Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich

Herbie63 · 30.09.2012, 19:39

Hallo zusammen

Ich habe ein Problem mit Maleware der zu einem weissen Bildschirm führt. Ich habe auf dem Internet Videos gesucht und der Desktop wurde plötzlich komplett weiss. ALt-Ctrl-Del kann betätigt werden, aber der Task Manager endet nach kurzem Aufleben (Bruchteil einer Sekunde) des Desktops wieder im weissen Bildschirm. Neustart im Abgesicherten Modus endet auch wieder im Weiss und die HDD ist aktiv mit Dauerlicht. Da ich RAID 10 habe, war der Backupmodus nicht wirklich frequentiert und würde wichtige Daten verlieren habe Netz getrennt und den Rechner mit Windows nicht mehr gestartet habe.

Da ich Windows (Vista) nicht mehr aktiv bedienen kann, habe ich Avira rescue_system-common-en.iso von einer CD gebootet, aber der Scan hat nichts gefunden (war aus meiner Sicht auch fast zu schnell - bin aber kein Power User). Ich habe von OLT gelesen, aber kann ja kein Win Programme mehr zum Einsatz bringen.

Kann mir jemand helfen, wie ich weitere Reports oder Analyse Programme unter gegebenen Umständen verwenden kann oder mindesten die Daten retten kann?

Danke im Voraus an mögliche Helfer,
Herbie

Hallo, noch eine kleine Ergänzung:

Ich habe zwischenzeitlich xumbutu V12.04.1 als Parallelsystem via CD gebootet. Dabei werden die Windows-Dateien leider nicht dargestellt (USM wird gefunden). Findet xumbutu möglicherweise dei Daten nicht weil beim Aufstarten des BIOS der RAID Status gelb auf Verify gesetzt ist und der RAID Controller die Verifikation macht?

Danke und Grüsse, Herbie

schrauber · 02.10.2012, 07:17

Hi,

Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Herbie63 · 02.10.2012, 23:00

Hallo Schrauber!
Besten Dank für dein Feedback.

Ich habe die Repraturoptionen erst anwählen können nachdem das, von DVD gebootete Betriebsystem, eine Reparatur durchgeführt hat. Den USB musste ich manuell via DOS Fenster suchen (wurde nicht automatisch gefunden) und konnte FRST.exe dann starten. Hier das FRST.txt:

______

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2012 01
Ran by SYSTEM at 02-10-2012 23:44:05
Running from I:\
Windows Vista (TM) Ultimate (X86) OS Language: German Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7514656 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2012-08-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2221352 2008-12-02] (Nero AG)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073352 2012-06-25] (Adobe Systems Incorporated)
HKU\Herbie\...\Run: [AdobeBridge] [x]
HKU\Herbie\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [132392 2009-03-25] (Nero AG)
HKU\Herbie\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [641832 2011-09-23] (Nero AG)
2 NIS; "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-13] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [82960 2011-10-17] (Advanced Micro Devices)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120919.001\BHDrvx86.sys [995488 2012-08-31] (Symantec Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-09] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120921.001\IDSvix86.sys [386720 2012-09-01] (Symantec Corporation)
3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2011-11-14] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120921.033\NAVENG.SYS [92704 2012-09-15] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120921.033\NAVEX15.SYS [1601184 2012-09-15] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NIS\1308000.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NIS\1308000.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-02-10] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NIS\1308000.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-02 23:43 - 2012-10-02 23:43 - 00000000 ____D C:\FRST
2012-09-24 19:27 - 2012-08-24 08:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-24 19:27 - 2012-08-24 08:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-24 19:27 - 2012-08-24 07:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-24 19:27 - 2012-08-24 07:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-24 19:27 - 2012-08-24 07:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-24 19:27 - 2012-08-24 07:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-24 19:27 - 2012-08-24 07:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-24 19:27 - 2012-08-24 07:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-24 19:27 - 2012-08-24 07:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-24 19:27 - 2012-08-24 07:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-24 19:27 - 2012-08-24 07:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-24 19:27 - 2012-08-24 07:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-24 19:27 - 2012-08-24 07:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-24 19:27 - 2012-08-24 07:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-24 19:27 - 2012-08-24 07:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-24 19:27 - 2012-08-24 07:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-22 12:33 - 2012-09-22 12:33 - 00001311 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\viabmhhattppfukegei.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\kumopytjfhd.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe

==================== 3 Months Modified Files ==================

2012-10-02 23:22 - 2006-11-02 11:22 - 52953088 ____A C:\Windows\System32\config\software_previous
2012-10-02 23:18 - 2006-11-02 11:22 - 22806528 ____A C:\Windows\System32\config\system_previous
2012-10-02 23:09 - 2006-11-02 11:22 - 49020928 ____A C:\Windows\System32\config\components_previous
2012-10-02 23:09 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-25 20:12 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-25 20:12 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-09-25 20:00 - 2006-11-02 13:51 - 01711035 ____A C:\Windows\WindowsUpdate.log
2012-09-25 19:58 - 2011-11-14 21:45 - 00001356 ____A C:\Users\Herbie\AppData\Local\d3d9caps.dat
2012-09-24 19:50 - 2006-11-02 11:33 - 01445116 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-24 19:43 - 2011-11-16 06:26 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-24 19:43 - 2006-11-02 14:00 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-24 19:43 - 2006-11-02 13:46 - 00004736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-24 19:43 - 2006-11-02 13:46 - 00004736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-24 19:39 - 2006-11-02 14:00 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-24 19:21 - 2011-11-20 16:53 - 00002721 ____A C:\Users\Herbie\Desktop\Microsoft Outlook 2010.lnk
2012-09-22 14:01 - 2012-01-02 17:29 - 00000258 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
2012-09-22 14:01 - 2011-11-16 06:26 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-22 14:00 - 2012-04-17 06:16 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-22 12:33 - 2012-09-22 12:33 - 00001311 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\viabmhhattppfukegei.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\kumopytjfhd.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe
2012-09-15 01:06 - 2006-11-02 11:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-11 06:13 - 2011-11-16 22:18 - 00000020 ____H C:\Users\All Users\PKP_DLbw.DAT
2012-09-11 06:13 - 2011-11-16 22:17 - 00000020 ____H C:\Users\All Users\PKP_DLbz.DAT
2012-09-11 06:13 - 2011-11-16 22:09 - 00000020 ____H C:\Users\All Users\PKP_DLbx.DAT
2012-09-04 19:57 - 2011-11-25 19:07 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-24 21:30 - 2012-04-17 06:16 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-24 21:30 - 2011-11-25 19:06 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-24 08:27 - 2012-09-24 19:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 08:03 - 2012-09-24 19:27 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 07:59 - 2012-09-24 19:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 07:51 - 2012-09-24 19:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 07:51 - 2012-09-24 19:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 07:51 - 2012-09-24 19:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 07:49 - 2012-09-24 19:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 07:48 - 2012-09-24 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 07:47 - 2012-09-24 19:27 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 07:47 - 2012-09-24 19:27 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 07:47 - 2012-09-24 19:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 07:45 - 2012-09-24 19:27 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 07:44 - 2012-09-24 19:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 07:44 - 2012-09-24 19:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 07:43 - 2012-09-24 19:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 07:40 - 2012-09-24 19:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-17 07:39 - 2006-11-02 13:46 - 03961880 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-17 07:09 - 2006-11-02 13:59 - 00020054 ____A C:\Windows\PFRO.log
2012-08-16 19:39 - 2011-11-15 22:14 - 00002213 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-08-16 00:00 - 2012-08-16 00:00 - 09232584 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-08-05 08:19 - 2011-11-14 21:46 - 00100824 ____A C:\Users\Herbie\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-05 08:18 - 2012-08-05 08:18 - 00001000 ____A C:\Users\Herbie\Desktop\Adobe Photoshop CS6.lnk
2012-08-05 08:18 - 2012-08-05 08:18 - 00000962 ____A C:\Users\Herbie\Desktop\Adobe Bridge CS6.lnk
2012-08-04 21:44 - 2008-08-14 07:57 - 00073312 ____A (Adobe Systems, Inc.) C:\Windows\System32\Drivers\adfs.sys
2012-08-04 21:07 - 2012-08-04 20:56 - 96323488 ____A C:\Users\Herbie\Downloads\S-NEFCDC-011400WF-ALLIN-ALL___.exe
2012-07-29 20:37 - 2011-11-20 16:53 - 00002617 ____A C:\Users\Herbie\Desktop\Microsoft Word 2010.lnk

