| |
| |||||||
Log-Analyse und Auswertung: BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2012, 21:17
| #1 |
| |  BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? Hallo, ich hoffe jemand kann mir helfen. Ich habe seit gestern Abend laut Avira folgenden Virus auf meinem Windows7 64bit SP1 Rechner: BOO/TDss.O im Masterbootsektor HD0 im Bootsektor C im Bootsektor D im Bootsektor E und kann auf fast alle Programme/Daten nicht mehr direkt zugreifen. Windows gaukelt mir vor die Programme/Daten sind weg, jedoch kann ich sie mit hilfe vom MiniXP der HirenbootCD noch sehen. Wie bekomme ich die Bootsektoren wieder frei und wieder vollen zugriff auf meine Programme/Daten? Folgendes habe ich schon gemacht: OTL.txt zeigt folgendes: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.07.2012 18:46:36 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,23% Memory free 6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 11,34 Gb Free Space | 23,23% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 164,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS Drive E: | 195,32 Gb Total Space | 193,24 Gb Free Space | 98,94% Space Free | Partition Type: NTFS Drive M: | 500,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-C2D | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 18:37:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.08 20:18:16 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:18:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:18:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.20 23:00:52 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.12.20 23:00:51 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.07.02 00:12:13 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.01 23:22:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2008.10.14 21:38:56 | 000,623,992 | -H-- | M] (Adobe Systems Inc.) -- D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.14 20:56:26 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 20:18:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:18:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.20 23:00:51 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.02 00:12:13 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.01 23:22:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 20:18:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 20:18:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.07.01 14:48:43 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.05.18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2011.05.18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2011.10.17 09:01:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.07.01 20:30:16 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004.11.25 18:36:06 | 000,077,248 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.11.25 18:32:01 | 000,054,368 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06) DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 8E 52 36 CB 5A CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Apple\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.14 22:07:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: d:\Programme\Mozilla Firefox\components [2012.06.20 14:12:13 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins [2012.06.14 22:07:30 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.12 10:14:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 14:12:13 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.06.14 22:07:30 | 000,000,000 | -H-D | M] [2011.07.01 12:26:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.29 09:32:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions [2012.06.19 20:05:35 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.20 13:39:32 | 000,000,000 | -H-D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hr8ybchp.default\extensions\ich@maltegoetz.de [2012.06.29 09:32:41 | 000,000,853 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\11-suche.xml [2012.06.29 09:32:41 | 000,002,209 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\englische-ergebnisse.xml [2012.06.29 09:32:41 | 000,010,506 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\gmx-suche.xml [2012.06.29 09:32:41 | 000,002,368 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\lastminute.xml [2012.06.29 09:32:41 | 000,005,489 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\hr8ybchp.default\searchplugins\webde-suche.xml [2012.05.20 13:39:32 | 000,697,058 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.01.13 23:29:15 | 000,022,508 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\PLUGIN@FILSH.NET.XPI [2012.06.29 09:32:38 | 000,575,217 | -H-- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR8YBCHP.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\/Adobe Contribute CS3/contributeieplugin.