Polizei Einheit 5.2 Virus Österreich

Narazzil · 22.07.2012, 23:48

Hallo Liebes Trojaner-Board Team!

Ich habe mir leider auch diesen "Polizei Einheit 5.2 Virus" eingefangen.

Lade mir gerade Otlpe herunter wie es in den anderen Posts beschrieben wurde. Habe aber leider gerade keine Rohlinge im Haus und kann das Programm erst Morgen ausführen.

Ich muss dann also nur die beiden Testdateien hier posten und ihr könnt mir hoffentlich weiterhelfen?

Gruß Nara

t'john · 23.07.2012, 00:16

Richtig

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Narazzil · 23.07.2012, 13:10

so hier währen die OTL files:

Code:

ATTFilter

OTL logfile created on: 7/23/2012 3:56:57 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 255.37 Gb Total Space | 153.64 Gb Free Space | 60.17% Space Free | Partition Type: NTFS
Drive D: | 178.12 Gb Total Space | 129.92 Gb Free Space | 72.94% Space Free | Partition Type: NTFS
Drive E: | 32.25 Gb Total Space | 15.80 Gb Free Space | 49.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/22 17:12:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/22 00:05:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/23 14:49:51 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/08 09:20:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 09:20:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/25 11:14:46 | 000,196,904 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2009/08/13 06:55:04 | 000,217,178 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/03/04 03:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/02/11 11:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/01 07:08:32 | 001,358,688 | ---- | M] () [Auto] -- C:\Program Files\aon\aonFlex\Guard.exe -- (TAGuard)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/12/14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/05/08 09:20:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 09:20:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/11/03 07:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/11/03 07:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/11 09:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 09:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/23 21:36:38 | 000,522,784 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/08/13 06:55:04 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/30 06:01:09 | 000,386,560 | ---- | M] (TASCAM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/07/30 06:01:09 | 000,033,792 | ---- | M] (TASCAM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV - [2009/07/30 06:01:09 | 000,020,992 | ---- | M] (TASCAM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV - [2009/07/01 17:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 09:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/19 02:27:48 | 000,786,656 | ---- | M] (DiBcom SA) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009/06/17 11:17:28 | 000,041,984 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/03/12 10:11:12 | 000,113,504 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/12/29 12:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/10/28 09:48:24 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2007/08/08 08:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/07/27 06:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007/07/27 04:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2006/11/17 05:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2001/10/22 10:10:58 | 000,172,417 | ---- | M] (YAMAHA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2001/08/17 07:53:30 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\2050.SYS -- (2050VM11)
DRV - [1999/09/15 02:05:22 | 000,009,760 | ---- | M] (YAMAHA CORPORATION) [Kernel | Auto] -- C:\Windows\system32\drivers\cbxt3krn.sys -- (cbxt3krn)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.aon.at
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\Helmut_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchcore.net/426
IE - HKU\Helmut_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\Leser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com
IE - HKU\Leser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\Maria_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com
IE - HKU\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=de_US&apn_uid=4F4E00AA-1FD9-4C99-AAD8-6028485FADB8&apn_ptnrs=GL&apn_sauid=0C09D1B7-D32A-4DD7-84D5-C8877C8205B6&apn_dtid=YYYYYYYYAT&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 00:05:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 15:11:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles/96qgol5s.default\extensions\specialsavings@superfish.com [2012/04/28 02:21:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 00:05:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 15:11:01 | 000,000,000 | ---D | M]
 
