Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner TR/TDss.abx und TR/Alureon, Dateien weg

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 22.09.2012, 13:05   #1
ChristinaXXX
 
Trojaner TR/TDss.abx und TR/Alureon, Dateien weg - Standard

Trojaner TR/TDss.abx und TR/Alureon, Dateien weg



Hallo zusammen,

ich bin kein großer Computerfachmann, aber ich versuche es trotzdem mal in diesem Forum und hoffe, dass ich sowohl meine Problembeschreibung vernünftig hinbekomme, vor allem aber auch eure möglichen Antworten verstehe!

Am Donnerstag Nachmittag meldete Avira einen Sicherheitshinweis, danach ging alles ganz schnell, innerhalb weniger Sekunden/Minuten verschwanden die meisten Icons von meinem Desktop und ein Pop-up "Write Fault Error" öffnete sich gefühlte 100x. Ich habe dann den Laptop heruntergefahren. Als ich ihn wieder hoch gefahren hab, war der Desktophintergrund schwarz und alle eigenen Dateien sind weg bzw. nicht mehr sichtbar, alle Ordner sind leer.

Da ich nun gar nicht weiß, wie ich am besten vorgehe, befolge ich gerade die Schritte, die hier "für alle Hilfesuchenden" angezeigt werden.
Es wäre schön, wenn ihr dazu Kommentare/Tipps abgeben könntet.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.09.2012 13:20:12 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free
6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe
PRC - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe
PRC - [2012.09.20 21:01:18 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe
PRC - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.26 09:26:46 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012.08.12 12:00:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:40:29 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012.01.11 19:27:46 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE
PRC - [2011.07.13 22:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008.11.06 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.21 13:51:47 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.07.25 09:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2008.01.21 04:25:31 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:24:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe
PRC - [2008.01.21 04:23:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | -H-- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [1999.04.23 22:45:44 | 008,441,907 | R--- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\WINWORD.EXE
PRC - [1999.03.05 23:26:12 | 000,753,703 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Artgalry\ARTGALRY.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe
MOD - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe
MOD - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012.01.27 11:02:32 | 000,569,344 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll
MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007.11.02 12:36:16 | 000,048,208 | -H-- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 12:28:16 | 000,434,176 | -H-- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | -H-- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | -H-- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:40 | 000,061,440 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | -H-- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | -H-- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
MOD - [1999.02.02 01:39:14 | 000,073,785 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGR.DLL
MOD - [1999.02.01 22:10:52 | 000,057,403 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGRPS.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.20 21:01:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008.07.25 09:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:40:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:40:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.13 22:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2011.07.13 22:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2011.07.13 22:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studi-vz.de/hxxp://www [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [r9VEbHteCG314G] C:\ProgramData\r9VEbHteCG314G.exe ()
O4 - HKCU..\Run: [SjaPfXBKSlE.exe] C:\ProgramData\SjaPfXBKSlE.exe ()
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun
O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.22 13:19:37 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe
[2012.09.22 13:09:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.22 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes
[2012.09.22 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 13:09:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 09:14:31 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012.09.20 16:47:35 | 000,000,000 | -H-D | C] -- C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.09.14 06:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.01.28 13:32:02 | 059,218,544 | -H-- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Chrissi\ElsterFormular-13.0.0.8086p.exe
[2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ]
[1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 13:26:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe
[2012.09.22 13:18:40 | 000,000,000 | ---- | M] () -- C:\Users\Chrissi\defogger_reenable
[2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe
[2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.22 13:09:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.22 13:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.22 12:30:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 12:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 12:30:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 22:51:00 | 000,000,611 | -H-- | M] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk
[2012.09.21 22:50:55 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A6916323-0D5C-4C98-A24C-DFAC802B17CD}.job
