Diverse Maleware bereinigt - alles weg? (OTL Log)

errorsmith · 10.09.2012, 07:47

Moin

Ich hab hier einen Rechner der mit diversen "Dingen" infiziert war bereinigt. Bevor ich den neu installiere will/muß ich noch einige Sachen sichern. Daher mal ein OTL Log, verbunden mit der Frage ob das Teil ausreichend sauber ist um mir meine Sicherung nicht auch noch zu versauen

Hier also der Log:

Code:

ATTFilter

OTL logfile created on: 10.09.2012 08:25:48 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = \\SOL\Pcsk\antivirus\analyse\otl
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 74,13% Memory free
15,99 Gb Paging File | 13,71 Gb Available in Paging File | 85,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 22,17 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 44,22 Gb Free Space | 18,99% Space Free | Partition Type: NTFS
Drive E: | 930,51 Gb Total Space | 21,86 Gb Free Space | 2,35% Space Free | Partition Type: NTFS
Drive F: | 221,51 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 154,76 Gb Total Space | 69,82 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
 
Computer Name: PHENOM2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - \\SOL\Pcsk\antivirus\analyse\otl\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - E:\ThunderbirdPortable\ThunderbirdPortable.exe (PortableApps.com)
PRC - E:\ThunderbirdPortable\App\Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Temp\nstEB79.tmp\registry.dll ()
MOD - C:\Users\***\AppData\Local\Temp\nstEB79.tmp\System.dll ()
MOD - C:\Users\***\AppData\Local\Temp\nstEB79.tmp\newadvsplash.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - E:\ThunderbirdPortable\App\Thunderbird\nsldappr32v60.dll ()
MOD - E:\ThunderbirdPortable\App\Thunderbird\nsldap32v60.dll ()
MOD - E:\ThunderbirdPortable\App\Thunderbird\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (scan) -- C:\Program Files\Immunet\tetra\scan.dll (S.C. BitDefender S.R.L)
SRV:64bit: - (ImmunetProtect) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys (Windows (R) Win 7 DDK provider)
SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (NfsClnt) -- C:\Windows\SysNative\nfsclnt.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Creative Dolby Digital Live Pack Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Trufos) -- C:\Windows\SysNative\drivers\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (ImmunetProtect) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctgame) -- C:\Windows\SysNative\drivers\ctgame.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RpcXdr) -- C:\Windows\SysNative\drivers\rpcxdr.sys (Microsoft Corporation)
DRV:64bit: - (NfsRdr) -- C:\Windows\SysNative\drivers\nfsrdr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (e1qexpress) -- C:\Windows\SysNative\drivers\e1q60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfoX64.sys ()
DRV:64bit: - (SaiH2541) -- C:\Windows\SysNative\drivers\SaiH2541.sys (Saitek)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 9A 9D CD 73 D3 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {D01C017A-9A89-4EA6-8E9C-71EA41F6E779}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D01C017A-9A89-4EA6-8E9C-71EA41F6E779}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.20.10:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.4
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.4
FF - prefs.js..extensions.enabledAddons: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..network.proxy.http: "192.168.20.10"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 23:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.13 09:37:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 23:24:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.13 09:37:28 | 000,000,000 | ---D | M]
 