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-07 21:16:37
Restore point made on: 2012-08-08 21:34:12
Restore point made on: 2012-08-14 19:48:36
Restore point made on: 2012-08-17 07:14:33
Restore point made on: 2012-08-25 12:16:26
Restore point made on: 2012-08-26 09:02:34
Restore point made on: 2012-08-27 21:25:46
Restore point made on: 2012-08-28 20:41:57
Restore point made on: 2012-08-29 23:25:06
Restore point made on: 2012-08-30 23:00:27
Restore point made on: 2012-09-01 15:56:08
Restore point made on: 2012-09-02 11:05:18
Restore point made on: 2012-09-08 08:50:09
Restore point made on: 2012-09-09 08:46:43
Restore point made on: 2012-09-11 20:48:17
Restore point made on: 2012-09-15 01:04:53
Restore point made on: 2012-09-15 16:25:25
Restore point made on: 2012-09-16 21:06:26
Restore point made on: 2012-09-24 19:27:07
Restore point made on: 2012-09-24 19:54:29

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4094.25 MB
Available physical RAM: 3559.02 MB
Total Pagefile: 3843.88 MB
Available Pagefile: 3633.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.71 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:931.52 GB) (Free:135.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (LRMCFRE_DE_DVD) (CDROM) (Total:2.46 GB) (Free:0 GB) UDF
8 Drive i: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr ### Status Gr”áe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 932 GB 993 KB
1 Kein Mediu 0 B 0 B
2 Kein Mediu 0 B 0 B
3 Kein Mediu 0 B 0 B
4 Kein Mediu 0 B 0 B
5 Online 976 MB 0 B

Last Boot: 2012-09-25 19:26

==================== End Of Log ============================

Ich hoffe ich habe es richtig geposted.
Grüsse, Herbie

schrauber · 03.10.2012, 06:21

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\viabmhhattppfukegei.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\kumopytjfhd.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\viabmhhattppfukegei.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\kumopytjfhd.exe
2012-09-16 20:05 - 2012-09-16 20:05 - 00093184 ____A (Centon Electronics, Inc.) C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Versuch nun normal zu booten.

Herbie63 · 03.10.2012, 21:13

Hallo Schrauber

Das hat gewirkt ...ich kann wieder normal booten und soweit ich bis jetzt erkennen kann läuft das Teil wieder. Hier noch der Auszug des Fixlog.txt:
__
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-09-2012 01
Ran by SYSTEM at 2012-10-03 21:59:52 Run:1
Running from I:\

==============================================

C:\Users\Herbie\viabmhhattppfukegei.exe moved successfully.
C:\Users\Herbie\kumopytjfhd.exe moved successfully.
C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe moved successfully.
C:\Users\Herbie\viabmhhattppfukegei.exe not found.
C:\Users\Herbie\kumopytjfhd.exe not found.
C:\Users\Herbie\dzkfpcrvlgppzdvhfvuiaesr.exe not found.

==== End of Fixlog ====

Würdest du nun die Daten retten und alel neu aufsetzten?
Gibt es hier eine Art von 'Donation', ich bin echt froh um deinen Support ...

Grüsse
Herbie

schrauber · 04.10.2012, 06:42

Hi,

Formatieren brauchste nit unbedingt, lass mich erstmal einen Blick ins System werfen im Normalen Modus

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Starte bitte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere nun den Inhalt in die Textbox.

Schließe alle Programme. (Wichtig)
Klicke auf den Quick Scan Button.
Klick auf .
Kopiere den Inhalt aus OTL.txt und Extras.txt hier in Code-Tags in Deinen Thread.

Gerne kannst Du das Board mit einer Spende unterstützen, wie das genau geht kann ich Dir sagen, aber zuerst machen wir die Kiste mal wieder flott

Herbie63 · 04.10.2012, 22:57

Hallo Schrauber,

Sorry, welche Inhalte soll ich in die ' Customer Scan/Fixes Laden' kopieren.

