RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe

Assilein · 17.07.2012, 20:17

Hallo Ihr fleißigen Helferlein, hatte den Bundespolizei-Virus mit der Aufforderung 100 EUR zu zahlen und nix ging mehr auf meinem Benutzer.
Gerettet habe ich das Ganze unter einem anderen User auf meinem Rechner, indem ich im Task Manager bei allen unter meinem User laufenden Programmen den "Trusted Installer" entfernt habe, falls er dort enthalten war. Und ich habe noch den Malware scannen lassen, der auch noch was gefunden hat.
Leider ist die Quarantäne-Liste jetzt leer (warum?), so dass ich nicht mehr sagen kann, was gefunden worden war.

Jetzt geht wieder alles, aber ich bekomme immer noch folgende Fehlermeldung:
[IMG]C:\Users\Astrid\Desktop\RUNDLL-Meldung[/IMG]

Habe alles befolgt, was Hilfesuchende vorher tun sollen, hier die Inhalte:

1) aus der Textdatei defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:36 on 07/07/2012 (Astrid)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

2) aus OTL.txt:

OTL logfile created on: 07.07.2012 15:41:35 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Astrid\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,02% Memory free
4,23 Gb Paging File | 2,87 Gb Available in Paging File | 67,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,41 Gb Total Space | 101,25 Gb Free Space | 44,92% Space Free | Partition Type: NTFS
Drive D: | 7,48 Gb Total Space | 2,29 Gb Free Space | 30,58% Space Free | Partition Type: NTFS

Computer Name: ASTRID-PC | User Name: Astrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.07 15:33:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid\Desktop\OTL.exe
PRC - [2012.05.09 20:21:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 20:21:52 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 20:21:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 20:21:52 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Programme\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009.12.01 14:51:08 | 001,066,240 | ---- | M] (Motorola) -- C:\Programme\Motorola\Software Update\mumservice.exe
PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2009.05.05 11:01:46 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007.03.09 19:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.02.12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 16:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.02.07 16:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Programme\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2006.12.20 13:27:40 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.12.20 13:27:38 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.11.03 11:32:00 | 000,049,152 | R--- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ICO.EXE

========== Modules (No Company Name) ==========

MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.04.24 03:11:44 | 000,339,968 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007.04.24 03:11:34 | 000,237,673 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007.04.24 03:11:34 | 000,114,787 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007.04.24 03:11:34 | 000,032,768 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007.04.24 03:10:44 | 000,061,440 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2006.12.20 13:18:56 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.12.20 13:00:12 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.06.24 19:51:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 20:21:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 20:21:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.04.24 03:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007.02.12 16:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.02.07 16:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.01.19 21:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.06.22 09:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programme\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.09 20:21:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 20:21:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.27 01:42:10 | 000,121,080 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012.02.16 00:24:36 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2012.02.16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009.10.27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.19 17:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009.05.08 12:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009.05.05 12:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.01.29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.11.02 15:51:28 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.28 18:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.03.05 23:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.02.24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 19:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.03 11:33:00 | 000,016,512 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2006.11.03 11:33:00 | 000,013,184 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2005.11.04 11:06:52 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0F0870DA-0D3F-4E93-909B-282D117970B9}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0F0870DA-0D3F-4E93-909B-282D117970B9}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7HPEB_deDE247&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.05 20:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.07 13:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.29 07:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.05.20 12:32:41 | 000,000,000 | ---D | M]