[2010.11.15 01:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2010.06.02 19:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.12 22:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010.11.15 01:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions\Transmedia
[2012.09.10 07:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions
[2011.07.16 17:16:15 | 000,000,000 | ---D | M] ("FxIF") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2011.08.26 13:34:16 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011.07.13 13:39:05 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2010.10.15 23:04:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.13 09:38:41 | 000,074,519 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi
[2011.11.13 09:38:45 | 000,345,491 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2010.11.13 10:20:47 | 000,001,030 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8zqtgek.default\searchplugins\wikipedia-de.xml
[2012.09.09 23:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.09 23:24:00 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.09 23:23:57 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.09.09 23:23:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.09 23:23:57 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.09.09 23:23:57 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.09.09 23:23:57 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012.09.09 23:23:57 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2010.09.02 08:24:25 | 000,000,858 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 78.140.163.11		www.filesonic.com
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (IeCatch2 Class) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files (x86)\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet\3.0.8\iptray.exe (Immunet)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SBAudigy2ZS\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DevconDefaultDB] C:\Windows\SysWow64\readreg.exe (Creative Technology Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1325998911358 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.2 192.168.20.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DYNAMIK
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F12CA76D-3374-4970-ACDB-172B92560E97}: DhcpNameServer = 192.168.20.2 192.168.20.3
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.10 07:18:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.09.10 07:18:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 07:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 07:18:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.10 07:18:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.10 07:13:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.10 06:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.10 06:59:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.10 06:59:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.09.10 06:58:29 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.10 06:17:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Immunet
[2012.09.10 06:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2012.09.10 06:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet 3.0
[2012.09.10 06:16:36 | 000,098,632 | ---- | C] (Sourcefire, Inc.) -- C:\Windows\SysNative\drivers\ImmunetNetworkMonitor.sys
[2012.09.10 06:16:32 | 000,032,584 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys
[2012.09.10 06:16:26 | 000,057,672 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys
[2012.09.10 06:16:20 | 000,284,232 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2012.09.10 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2012.09.09 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.09 23:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.09 23:14:41 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.09 23:14:41 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.09 22:48:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.09.09 22:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.09 22:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D08F62C34702D17D414F147C45
[2012.08.24 09:43:46 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012.08.24 09:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.11.21 02:01:15 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.10 07:58:11 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 07:58:11 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 07:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 07:49:13 | 2145,509,375 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.10 07:47:13 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.09.10 07:47:13 | 000,036,016 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.09.10 07:47:13 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.09.10 07:47:13 | 000,032,088 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.09.10 07:47:13 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.09.10 07:37:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.10 07:18:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.10 06:58:42 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2012.09.10 06:29:10 | 736,862,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.10 06:16:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
[2012.09.10 06:16:16 | 000,284,232 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\Trufos.sys
[2012.09.10 06:16:16 | 000,098,632 | ---- | M] (Sourcefire, Inc.) -- C:\Windows\SysNative\drivers\ImmunetNetworkMonitor.sys
[2012.09.10 06:16:16 | 000,057,672 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\ImmunetProtect.sys
[2012.09.10 06:16:16 | 000,032,584 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\ImmunetSelfProtect.sys
[2012.09.09 23:24:01 | 000,002,044 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012.09.09 23:14:41 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.09 23:14:41 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.09 20:02:57 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2012.08.30 08:11:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.30 08:11:24 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.30 08:11:24 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.29 08:40:35 | 000,068,161 | ---- | M] () -- C:\Users\***\arbeitsstoepsie-20120829-01.xspf
[2012.08.29 00:06:32 | 000,019,709 | ---- | M] () -- C:\Users\***\arbeitsstoepsie-20120828-01.xspf
[2012.08.24 09:44:54 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2012.08.24 09:11:21 | 000,011,098 | ---- | M] () -- C:\Windows\SysNative\wpdmtp.inf
[2012.08.20 09:32:58 | 000,001,525 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.08.20 09:29:09 | 000,001,876 | ---- | M] () -- C:\Users\***\.ufrawrc
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.10 07:18:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.10 06:16:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
