1083.14 Gb Free Space | 79.28% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.37 Gb Free Space | 34.58% Space Free | Partition Type: NTFS
Drive I: | 465.65 Gb Total Space | 194.47 Gb Free Space | 41.76% Space Free | Partition Type: FAT32
Drive J: | 1.92 Gb Total Space | 1.20 Gb Free Space | 62.52% Space Free | Partition Type: FAT
 
Computer Name: MEDION01 | User Name: Ernst & Gogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\windows\system32\rundll32.exe" "C:\windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A7E774-2626-439B-AD22-5D3DD84F58BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{09A801D6-50CD-4DAB-861B-C99B081434C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0AECE74E-12C4-48AF-A42C-78352A9D14E0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0DF974C6-A309-4DD5-83ED-310D86AE5037}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{133F6850-AD5C-4F4E-8853-ACB742D35E39}" = rport=139 | protocol=6 | dir=out | app=system | 
"{24B242EE-8380-4A98-B5FC-9E229E39788C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4AF79DF7-63C1-4463-979C-8A2F3462F7BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B1C21F8-D731-4AA6-A189-72E135FEA635}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{51326300-E8DF-4607-A38C-F57E95241503}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{524F2F30-6BF6-464B-8849-5D007BFCA14E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B7DD138-1BC3-436F-9FE7-3A242A4EC721}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B495AFB-A6B1-4266-8DAD-1BEE10CA6242}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8E7E13F8-981D-4018-8A08-E5822D94515C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97EFAC1A-503E-441B-872E-7D5910C25FFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9882EF55-4D73-4800-867B-1426BEAC9A58}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9ACC7435-500D-48E4-AC83-5B917A55DC7B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A8BB59F2-F5D8-4A74-ADCC-72E55EDAD6E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5C106DF-47FE-498E-AA04-EBB2645B6089}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B610479A-E4E9-420A-B5E2-332B708C3AC4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BDFC4105-FA73-46E8-B7ED-374BA5D79F0F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C33B4BED-531A-4C45-842E-EFD54114C549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CA24C114-83BC-4D33-B0BB-659A8A7E3FBA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CA2BCC48-4ED6-44AD-B96F-26CBF53B2EB4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E4231910-69D8-4E6F-8758-EC353B25EB8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CBAF39-0FE4-4319-BBF6-4315C639D57F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0B3CDE2F-5C09-4148-9706-501AE245924B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0B984603-72F5-415B-8070-4C77CB80EE69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{20F83367-4815-497E-A2B4-FC287EEE2C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{27C34A10-592F-4EEC-AE45-CCDA49583AC2}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{284AA70A-4051-47D3-8DFE-4B0E486EBEE3}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{2BF0CAD7-4B88-4D75-9AA7-5F19D1D4C2DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DEA938F-24C3-4079-82E3-4DFC92FC5C90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33CA17C1-5DEC-45BE-B9E4-B9180888C964}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41F03C25-22D0-4295-9000-45755D873EAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4DB1CC2D-07A4-47FB-9803-7ECDDAF9D960}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{4ED9336E-4A7C-4AA0-A838-757B9997DDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5519D5B6-C5B5-49FF-AA82-02E2760D9BD9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{61044752-8B12-4C75-84EA-94D12D3A57D5}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{61454908-70C1-4701-B590-AD9CE97BA5F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65F857F3-C7FF-46BD-B524-94616FA082FF}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{6F93146A-FD2C-45BD-A580-DB6B12B675F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{73E6AB5C-9219-4A7F-BC16-A1E9AA19816D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{80D3E5B7-A947-4D67-9479-E6538F70973F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86F819C3-50BE-42C6-AAAF-34F36D4A157E}" = protocol=17 | dir=in | app=c:\users\ernst & gogg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9559CE61-4543-4364-BD42-AF6A6A717DD2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F7F8FDD-5F01-4F46-96B2-9EA1F197E47C}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{9FB45734-DA66-4BE9-A955-C0DDCE84D92B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A182B99C-B815-439E-A3E8-A2E07C5EC7FF}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{AA9A893D-B365-4E7B-B951-6D4A8DB74062}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ACB484BA-8183-465A-822A-1012C8D473D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B3B2D670-70D9-46A8-BB96-DD9905D041DE}" = protocol=6 | dir=in | app=c:\users\ernst & gogg\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C3D36546-204E-4CD1-996F-A1A008ADFA51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1BC93E1-DD84-4C07-A540-76638495AA7F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F1DF4B45-5F5C-45B2-88AF-A19DBA5AD722}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F965331D-4AFF-4DFC-8ACC-9F874BBA8F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF298CEA-641A-4C84-9ED5-50BDC8005E6B}" = protocol=6 | dir=out | app=system | 
"TCP Query User{79D71088-8F63-4555-B706-8F7A0F691F7A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{FF6B45C2-EF7C-4F17-9A8A-65FBF218606D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6AEF1CB7-972F-444B-8F13-6FA6AFD88FA3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{7CFAEACB-ACA4-43AB-A8DA-4E37A7C8A934}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5479F9EC-5D71-CB4F-7091-3BF696F82035}" = ATI Catalyst Install Manager
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{06036391-62EB-2F47-A780-A9E1C21B4362}" = Versandhelfer
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49CB6744-E778-406C-91CD-F583B9AF4656}" = Formularpraxis - Verlag Dr. Otto Schmidt
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.8 (Build 116)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"DEUBNER VERLAG HANDBUCH DES WOHNUNGSEIGENTUMSRECHTS 1_0" = Deubner Verlag Handbuch des Wohnungseigentumsrechts 1.0
"DEUBNER VERLAG PRAXISMODUL ARBEITS_ UND SOZIALVERSICHERU 1_0" = Deubner Verlag Praxismodul Arbeits- und Sozialversicheru 1.0
"DivX Setup.divx.com" = DivX-Setup
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Foxit Reader" = Foxit Reader
"Gebührenformulare" = Gebührenformulare
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 15.0" = RealPlayer
"VLC media player" = VLC media player 1.1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Winmail Opener" = Winmail Opener 1.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GVService" = GVService
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/21/2012 8:00:34 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 2/22/2012 3:58:05 AM | Computer Name = Medion01 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Ernst
 & Gogg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL2VP5EE\SoftonicDownloader_fuer_nokia-pc-suite.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2/22/2012 7:31:10 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 2/22/2012 7:33:01 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\ernst
 & gogg\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ZL2VP5EE\softonicdownloader_fuer_nokia-pc-suite.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2/24/2012 1:33:35 PM | Computer Name = Medion01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d762323  Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version:
 11.1.102.62, Zeitstempel: 0x4f39bfea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000142519
ID
 des fehlerhaften Prozesses: 0x21d0  Startzeit der fehlerhaften Anwendung: 0x01ccf2cd26dda8c9
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
Berichtskennung:
 ad5d0d13-5f0d-11e1-aaee-6c626dc178d5
 