[2010/03/16 15:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Extensions
[2010/03/08 20:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/04 18:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\extensions
[2012/07/01 14:30:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/09/17 04:13:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/28 17:49:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\extensions\engine@conduit.com
[2012/04/28 02:21:22 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\extensions\specialsavings@superfish.com
[2010/09/21 16:54:16 | 000,002,395 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\searchplugins\askcom.xml
[2012/07/08 02:37:04 | 000,001,595 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\searchplugins\ixquick---deutsch.xml
[2012/04/28 02:53:05 | 000,002,525 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Mozilla\Firefox\Profiles\96qgol5s.default\searchplugins\Search_Results.xml
[2012/03/07 12:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\HELMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\96QGOL5S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/22 00:05:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/21 11:51:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/07 00:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/07 00:13:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/07 00:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/07 00:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/28 02:53:05 | 000,002,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/05/07 00:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/07 00:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/11/16 05:15:15 | 000,438,380 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15080 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Helmut_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Helmut_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Maria_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Maria_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Pauli_und_Anna_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Pauli_und_Anna_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\Helmut_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Leser_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Maria_ON_C..\Run: [mnbaiuuvilllmvg] C:\ProgramData\mnbaiuuv.exe ()
O4 - HKU\Maria_ON_C..\Run: [Update] C:\Users\Maria\AppData\Roaming\rool0_pk.exe ()
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Leser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE ()
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Helmut\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/08/21 11:50:32 | 000,000,672 | RH-- | M] () - E:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /checksection
O33 - MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\Shell - "" = AutoRun
O33 - MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/23 15:52:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/22 17:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\laviqhcdigektrb
[2012/06/27 11:32:23 | 000,000,000 | ---D | C] -- C:\Users\Pauli und Anna\AppData\Local\Ilivid Player
[2012/06/24 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\Pauli und Anna\Desktop\Neuer Ordner
[2012/06/24 06:09:40 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Ilivid Player
[2012/06/24 06:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/08/19 05:37:40 | 007,760,687 | ---- | C] (Boraxsoft) -- C:\Users\Helmut\AppData\Roaming\SetupGFD.exe
[2011/08/19 05:37:14 | 005,243,208 | ---- | C] (                                                            ) -- C:\Users\Helmut\AppData\Roaming\AvsP.exe
[2011/08/19 05:36:53 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- C:\Users\Helmut\AppData\Roaming\ffdshow.exe
[2011/08/19 05:36:49 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- C:\Users\Helmut\AppData\Roaming\xvid.exe
[2011/08/19 05:36:22 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Helmut\AppData\Roaming\Imgburn.exe
[2011/08/19 05:36:02 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Helmut\AppData\Roaming\Avisynth.exe
[2009/09/21 04:47:46 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/09/21 04:47:46 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/23 05:39:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 05:39:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002UA.job
[2012/07/23 05:39:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002Core.job
[2012/07/23 05:37:57 | 000,243,519 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/23 05:37:56 | 000,243,519 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/23 05:37:52 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/23 05:37:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 05:37:22 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/07/23 05:37:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 05:37:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 18:17:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job
[2012/07/22 18:15:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 18:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 18:00:34 | 000,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/22 18:00:34 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 18:00:34 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/22 18:00:34 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/22 17:51:45 | 000,000,051 | ---- | M] () -- C:\ProgramData\osrzfmaiaxjlosj
[2012/07/22 17:51:37 | 000,053,248 | ---- | M] () -- C:\ProgramData\mnbaiuuv.exe
[2012/07/22 17:51:28 | 000,141,312 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\rool0_pk.exe
[2012/07/22 17:12:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/22 17:12:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/22 17:01:20 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/22 17:01:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/09 02:34:39 | 000,034,550 | ---- | M] () -- C:\Users\Helmut\Desktop\Die Sonne neiget sich.pdf
[2012/07/09 02:33:21 | 000,034,550 | ---- | M] () -- C:\Users\Helmut\Documents\20120709083320.pdf
[2012/07/08 04:37:31 | 000,003,376 | ---- | M] () -- C:\Users\Helmut\Desktop\Die Sonne neiget sich.mxl
[2012/07/08 02:36:34 | 000,034,748 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli-G14_III_Trp.pdf
[2012/07/08 02:36:05 | 000,034,979 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli-G14_I_Trp.pdf
[2012/07/08 02:32:23 | 000,030,401 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli-G8_III_Trp.pdf
[2012/07/08 02:31:55 | 000,041,231 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli-G8_I_Trp.pdf
[2012/07/08 02:31:20 | 000,039,822 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli-G2_III_Trp.pdf
[2012/07/08 02:30:44 | 000,033,430 | ---- | M] () -- C:\Users\Helmut\Desktop\Torelli G1 Trp.pdf
[2012/07/03 09:11:02 | 000,000,802 | ---- | M] () -- C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012/07/01 13:04:20 | 000,000,919 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Mail.lnk
[2012/07/01 03:42:36 | 000,002,053 | ---- | M] () -- C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/30 11:32:13 | 000,045,642 | ---- | M] () -- C:\Users\Pauli und Anna\Desktop\WolfgangAmadeusMozart Piano SonataNo 16inCmajor.sib
[2012/06/30 11:30:51 | 000,003,810 | ---- | M] () -- C:\Users\Pauli und Anna\Desktop\Test_2.mxl
[2012/06/30 11:26:20 | 000,004,622 | ---- | M] () -- C:\Users\Pauli und Anna\Desktop\Test.mxl
[2012/06/30 11:22:21 | 000,089,554 | ---- | M] () -- C:\Users\Pauli und Anna\Desktop\IMSLP93800-PMLP01855-Mozart_sonata_no_16__Allegro__RSB.pdf
[2012/06/30 11:16:37 | 000,085,504 | ---- | M] () -- C:\Users\Pauli und Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/30 05:00:27 | 000,000,226 | ---- | M] () -- C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameExplorer.lnk
[2012/06/24 07:15:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/24 06:09:38 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
 