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Programme\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEF29970-4176-4D28-8585-3D470B9C5E58}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - D:\Programme\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.07 13:42:16 | 000,000,128 | R--- | M] () - M:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{00bbce86-a3d7-11e0-87df-002586e0167a}\Shell - "" = AutoRun O33 - MountPoints2\{00bbce86-a3d7-11e0-87df-002586e0167a}\Shell\AutoRun\command - "" = P:\AutoRunCD.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 18:37:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.05 06:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.05 01:05:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.07.05 00:06:29 | 000,000,000 | -H-D | C] -- C:\Quarantine [2012.07.04 20:15:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.07.03 23:00:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xperia [2012.06.19 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2012.06.15 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray [2012.06.14 22:14:23 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Stardock [2012.06.14 22:14:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6} [2012.06.14 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2012.06.14 22:13:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\PackageAware [2012.06.14 22:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.14 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.14 22:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.14 22:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.14 22:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2012.06.14 21:00:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.05 18:37:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.05 18:36:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.07.05 18:34:32 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.05 18:34:22 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 18:34:22 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 18:29:12 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.07.05 18:29:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.07.05 18:29:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.07.05 18:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 18:26:12 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 20:21:48 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-CY0HKRlpkCFMZmr [2012.07.04 20:21:48 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-CY0HKRlpkCFMZm [2012.07.04 20:21:46 | 000,000,256 | -H-- | M] () -- C:\ProgramData\CY0HKRlpkCFMZm [2012.07.04 20:15:25 | 000,000,256 | -H-- | M] () -- C:\ProgramData\nmPg9qm99WJQ1j [2012.07.04 20:15:14 | 000,000,662 | -H-- | M] () -- C:\Users\***\Desktop\Data_Recovery.lnk [2012.07.04 20:15:14 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-nmPg9qm99WJQ1jr [2012.07.04 20:15:14 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-nmPg9qm99WJQ1j [2012.07.04 19:31:19 | 000,346,360 | -H-- | M] () -- C:\ProgramData\ucQlpyNtnuJXT.exe [2012.06.19 21:56:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.06.18 22:26:23 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.18 22:26:23 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.18 22:26:23 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.18 22:26:23 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.18 22:26:23 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 22:26:13 | 001,590,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 22:31:40 | 000,001,100 | -H-- | M] () -- C:\Users\***\Desktop\Windows Explorer.lnk [2012.06.14 22:27:50 | 000,001,409 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk [2012.06.14 22:27:35 | 000,000,779 | -H-- | M] () -- C:\Users\***\Desktop\WinRAR.lnk [2012.06.14 22:27:17 | 000,002,723 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2007.lnk [2012.06.14 22:27:11 | 000,002,703 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft Excel 2007.lnk [2012.06.14 22:27:07 | 000,002,697 | -H-- | M] () -- C:\Users\***\Desktop\Microsoft Word 2007.lnk [2012.06.14 22:25:27 | 000,001,890 | -H-- | M] () -- C:\Users\***\Desktop\Avira Antivirus.lnk [2012.06.14 22:05:19 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2012.06.14 20:56:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 20:52:59 | 002,320,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.05 18:36:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.07.05 18:34:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.07.04 20:21:48 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-CY0HKRlpkCFMZmr [2012.07.04 20:21:48 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-CY0HKRlpkCFMZm [2012.07.04 20:21:42 | 000,000,256 | -H-- | C] () -- C:\ProgramData\CY0HKRlpkCFMZm [2012.07.04 20:21:23 | 000,254,712 | -H-- | C] () -- C:\ProgramData\CY0HKRlpkCFMZm.exe [2012.07.04 20:15:14 | 000,000,662 | -H-- | C] () -- C:\Users\***\Desktop\Data_Recovery.lnk [2012.07.04 20:15:14 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-nmPg9qm99WJQ1jr [2012.07.04 20:15:14 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-nmPg9qm99WJQ1j [2012.07.04 20:15:10 | 000,000,256 | -H-- | C] () -- C:\ProgramData\nmPg9qm99WJQ1j [2012.07.04 20:14:59 | 000,254,712 | -H-- | C] () -- C:\ProgramData\nmPg9qm99WJQ1j.exe [2012.07.04 19:33:35 | 000,346,360 | -H-- | C] () -- C:\ProgramData\ucQlpyNtnuJXT.exe [2012.06.19 21:56:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012.06.15 17:15:49 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.14 22:30:58 | 000,001,100 | -H-- | C] () -- C:\Users\***\Desktop\Windows Explorer.lnk [2012.06.14 22:27:50 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer (64-bit).lnk [2012.06.14 22:27:35 | 000,000,779 | -H-- | C] () -- C:\Users\***\Desktop\WinRAR.lnk [2012.06.14 22:27:17 | 000,002,723 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft PowerPoint 2007.lnk [2012.06.14 22:27:11 | 000,002,703 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft Excel 2007.lnk [2012.06.14 22:27:07 | 000,002,697 | -H-- | C] () -- C:\Users\***\Desktop\Microsoft Word 2007.lnk [2012.06.14 22:25:27 | 000,001,890 | -H-- | C] () -- C:\Users\***\Desktop\Avira Antivirus.lnk [2012.06.14 22:05:18 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf [2012.01.08 11:32:37 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\60D87FA36A.sys [2011.07.08 12:35:50 | 000,000,205 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2011.07.08 12:00:39 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2011.07.08 12:00:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2011.07.02 13:25:58 | 000,003,558 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.07.02 00:12:29 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.07.02 00:12:13 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.07.02 00:12:13 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.07.01 23:27:30 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2011.07.01 22:08:06 | 000,007,675 | -H-- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.07.01 20:42:09 | 000,154,624 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.01 19:50:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.07.01 19:50:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat ========== LOP Check ========== [2011.07.01 21:40:26 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ACD Systems [2011.07.01 23:57:00 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.07.13 08:48:21 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks [2012.06.19 21:56:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2011.09.01 21:56:20 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.08.20 09:40:06 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2011.08.20 10:03:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.06.14 22:14:23 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Stardock [2012.07.05 18:29:12 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009.07.14 07:08:49 | 000,003,150 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > die Extras.txt folgendes: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.07.2012 18:46:36 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,23% Memory free
6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 11,34 Gb Free Space | 23,23% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 164,96 Gb Free Space | 84,46% Space Free | Partition Type: NTFS
Drive E: | 195,32 Gb Total Space | 193,24 Gb Free Space | 98,94% Space Free | Partition Type: NTFS
Drive M: | 500,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "d:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8E8D3-1E88-4A49-BEF6-532E903027C2}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{04717527-9334-4DA1-8AE6-36C8BFB76BF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13EAE0D7-EFB1-42ED-B57F-12AD48033D22}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E9AA635-2C9E-4CFF-94D5-025D73DDDA50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EF18B5C-C968-4B38-9DAF-5FE490E2CB6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{274F758C-DA01-4CCF-A420-4116C92469AD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{326A5456-7BFD-4434-8291-2A5E997A9A6A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32FA9F24-16A1-4973-AED9-50C8B4F2F345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39B3A56F-CB60-4AB2-B09A-8A8014908AC4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3DDF21BC-8633-40B4-8DE5-7487EB44E1A2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46CFCB5E-4C0C-4D27-9BE3-D30337EB3DFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E72B51C-2A60-472A-A2D4-49DD60D4D719}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71C0144A-DBA9-40D3-A13F-C0D8E90B72EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{88624A7F-135B-41A1-BFBF-10CEBC0EA111}" = rport=445 | protocol=6 | dir=out | app=system |