Error - 2/25/2012 9:51:43 AM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 2/26/2012 7:30:40 PM | Computer Name = Medion01 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 2/29/2012 4:32:09 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d762323  Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version:
 11.1.102.62, Zeitstempel: 0x4f39bfea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000076812c
ID
 des fehlerhaften Prozesses: 0x1980  Startzeit der fehlerhaften Anwendung: 0x01ccf6b36f737d8e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
Berichtskennung:
 de05accb-62af-11e1-a5a7-6c626dc178d5
 
Error - 3/4/2012 8:25:25 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d762323  Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version:
 11.1.102.62, Zeitstempel: 0x4f39bfea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000559d30
ID
 des fehlerhaften Prozesses: 0x2080  Startzeit der fehlerhaften Anwendung: 0x01ccf9e4eb032847
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
Berichtskennung:
 1e53364d-65f5-11e1-a5a7-6c626dc178d5
 
Error - 3/5/2012 3:29:28 AM | Computer Name = Medion01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d762323  Name des fehlerhaften Moduls: Flash64_11_1_102.ocx, Version:
 11.1.102.62, Zeitstempel: 0x4f39bfea  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000007682e1
ID
 des fehlerhaften Prozesses: 0x1658  Startzeit der fehlerhaften Anwendung: 0x01ccfa98220ea4b8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx
Berichtskennung:
 f0daf539-6694-11e1-a5a7-6c626dc178d5
 
[ System Events ]
Error - 6/19/2012 3:01:27 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:28 AM | Computer Name = Medion01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 6/19/2012 3:01:44 AM | Computer Name = Medion01 | Source = DCOM | ID = 10005
Description = 
 
Error - 6/19/2012 3:01:44 AM | Computer Name = Medion01 | Source = DCOM | ID = 10005
Description = 
 
Error - 6/22/2012 4:50:49 AM | Computer Name = Medion01 | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

Larusso · 23.06.2012, 05:55

Ist das ein Rechner einer Rechtsanwaltskanzlei ? Wenn ja, würde ich ihn neu aufsetzen.