========== Files Created - No Company Name ==========
 
[2012/07/23 05:37:32 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/07/22 17:51:45 | 000,053,248 | ---- | C] () -- C:\ProgramData\mnbaiuuv.exe
[2012/07/22 17:51:43 | 000,141,312 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\rool0_pk.exe
[2012/07/22 17:51:38 | 000,000,051 | ---- | C] () -- C:\ProgramData\osrzfmaiaxjlosj
[2012/07/09 02:33:21 | 000,034,550 | ---- | C] () -- C:\Users\Helmut\Documents\20120709083320.pdf
[2012/07/08 04:37:31 | 000,003,376 | ---- | C] () -- C:\Users\Helmut\Desktop\Die Sonne neiget sich.mxl
[2012/07/08 04:36:52 | 000,034,550 | ---- | C] () -- C:\Users\Helmut\Desktop\Die Sonne neiget sich.pdf
[2012/07/08 02:36:34 | 000,034,748 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli-G14_III_Trp.pdf
[2012/07/08 02:36:05 | 000,034,979 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli-G14_I_Trp.pdf
[2012/07/08 02:32:23 | 000,030,401 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli-G8_III_Trp.pdf
[2012/07/08 02:31:55 | 000,041,231 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli-G8_I_Trp.pdf
[2012/07/08 02:31:20 | 000,039,822 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli-G2_III_Trp.pdf
[2012/07/08 02:30:44 | 000,033,430 | ---- | C] () -- C:\Users\Helmut\Desktop\Torelli G1 Trp.pdf
[2012/07/03 09:11:02 | 000,000,802 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2012/07/01 13:04:20 | 000,000,919 | ---- | C] () -- C:\Users\Maria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Mail.lnk
[2012/06/30 11:32:13 | 000,045,642 | ---- | C] () -- C:\Users\Pauli und Anna\Desktop\WolfgangAmadeusMozart Piano SonataNo 16inCmajor.sib
[2012/06/30 11:30:51 | 000,003,810 | ---- | C] () -- C:\Users\Pauli und Anna\Desktop\Test_2.mxl
[2012/06/30 11:26:20 | 000,004,622 | ---- | C] () -- C:\Users\Pauli und Anna\Desktop\Test.mxl
[2012/06/30 11:22:26 | 000,089,554 | ---- | C] () -- C:\Users\Pauli und Anna\Desktop\IMSLP93800-PMLP01855-Mozart_sonata_no_16__Allegro__RSB.pdf
[2012/06/30 05:00:27 | 000,000,226 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameExplorer.lnk
[2012/06/24 06:07:39 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/04/22 02:41:28 | 000,000,011 | ---- | C] () -- C:\Windows\S_WISSEN.INI
[2012/04/22 02:40:07 | 000,000,000 | ---- | C] () -- C:\Windows\Export to web.INI
[2012/04/22 02:39:03 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/22 02:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\PWKMAIN.INI
[2012/04/22 02:37:18 | 000,109,056 | ---- | C] () -- C:\Windows\System32\UNINSTAL.EXE
[2012/04/22 02:33:41 | 000,000,011 | ---- | C] () -- C:\Windows\swinst.INI
[2012/04/11 11:42:00 | 000,008,046 | ---- | C] () -- C:\Program Files\Common Files\setupBanner.jpg
[2012/04/11 11:41:58 | 000,037,607 | ---- | C] () -- C:\Program Files\Common Files\license.rtf
[2012/03/07 12:33:21 | 000,010,944 | ---- | C] () -- C:\Windows\BYEFISH.EXE
[2012/03/07 12:32:56 | 000,000,030 | ---- | C] () -- C:\Windows\mopyfish.ini
[2012/03/01 10:48:53 | 000,003,584 | ---- | C] () -- C:\Users\Leser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 04:37:20 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini
[2012/01/09 13:53:53 | 000,005,632 | ---- | C] () -- C:\Users\Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 06:02:16 | 000,000,563 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\AutoGK.ini