[2012.09.20 16:57:53 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.20 16:57:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.20 16:57:53 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.20 16:57:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314Gr
[2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314G
[2012.09.20 16:47:35 | 000,000,368 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G
[2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe
[2012.09.20 16:45:32 | 000,070,375 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe
[2012.09.18 06:40:48 | 000,391,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.08 17:59:24 | 000,465,898 | -H-- | M] () -- C:\Users\Chrissi\Ticket Bahn.pdf
[2012.09.07 22:08:27 | 000,078,848 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 17:07:02 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chrissi.job
[2012.09.05 15:28:56 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ]
[1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.22 13:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Chrissi\defogger_reenable
[2012.09.22 13:17:34 | 000,050,477 | ---- | C] () -- C:\Users\Chrissi\Documents\Defogger.exe
[2012.09.22 13:09:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.21 22:51:00 | 000,000,611 | -H-- | C] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk
[2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314Gr
[2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314G
[2012.09.20 16:47:30 | 000,000,368 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G
[2012.09.20 16:47:26 | 000,278,528 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G.exe
[2012.09.20 16:27:57 | 000,381,952 | -H-- | C] () -- C:\ProgramData\SjaPfXBKSlE.exe
[2012.09.08 17:59:20 | 000,465,898 | -H-- | C] () -- C:\Users\Chrissi\Ticket Bahn.pdf
[2012.04.24 18:35:07 | 000,431,054 | -H-- | C] () -- C:\Users\Chrissi\Girls'Day 1.pdf
[2012.04.05 22:31:47 | 006,655,589 | -H-- | C] () -- C:\Users\Chrissi\Xperia ray.pdf
[2012.01.07 13:55:19 | 019,738,624 | -H-- | C] () -- C:\Users\Chrissi\epson373282eu.exe
[2012.01.07 13:54:39 | 019,914,752 | -H-- | C] () -- C:\Users\Chrissi\epson373062eu.exe
[2011.10.07 18:43:33 | 000,000,680 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\d3d9caps.dat
[2011.08.17 12:52:04 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Vbis4032.dll
[2011.04.30 10:53:49 | 001,489,288 | -H-- | C] () -- C:\Users\Chrissi\setup_dm_Fotowelt.exe
[2010.11.18 18:33:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.13 18:17:24 | 000,254,903 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin
[2010.10.19 11:10:47 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2010.10.03 11:39:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.10.03 11:39:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.10.03 11:39:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.10.03 11:39:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.10.03 11:39:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.10.03 11:39:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.10.03 11:39:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.10.03 11:39:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.10.03 11:39:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.10.03 11:39:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.10.03 11:39:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.10.03 11:39:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.10.03 11:39:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.10.03 11:39:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.10.03 11:39:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.08.05 10:05:30 | 000,001,115 | -H-- | C] () -- C:\Users\Chrissi\Meine Karstadt-Fotowelt.lnk
[2009.05.06 16:55:00 | 000,001,024 | -H-- | C] () -- C:\Users\Chrissi\.rnd
[2009.01.28 19:38:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.27 12:24:11 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.09.27 11:30:24 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.15 20:34:30 | 000,000,202 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\default.pls
[2008.09.13 18:26:16 | 000,078,848 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.13 18:08:22 | 000,000,098 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2010.05.05 20:05:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png
[2010.05.05 20:05:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png
[2010.05.05 20:05:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png
[2010.05.06 06:00:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png
[2010.05.06 06:00:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png
[2010.05.06 06:00:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png
[2011.12.04 00:27:08 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\LocalLow\Microsoft\Silverlight\is\4bsboea4.cfx\mmrfzxpv.vgg\1\l
[2009.12.13 16:19:55 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ULZ8C7KZ\a69.g.akamai.net\n
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.08.19 11:23:28 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\46developments
[2011.07.02 18:39:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Audacity
[2008.09.14 12:06:05 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Buhl Data Service GmbH
[2011.11.16 18:21:14 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft
[2011.11.16 18:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.28 13:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\elsterformular
[2012.01.10 18:37:51 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Epson
[2009.01.27 15:59:29 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Phase6
[2011.12.05 23:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies
[2011.12.05 22:32:09 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies Inc
[2010.11.18 18:36:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Softland
[2012.04.07 15:00:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Sony
[2008.09.13 18:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Template
[2008.09.17 19:15:49 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.09.2012 13:20:12 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\Chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free