[2012.09.09 23:14:42 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.29 08:40:34 | 000,068,161 | ---- | C] () -- C:\Users\***\arbeitsstoepsie-20120829-01.xspf
[2012.08.29 00:06:32 | 000,019,709 | ---- | C] () -- C:\Users\***\arbeitsstoepsie-20120828-01.xspf
[2012.08.24 09:15:40 | 000,011,098 | ---- | C] () -- C:\Windows\SysNative\wpdmtp.inf
[2012.08.20 09:32:58 | 000,001,525 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.05.26 11:51:56 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2012.05.25 19:51:00 | 000,000,000 | ---- | C] () -- C:\Users\***\runas
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.09 22:27:09 | 000,000,000 | ---- | C] () -- C:\Users\***\cd
[2012.02.01 13:08:39 | 000,008,296 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.31 14:54:19 | 000,042,710 | ---- | C] () -- C:\Users\***\Stoepsi.xspf
[2011.10.26 13:58:30 | 000,647,168 | ---- | C] () -- C:\Windows\SysWow64\sonicismdsp.dll
[2011.10.26 10:11:56 | 000,007,168 | ---- | C] () -- C:\Windows\libDSPXUtils.dll
[2011.09.17 13:31:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.01 20:46:20 | 000,000,109 | ---- | C] () -- C:\Users\***\.iccbutton_history
[2011.05.23 09:32:46 | 000,069,263 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2011.04.02 15:35:25 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.04.02 15:35:25 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.03.27 19:19:11 | 000,002,147 | ---- | C] () -- C:\Users\***\photorec.cfg
[2011.03.16 22:13:35 | 000,540,818 | ---- | C] () -- C:\Users\***\AppData\Roaming\.gmic_def.1483
[2011.03.16 20:42:09 | 000,000,741 | ---- | C] () -- C:\Users\***\03
[2011.03.16 20:29:45 | 000,000,092 | ---- | C] () -- C:\Users\***\mm.cfg
[2011.03.12 22:10:02 | 000,000,075 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2011.03.02 14:55:51 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_20211102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_20011102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_11011102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_10231102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_10221102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_10211102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_10011102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0008&SUBSYS_10001102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20071102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20061102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20051102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20041102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20031102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20021102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_20011102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_100A1102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10091102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10081102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10071102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10061102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10051102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10041102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10031102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_10021102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_005C1102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_005B1102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_005A1102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00591102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00581102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00571102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00561102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00551102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00541102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00531102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00521102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00511102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00431102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00421102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00411102.INI
[2011.03.02 14:22:22 | 000,001,051 | ---- | C] () -- C:\Windows\SysWow64\PCI_VEN_1102&DEV_0004&SUBSYS_00401102.INI
[2011.03.02 12:56:20 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2011.03.02 12:56:19 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2011.03.02 12:56:19 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2011.03.02 12:56:19 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2011.03.02 12:56:19 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2011.03.02 12:56:19 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2011.03.02 12:56:18 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2011.03.02 12:56:18 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2011.03.02 12:56:18 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2011.03.02 12:56:18 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2011.03.02 12:56:18 | 000,050,466 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2011.03.02 12:56:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2011.03.02 12:56:18 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011.01.22 01:34:03 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys
[2011.01.22 01:34:02 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2011.01.08 23:39:24 | 000,048,522 | ---- | C] () -- C:\Windows\SysWow64\nglide_uninst.exe
[2010.12.27 23:45:50 | 000,000,068 | ---- | C] () -- C:\Users\***\.gtk-bookmarks
[2010.12.26 02:05:46 | 000,001,876 | ---- | C] () -- C:\Users\***\.ufrawrc
[2010.11.21 17:14:44 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2010.11.21 14:21:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.11.21 14:19:57 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2010.11.21 14:19:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2010.11.21 12:42:26 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2010.11.21 12:06:32 | 000,033,533 | ---- | C] () -- C:\Windows\SysWow64\CoreVorbis-uninstall.exe
[2010.11.21 12:06:28 | 000,036,734 | ---- | C] () -- C:\Windows\SysWow64\OggDSuninst.exe
[2010.11.21 02:01:15 | 000,099,384 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2010.11.21 02:01:15 | 000,007,859 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2010.11.21 02:01:15 | 000,001,167 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2010.10.15 17:32:26 | 001,298,432 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll
[2010.10.14 01:04:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nglide_config.exe
[2010.10.09 18:58:18 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn4698.exe
[2010.09.12 22:59:27 | 000,002,266 | ---- | C] () -- C:\Users\***\von_canon_in_xvid.xml
[2010.06.13 20:38:37 | 000,010,240 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 09:41:47 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND

< End of report >

und die "Extras":

Code:

ATTFilter

OTL Extras logfile created on: 10.09.2012 08:25:48 - Run 2
OTL by OldTimer - Version 3.2.61.3     Folder = \\SOL\Pcsk\antivirus\analyse\otl
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,93 Gb Available Physical Memory | 74,13% Memory free
15,99 Gb Paging File | 13,71 Gb Available in Paging File | 85,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 22,17 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 44,22 Gb Free Space | 18,99% Space Free | Partition Type: NTFS
Drive E: | 930,51 Gb Total Space | 21,86 Gb Free Space | 2,35% Space Free | Partition Type: NTFS
Drive F: | 221,51 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 154,76 Gb Total Space | 69,82 Gb Free Space | 45,12% Space Free | Partition Type: NTFS
 
Computer Name: PHENOM2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2C22EA92-CB30-4932-0050-000001000000}" = InfraRecorder 0.50 (x64 edition)
"{2C22EA92-CB30-4932-0051-000001000000}" = InfraRecorder 0.51 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{38D0E001-2620-40A9-8C44-3B52A50D090A}" = nHancer
"{4723f199-fa64-4233-8e6e-9fccc95a18ef}" = Python 2.6.5 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.2.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82CD33B2-1DE6-4663-B6F0-1592B2376F78}" = VS10Runtimex64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{899FCA36-ADAF-4612-8579-B37DDB0C092F}" = Saitek SD6 Programming Software 6.6.6.9
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9B7CEA17-E1CC-43E1-A2F6-F36A34051539}_is1" = Photivo version 24 June 2011 (rev f733db979a09)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 0.8 x64 OpenCL
"{D1AC5696-CC7E-34D7-89B3-4D09E7CF7D14}" = Strawberry Perl
"{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"AC3ACM" = AC-3 ACM Codec
"Company of Heroes" = Company of Heroes
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"LameACM" = Lame ACM MP3 Codec
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28 
"MediaCoder x64" = MediaCoder x64 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D07ED9-2BCC-42D2-A85C-CA617CAD58CB}" = Nokia Suite
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{12D5634B-C561-4BB8-B913-1F671E0CDFE7}_is1" = Unrar Extract and Recover 2.5
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster Audigy 2 ZS
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{37CEDA16-4954-4766-A64A-16A1ED44A3B4}" = Handley Page Hastings for FSX
"{3B42E4D7-3EF4-4E35-B4DC-8B3FAB253928}" = Douglas C-74 Globemaster for FSX
"{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}" = Worms 4 Mayhem
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{55A83A82-54E6-4E73-A9BE-534C188A6754}" = Armstrong Whitworth Ensign for FSX
"{584ED208-3CDE-4E56-BA6B-0CF7E0F203AC}" = Python 2.7 PyGTK 2.22.6
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5B257C09-6A05-4308-9A6D-E8A2CAE21EA9}" = Star Wars Galaxies: The Total Experience
"{60DA1EC2-27C2-4A51-A77D-F482E186531E}" = Ilyushin IL-14 for FSX
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{7B6202FC-9F96-48F6-8D86-746F3CED438A}" = TMPGEnc 4.0 XPress
"{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZM
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850F15DD-E932-4055-B683-C10F1FB7AE12}" = DH106 Comet 1 and 2 for FSX or FS2004
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.02
"{86E2D36E-0FBB-4185-81C4-6B520C32A030}" = Nokia Configuration Tool 6.3
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A7B44FB6-5631-4A4A-9DAD-82F7E3C767B9}" = Visual C++ Runtime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0044FB2-3EF3-45AB-BEDC-719B17FA0FF7}" = RawHide
"{BAA11826-70EF-4E44-9E97-8476793E022F}" = Launchpad Enhanced
"{BC95F126-2C72-4970-AED4-131A0E81432C}" = Setup
"{D7BD0784-AA59-4950-9111-625D9D951BC3}" = Python for S60
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EEC972A1-CCFC-492C-A3E0-4A10E0783C88}" = RoboShips
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.1700
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FD806CE1-A3C1-4F9E-A1F5-3E68D6A873BF}" = Douglas DC-4 for FSX or FS2004
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{WIDELANDS-WIN32-IS}_is1" = Widelands
"AC3Filter" = AC3Filter (remove only)
"ACDSee" = ACDSee
"AcMgrDDL" = DDL and DTS Connect License Activation
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALchemy" = Creative ALchemy
"Aodix" = Arguru Software Aodix
"ArtsAcoustic CL Series_is1" = ArtsAcoustic CL Series v1.0.19
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioCS" = Creative Audio Console
"AutoGK" = Auto Gordian Knot 2.53b
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AviSynth Batch Scripter_is1" = AviSynth Batch Scripter 1.0.1
"AVISynthesizer" = AVISynthesizer
"burnatonce_is1" = burnatonce
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Clementine" = Clementine
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DelinvFile_is1" = DelinvFile - 4.04
"Deus Ex" = Deus Ex
"dng4ps2" = dng4ps2
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ELECTRA_is1" = ELECTRA 2.4
"Equalizer" = Creative Graphic Equalizer
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"F-16 Block 20 (FS2004)" = F-16 Block 20 (FS2004)
"FAKEFACTORY CM10V10.40" = FAKEFACTORY Cinematic Mod V10
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Fix Chromatic Aberration Gimp Plugin_is1" = Fix Chromatic Aberration Gimp Plugin version 3.0.2