"{88ACC015-53BA-497C-BF9F-2B6117F66CA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8AE2C99F-8CA9-4CDF-AE45-226486C54767}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8A6FAA1-9B44-43F0-9846-DD8EBE2C2522}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{B470F0FB-8B15-44DD-A3E8-48AD1D147BBD}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{C6B1F667-4C73-4443-84C1-128CE9C17155}" = lport=139 | protocol=6 | dir=in | app=system |
"{C817BD39-1471-458D-8870-C930695FED8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CB290E6D-596D-41EB-93B0-FF13E0C58C9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D718922C-C26F-438C-B14F-88E36EFBFF04}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2A2D0AA-AA00-4BBD-A718-1D02301270BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E58C6827-2251-42B6-A9A2-4069B936491C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6A68422-B845-4021-B14C-0679D7D3206D}" = rport=139 | protocol=6 | dir=out | app=system |
"{F77C7CED-C415-473C-B312-9DF06A6F6B56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F828C42B-6F48-42A2-BF50-3D4B576196BE}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA4717C-CB3B-4CC4-87A9-BAD49D57D06E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC6A848-1EC3-4EA2-96ED-72AD44943F68}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0ED15EC5-171D-4BD4-974B-C51BBB1D7D09}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2B5850B5-682A-4BCA-B0D1-97E44D858AA1}" = protocol=6 | dir=out | app=system |
"{3C511D55-AABB-4CDB-8C6E-8C88F00FE1A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50DCA917-B1BE-42A4-B6A2-AB68647569CB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52FC333B-65A0-4511-87DB-BB6E1C7DE89A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{541E2DB2-3DEC-46BB-933F-746169E684D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56D49510-9C40-43D9-B4F7-A20C08B724FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5B026DE1-0916-4EAB-9AAE-23E2FBFD19BE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5B283AC1-47FD-4234-B35A-0EB1C5900A3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6099D706-6087-48FE-A165-44D8690E0610}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{61F8A610-1D97-49F7-BFD4-D5D3F05B2184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{884B926B-AAB9-4E46-93F0-1D88BD26E433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8CEB2C22-BFE5-458A-8344-CAB7CDE8E94D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{993D71E3-E302-4CF3-85B1-6539667519CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1A764A1-FAED-4307-99CE-6851DC4DA5F5}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{A32F9765-C2E5-4BA7-AA3B-911769D37F92}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AEA75EBD-8CDF-44B3-BE60-2FDF53A4A46C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF00E2A0-1085-4931-8512-260F7624861D}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{B40CBDB2-6310-4577-BF5C-526263165FAC}" = dir=in | app=d:\programme\apple\itunes\itunes.exe |
"{B44400FF-2C09-4188-8F8F-5EEBC6D2500B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7170408-A54A-4351-B8F5-A0072F5EBA86}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8BCA5A1-6B96-4044-AE60-FF850EC44A9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB687EF0-1B44-48EB-8064-69F878A2EAAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C479BDBE-6FE1-4C92-BE85-B1006B0FDA7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C77D87E1-9885-4329-9DC4-A528B6AB72C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{CA1071AF-CC69-4910-8144-386EFD636876}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CB973B2F-AF54-41EF-8748-A8B0F88047B4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA60212B-3671-43C1-A21A-7D5FD38D296C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DCAF2C39-B8CC-45A3-AE67-AC8732F076E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E010B1E3-FD88-406D-AA0C-6FFF98A1214B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFF9F43B-10B3-4A50-9EBA-9EAF883DE6D6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{FA249CF8-52AA-4F75-B0CF-D29E6D4D6535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFF02DB5-269E-41EA-964F-2720F7D0510D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{307831C7-A5EB-4369-8862-101E8903A848}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{73BC93BF-8317-4EEE-A554-3067C265096E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{ABE10EB1-2811-449E-8013-FB55CADBCACC}D:\programme\android\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=d:\programme\android\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{5CBF1C02-15CB-4E39-88A2-7119B409667D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{6F823711-A81B-4337-ACBF-254F4176D9E7}D:\programme\android\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=d:\programme\android\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{DE341FEC-11E9-4368-B213-8887C5906735}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Home & Student Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{031340C8-1733-40FE-BF52-83B599021BA9}" = CorelDRAW Graphics Suite X5 - IPM HSE
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{356658C7-8C60-4A43-AF50-75CA8E642934}" = CorelDRAW Graphics Suite X5 - CZ
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48C503D7-15A0-414A-B32E-0EFFA13B68E2}" = CorelDRAW Home & Student Suite X5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CA12DA1D-25DD-4495-92D5-B1DE65D43C77}" = CorelDRAW Graphics Suite X5 - RU
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F99F74B4-972B-4B06-B893-6B3B0DB0128B}" = ACDSee Pro
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DriverTools" = DriverTools 1.0
"Fences" = Fences
"Flashtool" = Flashtool
"Hardcopy" = Hardcopy
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox 9.0 (x86 de)" = Mozilla Firefox 9.0 (x86 de)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"PunkBusterSvc" = PunkBuster Services
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.06.2012 02:26:01 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12e8 Startzeit:
01cd503fc8671b91 Endzeit: 15 Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
Berichts-ID:
1c420a1c-bc33-11e1-911d-002586e0167a
Error - 22.06.2012 02:26:26 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 118c Startzeit:
01cd503fe85d098a Endzeit: 235 Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
Berichts-ID:
2f4344c4-bc33-11e1-911d-002586e0167a
Error - 22.06.2012 07:32:20 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
Zeitstempel: 0x43ac9d03 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00033ab3 ID des fehlerhaften
Prozesses: 0xdbc Startzeit der fehlerhaften Anwendung: 0x01cd506aac0f6f42 Pfad der
fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ece1fc16-bc5d-11e1-911d-002586e0167a
Error - 22.06.2012 07:35:52 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1154 Startzeit:
01cd506b27246312 Endzeit: 16 Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
Berichts-ID:
6a6c5cb6-bc5e-11e1-911d-002586e0167a
Error - 22.06.2012 07:35:57 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
Zeitstempel: 0x43ac9d03 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000371f3 ID des fehlerhaften
Prozesses: 0x42c Startzeit der fehlerhaften Anwendung: 0x01cd506b2e8e590f Pfad der
fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 6e771949-bc5e-11e1-911d-002586e0167a
Error - 22.06.2012 07:36:11 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: db0 Startzeit:
01cd506b33fedc85 Endzeit: 0 Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
Berichts-ID:
75b3c29a-bc5e-11e1-911d-002586e0167a
Error - 22.06.2012 11:18:14 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
Zeitstempel: 0x43ac9d03 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0x01cd50837d07676c Pfad der
fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7bb47d4a-bc7d-11e1-911d-002586e0167a
Error - 04.07.2012 13:09:58 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
Zeitstempel: 0x43ac9d03 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00033ab3 ID des fehlerhaften
Prozesses: 0xaec Startzeit der fehlerhaften Anwendung: 0x01cd5a07d337fc19 Pfad der
fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 14c1391d-c5fb-11e1-b96c-002586e0167a
Error - 04.07.2012 13:10:56 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSee8Pro.exe, Version: 8.0.67.0,
Zeitstempel: 0x43ac9d03 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0x28d8 Startzeit der fehlerhaften Anwendung: 0x01cd5a07f75f64dd Pfad der
fehlerhaften Anwendung: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 375947fe-c5fb-11e1-b96c-002586e0167a
Error - 04.07.2012 13:22:30 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm ACDSee8Pro.exe, Version 8.0.67.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2a3c Startzeit:
01cd5a087a8a6a6b Endzeit: 15 Anwendungspfad: C:\Programme\ACD Systems\ACDSee\8.0.Pro\ACDSee8Pro.exe
Berichts-ID:
d32d87a6-c5fc-11e1-b96c-002586e0167a
[ OSession Events ]
Error - 20.05.2012 07:39:22 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 10772 seconds with 3660 seconds of active time. This session ended with
a crash.