[2011/12/20 10:16:52 | 000,024,064 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\Roaming\UserTile.png
[2011/10/03 03:14:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/19 04:17:33 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/08/19 05:38:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/16 09:30:43 | 000,085,504 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/28 06:11:31 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/28 06:11:31 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/01/24 17:40:09 | 000,000,094 | ---- | C] () -- C:\Users\Helmut\AppData\Local\fusioncache.dat
[2010/12/29 05:54:52 | 000,000,102 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\Local\fusioncache.dat
[2010/11/08 11:16:02 | 000,000,042 | ---- | C] () -- C:\Users\Pauli und Anna\AppData\default.pls
[2010/10/26 08:36:57 | 006,467,651 | ---- | C] () -- C:\Windows\System32\drs832.dll
[2010/10/20 16:07:20 | 000,282,682 | ---- | C] () -- C:\Windows\System32\ShExt.dll
[2010/09/29 02:59:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/15 10:17:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/06/22 01:51:42 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/02 03:55:05 | 000,000,088 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\wklnhst.dat
[2010/06/02 02:10:31 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/06/02 02:10:30 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/04/04 10:36:52 | 000,011,776 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/04 10:30:23 | 000,000,079 | ---- | C] () -- C:\Users\Helmut\AppData\default.pls
[2010/03/11 11:19:11 | 000,000,443 | ---- | C] () -- C:\Windows\MusicStudio.INI
[2010/03/11 04:23:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010/03/11 04:08:24 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/03/11 04:07:51 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/03/11 03:24:08 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/09/21 14:02:07 | 000,628,910 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/09/21 14:02:07 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/09/21 14:02:07 | 000,127,606 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/09/21 14:02:07 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/09/21 09:44:48 | 000,000,548 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009/09/21 07:19:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/21 07:19:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/21 05:12:54 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009/09/21 05:06:09 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2009/09/21 04:47:46 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/09/21 04:47:46 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009/09/21 04:47:46 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/09/21 04:47:46 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/09/21 04:39:50 | 000,243,519 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/21 04:39:49 | 000,243,519 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/21 04:21:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/06/05 07:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,946 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,276 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/04/14 21:59:02 | 000,647,168 | ---- | C] () -- C:\Program Files\tuner.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== LOP Check ==========
 