Danke und Grüsse
Herbie

Ich habe mal den Quick Scan ausgeführt und die beiden Dateien OTL.txt und Extras.txt beigelegt:

Code:

ATTFilter

OTL logfile created on: 04.10.2012 23:55:35 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = I:\
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.81% Memory free
6.70 Gb Paging File | 5.36 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 151.01 Gb Free Space | 16.21% Space Free | Partition Type: NTFS
Drive I: | 999.70 Mb Total Space | 993.25 Mb Free Space | 99.35% Space Free | Partition Type: FAT
 
Computer Name: HERBIE-PC | User Name: Herbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 23:49:42 | 000,601,088 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Herbie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.31 21:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2011.11.10 05:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.11.10 05:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 07:02:48 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012.06.13 07:00:49 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.13 06:58:44 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.13 06:58:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.13 06:58:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.13 06:56:53 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.12 03:38:09 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012.05.12 03:36:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 03:35:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 03:34:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 03:33:25 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.12 03:33:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 03:32:57 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.12 03:32:55 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 03:32:46 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.11.10 04:11:06 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.11.09 23:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.24 22:30:52 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.01.31 21:36:52 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.11.20 18:57:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.11.10 05:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.03 22:11:50 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121003.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.10.03 22:11:50 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121003.019\NAVENG.SYS -- (NAVENG)
DRV - [2012.09.01 02:27:26 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121003.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.09.01 00:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.08.09 08:21:44 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 08:21:44 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa.sys -- (SymEFA)
DRV - [2012.04.18 04:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx86.sys -- (SymIRON)
DRV - [2012.02.10 18:08:49 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.15 00:42:14 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.11.10 05:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.11.10 04:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 19:40:34 | 000,082,960 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds.sys -- (SymDS)
DRV - [2009.08.05 15:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012.10.03 00:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012.10.04 23:51:21 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Herbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\Herbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\
CHR - Extension: Norton Identity Protection = C:\Users\Herbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Herbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Herbie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B657CD-68E1-46D4-99C1-B787A278A248}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a153b025-0fcf-11e1-9de7-00248c363335}\Shell - "" = AutoRun
O33 - MountPoints2\{a153b025-0fcf-11e1-9de7-00248c363335}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.03 00:43:54 | 000,000,000 | ---D | C] -- C:\FRST
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 23:54:50 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 23:54:50 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 23:54:50 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 23:54:50 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 23:48:18 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 23:48:18 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 23:48:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 23:47:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 23:47:41 | 3488,628,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.04 07:01:21 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.10.04 07:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 07:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.03 23:05:35 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.03 22:39:29 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbz.DAT
[2012.10.03 22:39:29 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.10.03 22:39:29 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbw.DAT
[2012.10.03 22:11:50 | 000,009,103 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20121002.018
[2012.09.26 12:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1309000.009\isolate.ini
[2012.09.25 20:58:59 | 000,001,356 | ---- | M] () -- C:\Users\Herbie\AppData\Local\d3d9caps.dat
[2012.09.24 20:42:36 | 002,193,947 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
[2012.09.24 20:21:52 | 000,002,721 | ---- | M] () -- C:\Users\Herbie\Desktop\Microsoft Outlook 2010.lnk
[2012.09.22 13:33:07 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.03 22:02:56 | 3488,628,736 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.22 13:33:07 | 000,001,323 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2012.09.22 13:33:07 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2012.06.22 13:20:46 | 000,000,150 | ---- | C] () -- C:\Users\Herbie\AppData\Roaming\default.pls
[2012.06.04 23:37:23 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2012.01.31 21:36:50 | 000,326,144 | ---- | C] () -- C:\Windows\System32\ColorEfexPro4FC32.dll
[2012.01.11 22:56:09 | 000,101,376 | ---- | C] () -- C:\Users\Herbie\AppData\Roaming\msconfig.dat
[2012.01.02 18:24:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.12.28 17:56:31 | 000,001,024 | ---- | C] () -- C:\Users\Herbie\.rnd
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Overdrive
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organic
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\Users\Herbie\AppData\Roaming\NetServices
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\Users\Herbie\AppData\Roaming\Nature Sounds
[2011.11.16 23:18:47 | 000,000,268 | RH-- | C] () -- C:\Users\Herbie\AppData\Roaming\Nature
[2011.11.16 23:18:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2011.11.16 23:17:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2011.11.16 23:09:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011.11.15 21:15:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.11.15 09:40:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.15 09:40:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.15 09:40:05 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.15 08:41:56 | 000,004,608 | ---- | C] () -- C:\Users\Herbie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.15 08:39:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011.11.15 00:42:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.11.15 00:29:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.14 23:32:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.14 22:45:57 | 000,001,356 | ---- | C] () -- C:\Users\Herbie\AppData\Local\d3d9caps.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.21 21:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.12 21:28:52 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.05 00:05:00 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\Dropbox
[2011.11.15 00:06:14 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\Easeware
[2011.11.20 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\Imagenomic
[2011.11.16 23:18:53 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\Nikon
[2012.08.05 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.28 07:41:21 | 000,000,000 | ---D | M] -- C:\Users\Herbie\AppData\Roaming\Visan
 