"flaME" = flaME 1.14
"FlashDevelop" = FlashDevelop 3.3.4
"FlashGet(JetCar)" = FlashGet(JetCar)
"Fokker_0" = Fokker Dr I 1.0
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Future Pinball_is1" = Future Pinball
"Gimp" = Gimp 2.7.3
"Gimp Resynthesizer Plugin_is1" = Gimp Resynthesizer Plugin version 0.16
"G'MIC for GIMP_is1" = G'MIC for GIMP version 1.4.8.3
"GnuPG" = GNU Privacy Guard
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"Grob SPn ---  rel. 3.00" = Grob SPn ---  rel. 3.00
"Grob SPn --- UPDATE to rel. 3.1.1" = Grob SPn --- UPDATE to rel. 3.1.1
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.5
"hedgewars" = Hedgewars
"Immunet Protect" = Immunet 3.0
"Inkscape" = Inkscape 0.47
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"Jack v1.9.5" = Jack v1.9.5
"jahPlayer" = jahPlayer
"JXplorer 3.2.2" = JXplorer
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveBilliards" = LiveBilliards
"Macaw_is1" = Macaw 301
"MadTracker 2" = MadTracker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"ManyBass 1.0_is1" = ManyBass 1.0
"MediaCoder NT CUDA" =  MediaCoder NT CUDA 1.0-20100720
"MediaCoder x64" = MediaCoder x64 0.7.3.4625
"MeGUI" = MeGUI (remove only)
"Mildon Studios OtoMarch VSTi v2.0.2_is1" = OtoMarch
"mmswitch" = Morgan Stream Switcher
"ModPlug Player v1.46_is1" = ModPlug Player
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MythTv_is1" = MythTv 0.24(git_1-g347cd24)
"nGlide" = nGlide v0.94
"nHancer" = nHancer
"Nmap" = Nmap 5.30BETA1
"Nokia Configuration Tool 6.3" = Nokia Configuration Tool
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"Orbit_is1" = Orbit Downloader
"PakkISO_is1" = PakkISO 0.4
"PhonerLite_is1" = PhonerLite 2.01
"PhotoME Beta-Release_is1" = PhotoME Beta-Release
"PumpKIN" = Klever PumpKIN 2.7.3
"Quest3D Viewers 3.0e_is1" = Quest3D Viewers 3.0e
"QuteCom" = QuteCom 2.2
"Rename-It!" = Rename-It!
"Rigs of Rods 0.38.33" = Rigs of Rods 0.38.33
"Rigs of Rods Toolkit" = Rigs of Rods Toolkit 0.34-rc3
"Separate+ Gimp Plugin_is1" = Separate+ Gimp Plugin version 0.5.7
"SFBM" = SoundFont Bank Manager
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SPEAKER" = Creative Speaker Settings
"Steam App 201310" = X3: Albion Prelude
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 2820" = X3: Terran Conflict
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3480" = Peggle Deluxe
"Steam App 3540" = Peggle Nights
"Steam App 360" = Half-Life Deathmatch: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39000" = Moonbase Alpha
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 520" = Team Fortress 2 Beta
"Steam App 630" = Alien Swarm
"Steam App 90600" = Company of Heroes Retail Beta
"SumatraPDF" = SumatraPDF
"SysInfo" = Creative System Information
"Target 3001! V14 discover" = Target 3001! V14 discover
"UFRaw_is1" = UFRaw 0.18
"Unsharp Mask 2 Gimp Plugin_is1" = Unsharp Mask 2 Gimp Plugin version 0.12
"Vintage Vocoder 1.03 Build 1" = Vintage Vocoder 1.03 Build 1
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.1.11
"VLMC" = VideoLAN Movie Creator
"VobSub" = VobSub v2.23 (Remove Only)
"Warmux" = Warmux
"Warzone 2100" = Warzone 2100
"Wavelet Decompose Gimp Plugin_is1" = Wavelet Decompose Gimp Plugin version 0.1.2
"Wavelet Denoise Gimp Plugin_is1" = Wavelet Denoise Gimp Plugin version 0.3.1
"Wavelet Sharpen Gimp Plugin_is1" = Wavelet Sharpen Gimp Plugin version 0.1.2
"Winamp" = Winamp (remove only)
"WinFF_is1" = WinFF 1.3.2
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR Archivierer
"Wireshark" = Wireshark 1.7.0
"wxCommunicator_is1" = wxCommunicator
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"X3TC Bonus Package_is1" = X3TC Bonus Package 4.1.01
"Xming_is1" = Xming 6.9.0.31
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Beechcraft D18S-SNB Aircraft Package for FSX" = Beechcraft D18S-SNB Aircraft Package for FSX
"FSX Wyvern" = FSX Wyvern
"HS Nimrod by Simshed" = HS Nimrod by Simshed
"SCA Fairchild C119 Air Cargo N402GB" = SCA Fairchild C119 Air Cargo N402GB
"Swordfish X" = Swordfish X
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2012 08:25:16 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 12.04.2012 10:19:48 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 13.04.2012 06:15:04 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 15.04.2012 16:30:07 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 17.04.2012 05:00:13 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 17.04.2012 14:24:11 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 18.04.2012 22:23:59 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 20.04.2012 18:06:32 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
Error - 23.04.2012 05:43:14 | Computer Name = PHENOM2.DYNAMIK | Source = Application Error | ID = 1000
Description = Faulting application name: clementine.exe, version: 1.0.0.0, time 
stamp: 0x4f1c01ba  Faulting module name: clementine.exe, version: 1.0.0.0, time stamp:
 0x4f1c01ba  Exception code: 0xc0000005  Fault offset: 0x00425a64  Faulting process id:
 0xcf0  Faulting application start time: 0x01cd211b705e7cc2  Faulting application path:
 C:\Program Files (x86)\Clementine\clementine.exe  Faulting module path: C:\Program
 Files (x86)\Clementine\clementine.exe  Report Id: be706ae6-8d28-11e1-b9ad-001b2150e5a6
 