[2012/02/02 04:37:29 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ACAMPREF
[2010/08/16 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Amazon
[2012/04/20 13:08:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Anvil Studio
[2012/05/24 05:07:37 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Audacity
[2010/08/24 17:37:52 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\AudioTuner
[2010/06/22 01:51:53 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canneverbe Limited
[2010/12/22 12:02:13 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\capella-software
[2010/06/22 01:16:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DeepBurner
[2011/11/16 06:09:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Downloaded Installations
[2012/04/28 05:21:10 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DVDVideoSoft
[2011/03/20 13:30:22 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/04/26 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\GlarySoft
[2012/05/08 02:34:04 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\gtk-2.0
[2011/02/20 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\HandBrake
[2012/01/12 05:47:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ImgBurn
[2010/10/10 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\IrfanView
[2012/06/11 02:22:07 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\MAGIX
[2010/03/09 02:40:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\mquadr.at
[2010/05/20 02:26:39 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\MusE
[2012/01/23 04:47:52 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\NCH Swift Sound
[2012/07/09 02:33:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nitro PDF
[2010/10/21 03:25:15 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\omr
[2012/04/28 04:57:05 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\OpenCandy
[2010/03/08 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\OpenOffice.org
[2012/05/08 02:24:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\pdfforge
[2011/12/26 05:08:15 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\RavensburgerTipToi
[2011/12/21 03:47:37 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Recordpad
[2012/05/30 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\rosegarden
[2010/06/02 03:55:07 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Template
[2010/05/01 16:35:18 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Thunderbird
[2011/02/17 06:30:32 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\TuneUp Software
[2012/04/07 09:47:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\VSRevoGroup
[2010/05/20 03:29:22 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\WinSweep
[2011/03/07 05:56:01 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\XMedia Recode
[2012/03/01 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\Leser\AppData\Roaming\IrfanView
[2012/03/05 11:28:18 | 000,000,000 | ---D | M] -- C:\Users\Leser\AppData\Roaming\OpenOffice.org
[2012/03/01 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\Leser\AppData\Roaming\TuneUp Software
[2012/04/11 03:15:13 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Audacity
[2012/01/09 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DVDVideoSoft
[2012/02/23 12:47:26 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\gtk-2.0
[2010/10/24 16:58:58 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\IrfanView
[2012/02/07 06:13:02 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Nitro PDF
[2010/03/14 06:04:52 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\OpenOffice.org
[2010/03/09 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TuneUp Software
[2012/05/06 12:01:07 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\ACAMPREF
[2011/11/04 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\Anvil Studio
[2012/07/09 09:16:00 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\Audacity
[2012/04/28 04:49:24 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\DVDVideoSoft
[2012/06/13 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\gtk-2.0
[2012/04/22 02:45:23 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\hyperfolio
[2012/05/06 08:00:15 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\ImgBurn
[2010/11/07 09:45:10 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\IrfanView
[2012/06/11 08:40:36 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\MAGIX
[2012/04/15 04:51:28 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\MusE
[2012/04/29 02:45:03 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\Nitro PDF
[2010/03/21 06:27:42 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\OpenOffice.org
[2011/02/17 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Pauli und Anna\AppData\Roaming\TuneUp Software
[2012/04/20 13:07:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Anvil Studio
[2010/03/08 18:33:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/05/10 02:58:18 | 000,000,000 | ---D | M] -- C:\ProgramData\BlueLabelSoft
[2012/04/17 15:27:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/03/08 18:33:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/07 04:50:53 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy2
[2010/03/08 18:33:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/04/28 05:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\hyperfolio
[2012/05/17 05:39:49 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2012/01/07 04:48:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2012/07/22 17:51:41 | 000,000,000 | ---D | M] -- C:\ProgramData\laviqhcdigektrb
[2010/03/09 02:23:31 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup
[2012/06/11 02:06:55 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/03/09 02:23:31 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2012/04/11 03:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\NCH Swift Sound
[2011/06/03 07:34:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Nitro PDF
[2012/04/11 03:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Phase6
[2012/04/11 03:03:56 | 000,000,000 | ---D | M] -- C:\ProgramData\RavensburgerTipToi
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/08 18:33:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/09/21 05:37:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/04/11 03:15:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/03/08 18:33:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/09/21 05:15:26 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2010/03/10 16:01:36 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/03/10 16:01:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\{758B2248-B3BB-4B06-9143-8C2D7BCEA7F4}
[2010/03/10 16:01:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}
[2010/08/24 18:45:21 | 000,000,000 | -H-D | M] -- C:\ProgramData\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}
[2010/03/08 18:51:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/10 16:01:36 | 000,000,000 | -H-D | M] -- C:\ProgramData\{FD1C9C4F-7686-4C9B-B5FB-9E5F6C43EF7A}
[2012/07/23 05:37:52 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/07/23 05:37:22 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/07/23 05:39:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/22 18:17:00 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Pauli und Anna\Desktop\Bruder Jakob.wav:TOC.WMV
< End of report >