[2010.10.11 21:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid\AppData\Roaming\mozilla\Extensions
[2010.10.11 21:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.11 21:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.07 13:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid\AppData\Roaming\mozilla\Firefox\Profiles\of6bzfo2.default\extensions
[2012.02.23 21:42:22 | 000,000,933 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\of6bzfo2.default\searchplugins\11-suche.xml
[2012.02.23 21:42:21 | 000,002,419 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\of6bzfo2.default\searchplugins\englische-ergebnisse.xml
[2012.02.23 21:42:22 | 000,010,525 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\of6bzfo2.default\searchplugins\gmx-suche.xml
[2012.02.23 21:42:22 | 000,002,457 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\of6bzfo2.default\searchplugins\lastminute.xml
[2012.02.23 21:42:21 | 000,005,508 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Mozilla\Firefox\Profiles\of6bzfo2.default\searchplugins\webde-suche.xml
[2012.07.07 13:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.30 20:36:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.07 13:59:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.07 13:42:52 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\ASTRID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OF6BZFO2.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.01.01 23:05:36 | 000,429,482 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14786 more lines...
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ClipIncSrvTray] C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52829833-488D-43C4-827D-5571D2214B5F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A9B7C4C-C5A5-45C2-B20D-3D98D14BE7F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9E28249-169D-43C0-AB4B-5C12BDAD3846}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Astrid\Pictures\2011\iseeyou.jpg
O24 - Desktop BackupWallPaper: C:\Users\Astrid\Pictures\2011\iseeyou.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.07 15:33:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Astrid\Desktop\OTL.exe
[2012.07.07 09:49:33 | 000,000,000 | ---D | C] -- C:\Users\Astrid\AppData\Roaming\Malwarebytes
[2012.07.07 09:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.07 09:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.07 09:49:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.07 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.07 09:46:30 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Astrid\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.05 20:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.28 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid\Desktop\Neuer Ordner
[2012.06.27 21:50:35 | 000,000,000 | ---D | C] -- C:\Users\Astrid\Documents\AnyDVDHD
[2012.06.25 20:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012.06.21 23:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2012.06.21 23:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2012.06.20 21:50:22 | 000,000,000 | ---D | C] -- C:\Users\Astrid\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012.07.07 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.07 15:36:41 | 000,000,000 | ---- | M] () -- C:\Users\Astrid\defogger_reenable
[2012.07.07 15:33:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid\Desktop\OTL.exe
[2012.07.07 15:30:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:30:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.07 15:21:34 | 000,050,477 | ---- | M] () -- C:\Users\Astrid\Desktop\Defogger.exe
[2012.07.07 15:20:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.07 10:20:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.07 09:49:26 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.07 09:46:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Astrid\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.07 09:41:39 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.07.07 09:41:20 | 000,064,350 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.07 09:41:20 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.07.07 09:41:08 | 000,064,350 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.07 09:30:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.07 09:30:20 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 23:33:32 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.05 21:08:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.05 20:06:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.04 22:06:30 | 000,007,808 | ---- | M] () -- C:\Users\Astrid\AppData\Local\d3d9caps.dat
[2012.07.04 21:59:16 | 000,001,724 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 20:58:39 | 000,035,646 | ---- | M] () -- C:\Users\Astrid\Desktop\Kontoauszug_2558335650__Nr.006_vom_30.06.2012_20120704085831.pdf
[2012.07.04 20:57:32 | 000,040,656 | ---- | M] () -- C:\Users\Astrid\Desktop\Kontoauszug_2558335600__Nr.006_vom_30.06.2012_20120704085539.pdf
[2012.06.28 23:10:04 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012.06.28 20:16:39 | 000,741,386 | ---- | M] () -- C:\Users\Astrid\Desktop\gesamtuebersicht.zip
[2012.06.16 08:50:28 | 000,372,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.16 08:34:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.16 08:34:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.16 08:34:18 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.16 08:34:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012.07.07 15:36:41 | 000,000,000 | ---- | C] () -- C:\Users\Astrid\defogger_reenable
[2012.07.07 15:21:32 | 000,050,477 | ---- | C] () -- C:\Users\Astrid\Desktop\Defogger.exe
[2012.07.07 09:49:26 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.05 20:06:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.05 20:06:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.05 19:13:09 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.04 21:59:16 | 000,001,724 | ---- | C] () -- C:\Users\Astrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.04 21:59:15 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.04 20:58:38 | 000,035,646 | ---- | C] () -- C:\Users\Astrid\Desktop\Kontoauszug_2558335650__Nr.006_vom_30.06.2012_20120704085831.pdf
[2012.07.04 20:56:04 | 000,040,656 | ---- | C] () -- C:\Users\Astrid\Desktop\Kontoauszug_2558335600__Nr.006_vom_30.06.2012_20120704085539.pdf
[2012.06.28 20:16:36 | 000,741,386 | ---- | C] () -- C:\Users\Astrid\Desktop\gesamtuebersicht.zip
[2012.06.25 20:14:43 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.06.21 23:54:48 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2009.08.14 20:37:05 | 000,064,350 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.14 20:37:05 | 000,064,350 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.26 12:37:55 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 22:05:54 | 000,000,680 | RHS- | C] () -- C:\Users\Astrid\ntuser.pol
[2008.05.04 16:35:44 | 000,197,500 | ---- | C] () -- C:\Users\Astrid\Standard.wab
[2008.02.29 18:53:51 | 000,027,430 | ---- | C] () -- C:\Users\Astrid\AppData\Roaming\nvModes.001
[2008.02.29 18:53:49 | 000,027,430 | ---- | C] () -- C:\Users\Astrid\AppData\Roaming\nvModes.dat
[2008.01.27 16:33:57 | 000,007,808 | ---- | C] () -- C:\Users\Astrid\AppData\Local\d3d9caps.dat
[2007.11.02 00:18:04 | 000,080,384 | ---- | C] () -- C:\Users\Astrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.11.01 17:36:59 | 000,000,374 | ---- | C] () -- C:\Users\Astrid\Documents.lnk