Error - 24.04.2012 07:17:00 | Computer Name = PHENOM2.DYNAMIK | Source = Microsoft-Windows-User Profiles Service | ID = 1504
Description = Windows Windows cannot update your roaming profile completely. Check
 previous events for more details.     
 
[ System Events ]
Error - 09.09.2012 14:09:56 | Computer Name = PHENOM2.DYNAMIK | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 09.09.2012 14:09:56 | Computer Name = PHENOM2.DYNAMIK | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 10.09.2012 00:16:40 | Computer Name = PHENOM2.DYNAMIK | Source = Service Control Manager | ID = 7030
Description = The Immunet 3.0 service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 10.09.2012 00:29:28 | Computer Name = PHENOM2.DYNAMIK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 06:27:35 on ?10.?09.?2012 was unexpected.
 
Error - 10.09.2012 00:29:29 | Computer Name = PHENOM2 | Source = BugCheck | ID = 1005
Description = 
 
Error - 10.09.2012 00:29:29 | Computer Name = PHENOM2 | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.09.2012 00:29:33 | Computer Name = PHENOM2.DYNAMIK | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain DYNAMIK due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 10.09.2012 00:36:01 | Computer Name = PHENOM2.DYNAMIK | Source = DCOM | ID = 10010
Description = 
 
Error - 10.09.2012 01:11:17 | Computer Name = PHENOM2.DYNAMIK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 07:05:29 on ?10.?09.?2012 was unexpected.
 
Error - 10.09.2012 01:11:22 | Computer Name = PHENOM2 | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain DYNAMIK due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
 
< End of report >

Für weiter Tips zwecks Auswertung ob der Rechner sauber ist wäre ich dankbar.

Grüße,
Errorsmith

cosinus · 11.09.2012, 12:11

Wenn du eh alles neu installieren willst ist eine vorherige Bereinigung doch reine Zeitverschwendung!

Einfach von einer Rettungs-CD booten (Linux-Live-CD) und alle relevanten Daten sichern, dann eine saubere Neuinstallation machen und an die Absicherung denken

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)

errorsmith · 11.09.2012, 23:00

Hi

Die Datensicherung wollte ich mit dem FreeBSD machen das auch darauf installiert ist. Eine LiveCD tuts natürlich auch. Als Sicherungsmedium verwende ich ein NFS-Share auf meinem Heimserver. Alles andere bietet nicht genug Platz. Das ich nichts ausführbares sichern sollte versteht sich von selbst. Der Punkt ist halt der, das ich erst am WE dazu komme und ihn so "lassen" muß.

Ich mache da eigentlich nichts kritisches drauf, es ist nur ein Spiel- & Bastelrechner, die sicherheitsrelevanten Dinge erledige ich auf einem anderen Rechner der mit PXE übers lokale Netz ein Diskimage (TinyCoreLinux) lädt und selber keine Festplatten hat.

Wenn da also keine aktue Gefahr besteht würde ich die Kiste erstmal so lassen...?

Grüße,
Errorsmith

cosinus · 12.09.2012, 00:19

Ja das installierte FreeBSD geht natürlich auch
Natürlich geht vom verseuchten Windows eine gewisse Gefahr aus aber warum soll man stundenlang bereinigen? Das macht doch keinen Sinn wenn man es wenig später ins Nirvana schickt.

Dann lass die Windows-Nutzung eben sein bis alles neu ist

Diverse Maleware bereinigt - alles weg? (OTL Log)

Log-Analyse und Auswertung: Diverse Maleware bereinigt - alles weg? (OTL Log)