6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Karstadt-Fotowelt] -- "C:\Program Files\Karstadt\Meine Karstadt-Fotowelt\Meine Karstadt-Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2986DBE1-539F-4A24-8605-50906E3E6605}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3BA6854B-406C-414D-8EAD-6876C2FB4C3B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{49211DFC-C1BF-429C-B248-E05E6BFB2D49}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5D7C00D1-76E2-4C7F-9BA9-8FCCA8BC51AE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{69BB0572-1F0F-47A3-A6BC-1C5E144EFD5C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72AA26A7-DF78-41CC-A663-1EAC7C9B9F81}" = lport=445 | protocol=6 | dir=in | app=system | 
"{78288CB0-BCC9-4987-AC4E-85CD408BF19E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B6B37C10-3EF5-4A2B-A3DC-7AC2206877EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E446AA6E-A891-4E50-B539-8D8C651A891F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC8B80C7-A86F-4DCC-86AD-44D8DF33C6D2}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{21A41C95-340F-4AD5-91FE-19B069C77A68}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2481B520-747C-49E5-89DC-B27BFA2A7C97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{29940B74-9F36-4EE6-AFEC-2731CCD30CBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{46F80359-F09E-4F45-AF63-9309D9D2CC59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D6050F4-AE2F-45EB-BFCD-1EA0ABD83211}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{4DE66C25-8709-43BB-BFF6-13D1A3AB6FC7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{723D9645-0B50-4D20-BD0D-18EF3F7EFA42}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{7CC1350B-04C1-4954-AFB7-FE17A95645B6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"{86DA8028-FE04-41BC-BEFE-78B2D0F6AFF6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{8CD10789-218B-45CE-8FB0-6B4FAAC0A31F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{99B0D0DC-CE6B-4AE6-B59C-4F687E19E4A3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe | 
"{9B1E5950-8A48-4E4B-8824-68218A65B604}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{9B72487C-ECA1-43B5-BAB8-037BA06EF652}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{A7A68435-AAE2-413C-9A39-6924112AF550}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe | 
"{AA57ACA5-4A62-4FD2-BE7A-3C53CBAF7816}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B6E2F143-CF8A-4098-9B9D-7EDF6064B165}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C3040D99-D579-4FB0-8A2E-3A10811FC52A}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe | 
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{D1402EB9-87AB-4A44-96AD-DB05CFC9067C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E61870C5-833E-4C2D-8882-BAF8A98A7CA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EDCBDED3-ED6C-4742-B65B-ABC578A00BF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF32D63C-C16A-4284-A80B-9B2C907C617D}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | 
"{EFB5CCC4-CC4F-46B6-8D28-2E2A6B0FE95B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe | 
"TCP Query User{30DC8663-9DA8-4015-826C-03EA2F9AD995}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{851B0A43-F1E5-4D41-9794-B62857D68DA8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{87CEF52A-835D-43E4-BD3B-608FE79F77BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{9AFF63F8-4E0E-43F9-A9C8-E8E648F72199}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | 
"TCP Query User{BFBBB392-5BEB-4E7D-98BF-0D5B4BA63125}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{C594A663-8F8F-40B1-9CC9-C2901980DA2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2852B6F4-54D4-4A54-BA79-CEC08AC9DF58}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{42FF2B10-74C5-4FB4-B0B2-75390C29142D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{6E47E554-2289-4495-A86B-99308008B472}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | 
"UDP Query User{869A46F5-381E-47E0-BF06-532363643D5B}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{9990081F-FBD3-451B-ADE6-24882C1FDC2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9A04AF51-AC93-4150-A75D-33EDB7332258}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1EEC3AE8-BF60-4123-9E14-8C9750256F1D}" = Sprachtrainer Red Line 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{460C1164-8857-45B4-82F0-EBBAB790D086}" = Rund um (2.0) ... Demokratie heute 5-6 NRW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{59D4F411-9675-406B-9BC1-F0D7ACBE2529}" = Rund um (2.0) ... Demokratie heute 7-8 NRW
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65B73529-4493-40AA-A82F-81CC7B8C06CF}" = Red Line 4 Sprachtrainer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{835EB248-97A4-4B32-88A1-4AAB8527C536}" = Rund um (2.0) ... Demokratie heute 9-10 NRW
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aldi Foto Service" = Aldi Foto Service 4.6
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clarity recorder" = Clarity recorder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm-Fotowelt" = dm-Fotowelt
"doPDF 7 printer_is1" = doPDF 7.1 printer
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KlassenManager 3.0" = KlassenManager 3.0
"Klett Lehrersoftware Red Line (Band 2)" = Klett Lehrersoftware Red Line (Band 2)
"Klett Lehrersoftware Red Line (Band 3)" = Klett Lehrersoftware Red Line (Band 3)
"Klett Lehrersoftware Red Line (Band 4)" = Klett Lehrersoftware Red Line (Band 4)
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Meine Karstadt-Fotowelt" = Meine Karstadt-Fotowelt
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 6.0" = RealPlayer
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.09.2012 11:46:35 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b,
 fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018,
 Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d,  Prozess-ID 0x15c0, Anwendungsstartzeit
 01cd967de590e731.
 