========== LOP Check ==========

[2011.04.05 16:16:57 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Acronis
[2011.01.02 15:28:33 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Amazon
[2011.12.27 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\elsterformular
[2009.01.15 12:37:19 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Image Zone Express
[2009.01.25 12:46:24 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\OpenOffice.org
[2008.01.05 22:56:19 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Printer Info Cache
[2010.10.11 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Thunderbird
[2009.01.25 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\Tobit
[2009.12.11 21:54:58 | 000,000,000 | ---D | M] -- C:\Users\Astrid\AppData\Roaming\TomTom
[2012.07.05 23:33:34 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

3) aus Extras.txt

OTL Extras logfile created on: 07.07.2012 15:41:35 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Astrid\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,02% Memory free
4,23 Gb Paging File | 2,87 Gb Available in Paging File | 67,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,41 Gb Total Space | 101,25 Gb Free Space | 44,92% Space Free | Partition Type: NTFS
Drive D: | 7,48 Gb Total Space | 2,29 Gb Free Space | 30,58% Space Free | Partition Type: NTFS

Computer Name: ASTRID-PC | User Name: Astrid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D0454ED-F2E8-494B-99D2-EBE2AFA7769D}" = rport=139 | protocol=6 | dir=out | app=system |
"{12E043D6-C1D6-4476-AA47-DAD1F005275D}" = lport=139 | protocol=6 | dir=in | app=system |
"{1EF8CF9F-04A9-4DAA-BC24-EA07E89FAEFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{291E8022-B742-4B8D-805F-569476C69B48}" = lport=138 | protocol=17 | dir=in | app=system |
"{31087DC7-561E-477C-89F5-A8F8CC5B2202}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A52E8D1-F117-4629-86CF-506439C985BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9166C287-C675-49FE-8F82-AFD6740DF744}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD036F3F-D5FD-4CCC-9FB3-042134455B9A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B005B8E5-5DA5-418C-99B7-25A9410DC6F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2B00E0C-C9D9-4E4D-8AF7-46E536990D69}" = lport=445 | protocol=6 | dir=in | app=system |
"{D386E9EE-87AC-469E-84BC-88F35FF0AF78}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC8EC084-148E-4194-B154-82E3AD808C55}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16B7CDAF-8D1E-4B60-BF4F-1ED9E50C174C}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{16B8C519-BA10-4BCC-84B0-15B5261EE1AB}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{1730EF89-8380-4DCC-B905-0C1052176798}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{2446E12D-7B33-446C-A04F-F55CC3F3B465}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{37344605-5C3D-4D45-B981-8A90AC6728F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{49D25EEC-25A1-4AB1-8B75-907FB5594B43}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{4BE12599-E871-4C07-BB82-D46F0CDF38F6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{620470C0-BAFC-45CB-A8D2-46E2AE818DEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{629869C4-01F2-4B99-A000-E435DCCEE092}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6AEEBE19-F780-4993-A741-882986C9FB9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{7DC8D228-64F0-4418-B02E-3A9B1E625E3E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{89A80A8D-C498-40B7-B8BD-960D6AA5FBC7}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{93D2731A-EDBC-4B53-A9EB-DE3B567DC5FA}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{A86A13A6-3112-429F-9053-D2701FF8DF6E}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{AFFD4056-C82F-426C-8B50-FC8032C8D74A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{BC36409B-1CF3-45D5-8FC5-19621B0D4898}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