[ System Events ]
Error - 29.05.2012 05:22:09 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 05:22:11 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 05:22:32 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.05.2012 05:22:34 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
Error - 29.05.2012 10:54:58 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 10:54:59 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 10:54:59 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 10:55:00 | Computer Name = *** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.05.2012 10:55:21 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.05.2012 10:55:22 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
prodrv06 prohlp02 prosync1 sfhlp01
< End of report >
und MaleWareBytes zeigt folgendes: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: *** [administrator] Protection: Disabled 05.07.2012 19:27:27 mbam-log-2012-07-05 (20-29-33).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 493514 Time elapsed: 57 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 E:\temp\20111101 Datensicherung von IDE Platten\Von ***\Laufwerk D\emails\Geschenk (PUP.Joke.Geschenk) -> No action taken. C:\Users\***\Desktop\Data_Recovery.lnk (Rogue.FakeHDD) -> No action taken. (end) Code:
ATTFilter ACDSee Pro ACD Systems Ltd. 30.06.2011 57,3MB 8.0.67 Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen Adobe Systems Incorporated 30.06.2011 7.654MB 1.0 Adobe Flash Player 9 ActiveX Adobe Systems, Inc. 30.06.2011 2,66MB 9.0.45.0 DAEMON Tools Lite DT Soft Ltd 30.06.2011 4.40.2.0131 DAEMON Tools Toolbar DT Soft Ltd 30.06.2011 1.1.7.0190 MediaMonkey 3.2 Ventis Media Inc. 30.06.2011 3.2 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.06.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 30.06.2011 2,94MB 4.0.30319 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 30.06.2011 0,77MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.06.2011 0,58MB 9.0.30729.4148 NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 30.06.2011 275.33 NVIDIA Update 1.3.5 NVIDIA Corporation 30.06.2011 1.3.5 WinRAR 30.06.2011 WinZip 15.0 WinZip Computing, S.L. 30.06.2011 36,5MB 15.0.9411 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.07.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 01.07.2011 0,69MB 8.0.61000 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 01.07.2011 0,77MB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 01.07.2011 0,59MB 9.0.30729.6161 PunkBuster Services Even Balance, Inc. 01.07.2011 0.986 Hardcopy 07.07.2011 Lidl-Fotos 07.07.2011 ScanWizard 5 07.07.2011 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.07.2011 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.07.2011 1,33MB 4.20.9876.0 Nokia Connectivity Cable Driver Nokia 11.08.2011 4,21MB 7.1.45.0 Nokia Ovi Suite Nokia 11.08.2011 3.1.1.85 Nokia Ovi Suite Software Updater Nokia Corporation 11.08.2011 43,4MB 02.07.004.45780 PC Connectivity Solution Nokia 11.08.2011 19,9MB 11.4.19.0 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 11.08.2011 08/22/2008 7.0.0.0 Adobe Color Common Settings Adobe Systems Incorporated 31.08.2011 9,20MB 1.0.1 Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 31.08.2011 16,4MB 2.0.2 Nokia PC Suite Nokia 31.08.2011 7.1.62.1 Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) Nokia 31.08.2011 02/25/2011 4.7 Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) Nokia 31.08.2011 02/25/2011 7.01.0.9 DriverTools 1.0 Huawei Technologies Co.,Ltd 06.09.2011 1.0 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 Ad-Aware Lavasoft Limited 16.10.2011 34,1MB 9.5.0 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 16,5MB 10.0.40219 Microsoft Office Home and Student 2007 Microsoft