und das extra file:

Code:

ATTFilter

OTL Extras logfile created on: 7/23/2012 3:56:57 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 255.37 Gb Total Space | 153.64 Gb Free Space | 60.17% Space Free | Partition Type: NTFS
Drive D: | 178.12 Gb Total Space | 129.92 Gb Free Space | 72.94% Space Free | Partition Type: NTFS
Drive E: | 32.25 Gb Total Space | 15.80 Gb Free Space | 49.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01A717F7-9223-438C-9343-775E61021386}" = Playway 3 Übungs-CD-ROM Units 1 bis 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6112293F-48E0-40E2-BAE0-69109BDDD58B}" = Sibelius 5
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{684A70C9-33EC-465F-8AEC-9B2C7DBDCD6B}" = Dolet 5 for Finale
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A3B05BC4-B30A-46DD-887D-7A4268DF87E9}" = Anvil Studio 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9DCBD16-308D-454E-A563-191673A51D52}" = MAGIX Speed burnR (MSI)
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{AEDB01F3-380C-4BF8-BC8A-AB04AB9EB7D9}" = MAGIX Screenshare
"{B398C579-6578-4A6A-AE55-310D7C1A80B6}" = phase6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FF219A-6233-440A-BC76-5CC144CDCDB6}" = Nitro PDF Reader 2
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB0F05FB-CA0A-4F62-9481-3CCA26A96294}" = Samplitude Music Studio 17
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AP Tuner 3.08" = AP Tuner 3.08
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.4.1
"BestPractice" = BestPractice (remove only)
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Crazy Area" = Crazy Area
"Der Nussknacker" = Der Nussknacker
"ffdshow_is1" = ffdshow [rev 3029] [2009-07-10]
"Finale Reader 2010" = Finale Reader 2010
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"Google Updater" = Google Updater
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"Hydrogen" = Hydrogen
"iLivid" = iLivid
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IrfanView" = IrfanView (remove only)
"LilyPond" = LilyPond
"lmms" = LMMS 0.4.10
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"PDF To BMP JPG TIFF Converter_is1" = PDF to BMP JPG TIFF Converter 2.32
"PDFtoMusic Pro" = PDFtoMusic Pro
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Ravensburger tiptoi" = Ravensburger tiptoi
"Revo Uninstaller" = Revo Uninstaller 1.92
"Rosegarden" = Rosegarden
"Sweepi_is1" = Sweepi 5.4.00
"TempoPerfect" = TempoPerfect Metronome Software
"Uninstall_is1" = Uninstall 1.0.0.1
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VB Runtime" = VB Runtime
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.11
"X10Hardware" = X10 Hardware(TM)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineFestplatte" = aon Online Festplatte (entfernen)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
< End of report >

t'john · 23.07.2012, 17:32

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - [2008/09/01 07:08:32 | 001,358,688 | ---- | M] () [Auto] -- C:\Program Files\aon\aonFlex\Guard.exe -- (TAGuard) 
SRV - [2007/06/05 07:20:32 | 000,177,704 | ---- | M] () [Auto] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) 
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Helmut_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found 
IE - HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : 
IE - HKU\Leser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "google.at" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=de_US&apn_uid=4F4E00AA-1FD9-4C99-AAD8-6028485FADB8&apn_ptnrs=GL&apn_sauid=0C09D1B7-D32A-4DD7-84D5-C8877C8205B6&apn_dtid=YYYYYYYYAT&q=" 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
File not found (No name found) -- 
O3 - HKU\Helmut_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\Helmut_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O3 - HKU\Maria_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\Maria_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O3 - HKU\Pauli_und_Anna_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\Pauli_und_Anna_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. 
O4 - HKU\Maria_ON_C..\Run: [mnbaiuuvilllmvg] C:\ProgramData\mnbaiuuv.exe () 
O4 - HKU\Maria_ON_C..\Run: [Update] C:\Users\Maria\AppData\Roaming\rool0_pk.exe () 
O4 - Startup: C:\Users\Leser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () 
O4 - Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () 
O4 - Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () 
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mopy Points Collector.lnk = C:\MOPYFISH\GETPOINT.EXE () 
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () 
O4 - Startup: C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] 
O7 - HKU\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found 
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found 
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /checksection 
O33 - MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\Shell - "" = AutoRun 
O33 - MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\Shell\AutoRun\command - "" = H:\setup.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
@Alternate Data Stream - 64 bytes -> C:\Users\Pauli und Anna\Desktop\Bruder Jakob.wav:TOC.WMV 
 

[2012/07/23 05:39:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002UA.job 
[2012/07/23 05:39:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002Core.job 
[2012/07/23 05:39:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT 
[2012/07/23 05:37:57 | 000,243,519 | ---- | M] () -- C:\ProgramData\nvModes.dat 
[2012/07/23 05:37:56 | 000,243,519 | ---- | M] () -- C:\ProgramData\nvModes.001 
[2012/07/23 05:37:52 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job 
[2012/07/23 05:37:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012/07/23 05:37:22 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job 
[2012/07/23 05:37:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 
[2012/07/23 05:37:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 
[2012/07/23 05:37:32 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job 
[2012/07/23 05:37:52 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job 
[2012/07/23 05:37:22 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job 
[2012/07/22 18:17:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job 
[2012/07/22 18:17:00 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job 
[2012/07/22 18:15:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012/07/22 18:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012/06/24 07:15:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job 