{CA4A2C04-5570-4402-BCDD-167344F456D0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{CCCBB786-AD03-4C3B-8AA3-09A730D5700C}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{D45FCF0D-5D31-4A74-BEF0-D76308025FCC}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{DAD1DB60-3585-4C0E-B1DE-4F18FF6FFE62}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DB135E94-92B8-43CC-8DCA-AAA24330F6CF}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F3B78937-78FE-4FB9-A36B-895E4B293C7B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{2B2A3F51-EA77-4C6B-9233-70F15FC33C90}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{36D2FAD9-7F19-4692-9CDE-89C55667B7C5}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{659BBD0A-DA23-4118-9EF6-0F264612326B}C:\program files\philips\wadm\wadm.exe" = protocol=6 | dir=in | app=c:\program files\philips\wadm\wadm.exe |
"TCP Query User{6C1A53AE-EA07-45AF-AB99-C86CE83C1F85}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{854F6860-2EF7-4AF6-B551-5A9DAB61FC4B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A1A816C2-B765-4557-A6DD-C561D85E2C0A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D3F03B4A-6EE1-41BD-A759-706BEC74FD82}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{E31CDD6D-4EAF-4A33-8104-221D7A131CFA}C:\program files\motorola\software update\mumapp.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\mumapp.exe |
"TCP Query User{F4AA5971-1410-48C3-AFA1-210F7570C820}C:\program files\philips\wadm\wadm.exe" = protocol=6 | dir=in | app=c:\program files\philips\wadm\wadm.exe |
"UDP Query User{4961481B-D60F-4D61-88C1-7E6F002D6F4A}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{5711FFC7-0989-4420-8F59-18A3F2227FCE}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{57511F43-1C6C-4066-952E-D486B21BD46B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A2DE12BD-D9CC-48D3-9B2A-326486E68E5A}C:\program files\motorola\software update\mumapp.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\mumapp.exe |
"UDP Query User{A34AFBE8-4E58-4DDF-B08A-1069A8E61029}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B60A62BA-056A-4FC1-9123-83FE3CB55979}C:\program files\philips\wadm\wadm.exe" = protocol=17 | dir=in | app=c:\program files\philips\wadm\wadm.exe |
"UDP Query User{BAC4C591-5ADA-4266-94E5-796564E47060}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BC278BA2-CEB5-4B7F-A861-0CEB0134DC61}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BCD5277B-5261-424C-9FF2-1D3DFECC2AA7}C:\program files\philips\wadm\wadm.exe" = protocol=17 | dir=in | app=c:\program files\philips\wadm\wadm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{33565C22-2E44-4B36-9147-23912E838F81}" = Wireless Audio Device Manager
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717197C8-5E8A-4F69-8DA4-5A3A42633985}" = Motorola Phone Tools
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 10.3.3.990" = ElsterFormular
"ElsterFormular 11.5.1.4843" = ElsterFormular-Update
"ElsterFormular 12.4.1.7699p" = ElsterFormular
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"jv16 PowerTools 2010" = jv16 PowerTools 2010
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.05.2012 16:37:02 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.05.2012 16:38:24 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.05.2012 16:38:36 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.05.2012 16:39:04 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.05.2012 16:39:51 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 17.05.2012 09:01:27 | Computer Name = Astrid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 18.05.2012 12:44:52 | Computer Name = Astrid-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 10.1.3.23, Zeitstempel
0x4f7bc349, fehlerhaftes Modul MakeAccessible.api, Version 10.1.3.23, Zeitstempel
0x4f7bd815, Ausnahmecode 0xc0000005, Fehleroffset 0x000119f8, Prozess-ID 0xb6c,
Anwendungsstartzeit 01cd351577f6d1b0.