Error - 20.09.2012 09:14:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.09.2012 10:47:08 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.09.2012 12:29:06 | Computer Name = Chrissi-PC | Source = VSS | ID = 8194
Description = 
 
Error - 20.09.2012 14:09:58 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.09.2012 16:49:41 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2012 06:31:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2012 06:32:48 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.9.0, Zeitstempel
 0x493788e3, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02020202,  Prozess-ID 0xfbc, Anwendungsstartzeit
 01cd98ad4f0ca7dc.
 
Error - 22.09.2012 06:34:06 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung appverif.exe, Version 6.2.8400.0, Zeitstempel
 0x4fb70b44, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000022, Fehleroffset 0x00009cfc,  Prozess-ID 0x15b4, Anwendungsstartzeit
 01cd98adc2c7076c.
 
Error - 22.09.2012 06:36:10 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b,
 fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018,
 Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d,  Prozess-ID 0x1724, Anwendungsstartzeit
 01cd98adcccd502c.
 
[ System Events ]
Error - 21.09.2012 16:48:09 | Computer Name = Chrissi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.09.2012 um 21:14:12 unerwartet heruntergefahren.
 
Error - 21.09.2012 16:48:14 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.09.2012 16:50:11 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.09.2012 16:51:56 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.09.2012 02:33:43 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.09.2012 02:35:20 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.09.2012 06:30:10 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.09.2012 06:31:19 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 22.09.2012 06:35:54 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 22.09.2012 06:38:00 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---



Ich habe ein 32 bit System, der GMER Scan läuft gerade auf dem beschädigten Laptop. Daten stelle ich dann gleich hier rein.



Wie geh ich denn jetzt überhaupt weiter vor?

Vielen Dank schonmal für eure Hilfe!

Geändert von ChristinaXXX (22.09.2012 um 14:02 Uhr)

 

Themen zu Trojaner TR/TDss.abx und TR/Alureon, Dateien weg
antivir, bonjour, browser, conduit, dateien weg, demokratie, downloader, education, flash player, homepage, hotkey.sys, install.exe, intranet, launch, ntdll.dll, plug-in, pum.hijack.startmenu, realtek, security, senden, softonic deutsch toolbar, software, svchost.exe, tr/tdss.abx, trojan.fakealert, trojan.foury, trojaner, win32/adware.hddrescue.ab, win32/kryptik.amdf, win32/toolbar.asksbar, xperia




Ähnliche Themen: Trojaner TR/TDss.abx und TR/Alureon, Dateien weg


  1. BOO/TDss.O - Kein Zugriff auf Dateien mehr
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (25)
  2. AW: TDSSKiller: Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen
    Mülltonne - 05.10.2011 (0)
  3. Boo/TDss.A nach Entfernen(?) von Alureon.A gefunden
    Log-Analyse und Auswertung - 20.06.2011 (15)
  4. verloren gegangene dateien nach TR/TDss.17.35 wiederherstellen
    Log-Analyse und Auswertung - 03.04.2011 (7)
  5. Unerwünschtes Programm 'BDS/TDSS.6246458.1' [backdoor] gefunden! + Trojaner "TR/Alureon.EC.63"
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (1)
  6. 40 Tan Trojaner DKB (Avira findet TR/Alureon.DF.3 und TR/Vundo.Gen)
    Plagegeister aller Art und deren Bekämpfung - 05.01.2011 (5)
  7. Trojaner TR/Alureon.B gefunden :-((
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (3)
  8. Trojaner TR/Alureon.B gefunden
    Log-Analyse und Auswertung - 09.08.2010 (6)
  9. TDSSKiller: Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen
    Anleitungen, FAQs & Links - 19.01.2010 (2)
  10. Nach Trojaner Alureon HijackThis
    Log-Analyse und Auswertung - 08.01.2010 (1)
  11. Alureon Trojaner
    Log-Analyse und Auswertung - 28.12.2009 (3)
  12. Trojaner Alureon
    Log-Analyse und Auswertung - 28.12.2009 (5)
  13. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  14. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  15. mit Trojaner Alureon infiziert
    Plagegeister aller Art und deren Bekämpfung - 03.09.2009 (8)
  16. Trojaner TR/Alureon.14848J und event. andere Problemchen :-(
    Plagegeister aller Art und deren Bekämpfung - 11.07.2009 (53)
  17. Rootkit RKIT/TDss.G.22 Backdoorprogramm BDS/TDSS.adb und Trojaner TR/Proxy.GHY
    Log-Analyse und Auswertung - 21.12.2008 (28)

Zum Thema Trojaner TR/TDss.abx und TR/Alureon, Dateien weg - Hallo zusammen, ich bin kein großer Computerfachmann, aber ich versuche es trotzdem mal in diesem Forum und hoffe, dass ich sowohl meine Problembeschreibung vernünftig hinbekomme, vor allem aber auch eure - Trojaner TR/TDss.abx und TR/Alureon, Dateien weg...
Archiv
Du betrachtest: Trojaner TR/TDss.abx und TR/Alureon, Dateien weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.