:Files

C:\ProgramData\mnbaiuuv.exe
C:\Users\Maria\AppData\Roaming\rool0_pk.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Narazzil · 23.07.2012, 18:50

Hey super danke Pc läuft wieder!

hier das log nachm fix

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TAGuard deleted successfully.
C:\Program Files\aon\aonFlex\Guard.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtexisLicensing deleted successfully.
C:\Windows\System32\PSIService.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\Helmut_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Helmut_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\Leser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Pauli_und_Anna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "google.at" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=GLSV5&o=10168&locale=de_US&apn_uid=4F4E00AA-1FD9-4C99-AAD8-6028485FADB8&apn_ptnrs=GL&apn_sauid=0C09D1B7-D32A-4DD7-84D5-C8877C8205B6&apn_dtid=YYYYYYYYAT&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry value HKEY_USERS\Helmut_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Helmut_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Maria_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Maria_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Pauli_und_Anna_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\mnbaiuuvilllmvg deleted successfully.
C:\ProgramData\mnbaiuuv.exe moved successfully.
Registry value HKEY_USERS\Maria_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully.
C:\Users\Maria\AppData\Roaming\rool0_pk.exe moved successfully.
C:\Users\Leser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Program Files\OpenOffice.org 3\program\quickstart.exe moved successfully.
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk moved successfully.
File C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found.
C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
File C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found.
C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mopy Points Collector.lnk moved successfully.
C:\MOPYFISH\GETPOINT.EXE moved successfully.
C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk moved successfully.
File C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found.
C:\Users\Pauli und Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
File C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Helmut_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Maria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Pauli_und_Anna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbe8905-2af8-11df-adbd-806e6f6e6963}\ not found.
File E:\start.exe /checksection not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b61a0122-2e67-11e1-b088-001f1628a9df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b61a0122-2e67-11e1-b088-001f1628a9df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b61a0122-2e67-11e1-b088-001f1628a9df}\ not found.
File H:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
ADS C:\Users\Pauli und Anna\Desktop\Bruder Jakob.wav:TOC.WMV deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660863447-798361919-2742193177-1002Core.job moved successfully.
C:\Windows\Tasks\SCHEDLGU.TXT moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GlaryInitialize.job moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
File C:\Windows\tasks\Ad-Aware Update (Weekly).job not found.
File C:\Windows\Tasks\Ad-Aware Update (Weekly).job not found.
File C:\Windows\Tasks\GlaryInitialize.job not found.
C:\Windows\Tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job moved successfully.
File C:\Windows\Tasks\User_Feed_Synchronization-{B5D3AC9E-ECC8-4E6A-98E3-314073AC3763}.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\mnbaiuuv.exe not found.
File\Folder C:\Users\Maria\AppData\Roaming\rool0_pk.exe not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Helmut
->Temp folder emptied: 114566 bytes
->Temporary Internet Files folder emptied: 18371009 bytes
->Java cache emptied: 2630541 bytes
->FireFox cache emptied: 54727481 bytes
->Flash cache emptied: 492 bytes
 
User: Leser
->Temp folder emptied: 34339 bytes
->Temporary Internet Files folder emptied: 18087879 bytes
->FireFox cache emptied: 104892720 bytes
->Flash cache emptied: 1044 bytes
 
User: Maria
->Temp folder emptied: 1089360 bytes
->Temporary Internet Files folder emptied: 173973370 bytes
->Java cache emptied: 39418 bytes
->FireFox cache emptied: 50788551 bytes
->Flash cache emptied: 1334 bytes
 
User: Pauli und Anna
->Temp folder emptied: 213763853 bytes
->Temporary Internet Files folder emptied: 562419659 bytes
->Java cache emptied: 390528 bytes
->FireFox cache emptied: 86684381 bytes
->Google Chrome cache emptied: 108974464 bytes
->Flash cache emptied: 47991662 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7872 bytes
 
Total Files Cleaned = 1,378.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: Helmut
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Leser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Maria
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pauli und Anna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07232012_221259

t'john · 23.07.2012, 21:37

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

t'john · 07.08.2012, 16:23

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Polizei Einheit 5.2 Virus Österreich

Log-Analyse und Auswertung: Polizei Einheit 5.2 Virus Österreich