Error - 04.07.2012 16:00:23 | Computer Name = Astrid-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel
0x4fb57c8f, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xa78, Anwendungsstartzeit
01cd5a1fa532f696.

Error - 04.07.2012 16:14:46 | Computer Name = Astrid-PC | Source = EventSystem | ID = 4609
Description =

Error - 05.07.2012 15:07:30 | Computer Name = Astrid-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel
0x4fb57c8f, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x13c4,
Anwendungsstartzeit 01cd5ae16c9e4aa0.

[ System Events ]
Error - 05.07.2012 15:04:58 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05.07.2012 15:04:58 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 05.07.2012 16:14:07 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05.07.2012 16:14:13 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05.07.2012 16:14:13 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 05.07.2012 16:14:13 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 07.07.2012 03:32:02 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 07.07.2012 03:32:07 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 07.07.2012 03:32:07 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 07.07.2012 03:32:08 | Computer Name = Astrid-PC | Source = Service Control Manager | ID = 7001
Description =

[ VeriSoft Events ]
Error - 16.10.2010 05:53:07 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 18.10.2010 14:54:23 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 07.11.2010 11:53:42 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 08.11.2010 15:58:56 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 09.11.2010 15:01:27 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 21.11.2010 13:44:24 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 27.11.2010 15:00:01 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 30.11.2010 15:39:57 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 30.11.2010 15:48:32 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

Error - 30.11.2010 15:48:45 | Computer Name = Astrid-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Astrid@Astrid-PC
Anmeldeinformationen:
Fingerabdrücke Fehler: (0xC5161001) Fingerabdrücke stimmen nicht überein.

< End of report >

4) der GMER ist bei mir zweimal abgestürzt und hat einmal einen kompletten Systemabsturz verursacht, so dass ich hier leider nichts posten kann...

DANKE für Eure Hilfe schon jetzt & liebe Grüße
Astrid

t'john · 18.07.2012, 10:08

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe 
PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe 
PRC - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{0F0870DA-0D3F-4E93-909B-282D117970B9}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0F0870DA-0D3F-4E93-909B-282D117970B9}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7HPEB_deDE247&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ICO.EXE (Primax Electronics Ltd.) 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 



[2012.07.07 15:21:34 | 000,050,477 | ---- | M] () -- C:\Users\Astrid\Desktop\Defogger.exe 
[2012.07.07 15:21:32 | 000,050,477 | ---- | C] () -- C:\Users\Astrid\Desktop\Defogger.exe 
[2012.07.07 10:20:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.05 21:08:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad 
[2012.07.04 21:59:16 | 000,001,724 | ---- | M] () -- C:\Users\Astrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.04 21:59:16 | 000,001,724 | ---- | C] () -- C:\Users\Astrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.04 21:59:15 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Assilein · 19.07.2012, 06:42

Hallo t'john, Du bist ein Schatz!
Habe natürlich alles so gemacht wie du gesagt hast - leider ist der OTL während des Vorgangs abgestürzt! Trotzdem funktioniert alles wieder nach dem Neustart, und folgender Text wurde angezeigt (weiß nicht, wo "Code-Tags" ist, wo ich das eigtl reinschreiben sollte...):

Files\Folders moved on Reboot...
C:\Users\Astrid\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Astrid\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

Muss ich noch irgendwas tun?

und nochmal: DANKE DANKE DANKE :-)

t'john · 19.07.2012, 09:20

Sehr gut!

Suche mal nach dem Logfile nach dem Fix hier: C:\_OTL\MovedFiles\

t'john · 31.07.2012, 23:35

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

19.07.2012, 09:20	#4
t'john /// Helfer-Team	RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe Sehr gut! Suche mal nach dem Logfile nach dem Fix hier: C:\_OTL\MovedFiles\ __________________ Mfg, t'john Das TB unterstützen

RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe

Plagegeister aller Art und deren Bekämpfung: RunDLL Meldung "Fehler beim Laden von ...roper0dun.exe