Corporation 27.10.2011 12.0.6612.1000 Google Earth Google 19.12.2011 92,7MB 6.1.0.5001 Juniper Networks Host Checker Juniper Networks 19.12.2011 7.1.0.19757 Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 19.12.2011 0,78MB 7.1.5.14305 Mozilla Firefox 9.0 (x86 de) Mozilla 19.12.2011 36,4MB 9.0 Mozilla Firefox 9.0.1 (x86 de) Mozilla 11.01.2012 37,1MB 9.0.1 CCleaner Piriform 13.01.2012 3.14 Corel Graphics - Windows Shell Extension Corel Corporation 13.01.2012 2,93MB 15.2.0.686 CorelDRAW Home & Student Suite X5 - Extra Content Corel Corporation 13.01.2012 CorelDRAW(R) Home & Student Suite X5 Corel Corporation 13.01.2012 4.425MB 15.2.0.686 Ghostscript GPL 8.64 (Msi Setup) Corel Corporation 13.01.2012 22,5MB 8.64 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 23.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.01.2012 0,24MB 8.0.50727.4053 ALDI NORD Bestellsoftware 4.11.0 ORWO Net 17.02.2012 4.11.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.02.2012 0,22MB 9.0.30729 Java(TM) 6 Update 31 Oracle 08.04.2012 95,1MB 6.0.310 Java(TM) 6 Update 31 (64-bit) Oracle 08.04.2012 91,8MB 6.0.310 Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 11.04.2012 121,5MB 10.1.3 Microsoft Office Live Add-in 1.5 Microsoft Corporation 17.04.2012 0,50MB 2.0.4024.1 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 21.04.2012 18,0MB 1.61.0.1400 Avira Free Antivirus Avira 07.05.2012 104,8MB 12.0.0.1125 Microsoft Silverlight Microsoft Corporation 08.05.2012 100,2MB 5.1.10411.0 Apple Software Update Apple Inc. 26.05.2012 2,38MB 2.1.3.127 Bonjour Apple Inc. 26.05.2012 2,04MB 3.0.0.10 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2012 6,00MB 11.3.300.257 Apple Application Support Apple Inc. 13.06.2012 61,0MB 2.1.9 Apple Mobile Device Support Apple Inc. 13.06.2012 25,0MB 5.2.0.6 Fences 13.06.2012 iCloud Apple Inc. 13.06.2012 33,2MB 1.1.0.40 iTunes Apple Inc. 13.06.2012 182,7MB 10.6.3.25 QuickTime Apple Inc. 13.06.2012 73,3MB 7.72.80.56 Safari Apple Inc. 13.06.2012 104,3MB 5.34.57.2 Fences Stardock Corporation 14.06.2012 FILSHtray FILSH Media GmbH 14.06.2012 15,3MB 0.12 Microsoft .NET Framework 4 Extended Microsoft Corporation 14.06.2012 52,0MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 14.06.2012 10,7MB 4.0.30319 MyPhoneExplorer F.J. Wechselberger 18.06.2012 1.8.2 Mozilla Firefox 13.0.1 (x86 de) Mozilla 19.06.2012 39,9MB 13.0.1 Defraggler Piriform 20.06.2012 2.10 Flashtool Androxyde 02.07.2012 0.8.0.0 7-Zip 9.20 04.07.2012 Ich frage frage mich, wie sich das Ding auf meinem Rechner einnisten konnte, trotz ständigem Laufen von aktuellen Avira, MaleWareBytes und Ad-Aware. Ich habe mir aufm "sauberen" Zweitrechner die HirenbootCD15.1. erstellt. Was kann/soll ich tun um den Störenfried loszuwerden? Ich hoffe das klappt ohne Formatierung, wenn es sich jedoch nicht verhindern läßt... Ich hoffe ich habe nichts vergessen! Ich freue mich über eine Rückmeldung! Herzliche Grüsze, Fairlaine Geändert von Fairlaine (05.07.2012 um 21:48 Uhr) Grund: kleine Fehler behoben und Logfilezips angehängt |
|
09.07.2012, 08:55
| #2 | |
| /// Helfer-Team    | BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? Hallo und Herzlich Willkommen!
__________________ Zitat:
gruß kira
__________________ |
|
| Themen zu BOO/TDss.O in Bootsektoren! Wie kann ich die entfernen? |
| ad-aware, adobe after effects, anlage, antivir, autorun, avira, bho, bonjour, boo/tdss.o, bootsektor virus, cs3/contributeieplugin.dll, entfernen, error, firefox, flash player, frage, google earth, helper, home, install.exe, langs, logfile, microsoft office word, ntdll.dll, nvidia update, office 2007, plug-in, popup, realtek, registry, scan, searchscopes, security, senden, software, svchost.exe, third party, virus, window7, windows |
Linear-Darstellung