Deine Entscheidung, ich sag nur, dass es mehr Arbeit sein wird, da soviel schon selber rumgepfuscht wurde und ob ich jetzt alles Finde, ist die andere Sache.

moloko · 23.06.2012, 07:53

Hallo Daniel,
ja, es ist EIN (mein) Einzelarbeitsplatz der Kanzlei; derzeit und im Zeitpunkt der Infektion nicht an ein Netzwerk angeschlossen. Er wird beruflich aber auch privat genutzt. Sensible Daten sind alle mehrfach gesichert; es wäre also grds. möglich den Rechner neu aufzusetzen.

Bevor ich das entscheide:
Kannst Du noch kurz erläutern was "mehr "Arbeit" bedeutet und welches Ausmaß und Bedeutung der "Pfusch" hat; insbesondere: ist erkennbar ob der Rechner (noch) infiziert ist, oder ob "lediglich"" Sicherheitslücken bestehen? Was wäre möglicherwiese"zu finden" , bzw. wonach wäre zu suchen?

Vielen Dank für Deine Bemühungen und vor allem für die klaren Statements.

Dieter

und aus gegebenem Anlass:

gerade habe ich (ohne Anlass) einen mbam quick -scan nach update laufen lassen mit diesem Ergebnis

Code:

ATTFilter

Datenbank Version: v2012.06.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ernst & Gogg :: MEDION01 [Administrator]

Schutz: Aktiviert

23.06.2012 09:05:31
mbam-log-2012-06-23 (09-05-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213887
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ernst & Gogg\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ist dieser Fund bedeutsam für die Frage wie es konkret weitergeht?

Larusso · 23.06.2012, 08:43

Pfusch war vl der falsche Ausdruck. Ich steh halt nicht auf diese "Wie entfernen sie blabla" Anleitungen auch wenn Malwarebytes und Co sehr gut darin sind.

Es gibt ja durchaus Gründe, warum wir hier jeden einzelnen User behandeln. Gäbe es All in One Anleitungen, wäre ich hier wahrscheinlich sinnlos

Ich sehe keine Anweisung von mir, MBAM erneut laufen zu lassen.

Der Fund ist im Grunde nichts mehr, gehört nur zu einer Infektion.

Mehrarbeit bedeutet einfach, dass wir jetzt mal den Fehlenden Treiber finden müssen, wozu wir wahrscheinlich eine Win DVD brauchen, da ich keine Kopie auf deinem System finden kann.
Dann muss ich mal herausfinden, was dafür verantwortlich ist, warum auf die VSS nicht zugegriffen werden kann .....

Darum, ich sage einfach CD rein, davon booten, neu installieren, Datensicherung einspielen = alles wie vorher, 100% cleanes System.

Arbeit auf eine gute Stunde, wobei ne halbe Stunde davon sowieso die Windows Installation für dich arbeitet.
Ich seh das jetzt mal aus wirtschaftlicher Sicht. ( bei Freunden, die ne Datensicherung haben, mach ich es nicht anders )

moloko · 26.06.2012, 07:51

Hallo Daniel;

ich verstehe.

Allerdings fand ich bei meinem Erstkontakt hier bereits die schematischen Lösungsansätze ausgesprochen hilfreich; immerhin konnte der Rechner damit innerhalb kurzer Zeit wieder benutzt werden - und bis heute ohne weitere sichtbare Vorkommnisse.

Die individuelle Problembehandlung habe ich derart engagiert gar nicht erwartet; ganz unabhängig von meiner Sache dafür großen Respekt und vielen Dank.

Ich denke i.M. noch nach, was ich tun werde. Gesichert sind die beruflichen Daten, nicht vollständig jedoch leider das Private was hier liegt; das hätte ich dann noch nachzuholen.... andererseits interessiert mich die Problembehandlung, für Euch Alltag; für mich sehr aufschlussreich und spannend...sofern das im Rahmen Deiner zeitlichen Inanspruchnahme hier möglich ist, denke ich deshalb - ganz unabhängig von meinen wirtschaftlichen Erwägungen - darüber nach, diese Problembehandlung fortzuführen und wenn möglich zu Ende zu bringen. Wärst Du dazu bereit?

Grüße!

Dieter

20.06.2012, 17:47	#16
Larusso /// Selecta Jahrusso	SMART HDD Schwierigkeiten bei der Entfernung aaaaa, das was anderes Anderen USB Slot versucht ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

20.06.2012, 21:19	#18
Larusso /// Selecta Jahrusso	SMART HDD Schwierigkeiten bei der Entfernung Nein, das Tool ist nicht für den Normalmodus entwickelt. __________________ __________________

SMART HDD Schwierigkeiten bei der Entfernung

Plagegeister aller Art und deren Bekämpfung: SMART HDD Schwierigkeiten bei der Entfernung