========== Purity Check ==========
 
< End of report >

...und hier noch der Extra.txt:

Code:

ATTFilter

OTL Extras logfile created on: 04.10.2012 23:55:35 - Run 1
OTL by OldTimer - Version 3.2.70.2     Folder = I:\
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.81% Memory free
6.70 Gb Paging File | 5.36 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.52 Gb Total Space | 151.01 Gb Free Space | 16.21% Space Free | Partition Type: NTFS
Drive I: | 999.70 Mb Total Space | 993.25 Mb Free Space | 99.35% Space Free | Partition Type: FAT
 
Computer Name: HERBIE-PC | User Name: Herbie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9EE6C7-EA04-4DE6-AED7-50A518E0375E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{1AE4960E-145F-4D39-AE3A-69DB1650F27C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{23651975-5C18-4FDE-A62E-9CDA0CBFF9EB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3A9A32A5-4C26-48E7-AF5A-4A78FE4D8647}" = rport=138 | protocol=17 | dir=out | app=system | 
"{496083CD-327F-4040-AC7D-5D77668EE9DD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B8A5D57-D0F5-42D7-B697-525CC62908A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{70E7087D-22BB-4788-9D8E-CD416F861399}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7E33AD53-5D10-400F-9BFC-CFECC85E4B75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{95F39EB3-91F8-4676-90F1-C5A6C6B4A9B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E0CD8D7D-BD2E-417C-814C-8B511E3CF2B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{E22DE8F8-752E-4118-965B-D4B362C64A94}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FCA760E8-390B-4C8A-99BB-5039F9E598DF}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108DFF1A-B77D-4A92-BE71-9E93D0756360}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{22C8472C-75DC-49A7-94C2-688FA9C7DB0D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{24765381-E737-48E7-99F2-7E1D6487E0CD}" = protocol=6 | dir=in | app=c:\users\herbie\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2A142476-9C80-43B1-9272-BB65C48D2AE2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{5DF27593-735F-4897-8BB7-5FF7D5C1B953}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{69978592-717D-4372-9768-138418700F79}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6C342142-D714-4F6E-A1D1-91E4248577A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A7714988-6CAA-44D9-AACA-962C3E70D244}" = protocol=17 | dir=in | app=c:\users\herbie\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C2726D59-9A57-4430-9B21-4A8B1CA4223C}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe | 
"{E4AFC425-B953-498B-8B51-9D727E0B13C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F1ABD65A-BA88-44A9-A6F8-8F61D52A0DA3}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe | 
"{F242E552-8D58-4631-B454-C238BD022C5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F7E09CAC-327F-4512-A6C2-13435096B5FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FD98D952-D647-4E86-B04F-D3F5CD76E3F9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05CAF469-9765-8FBF-10AD-FD621091824A}" = CCC Help English
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E01F02-4261-42B8-9BD9-80E5E6D64952}" = HP Photosmart 7510 series Hilfe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E1D0591-14F7-736E-143A-62DC3E552A1A}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F64A42C-6D93-6788-EB4F-07CC066DE194}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76D1FBEB-FBBF-0D1E-BB0A-CAA0D19E2C7F}" = ccc-utility
"{7A7F321B-5BFD-4367-92B7-D8FDF01CC13E}" = HP Photosmart 7510 series - Grundlegende Software für das Gerät
"{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8B8115-40C1-A707-B7DA-599514076A81}" = Catalyst Control Center
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96F26B8F-2BCA-4157-8F39-742790C361D8}" = Nero Kwik Media
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B65F83E3-0B02-42AF-AAAE-539C349A4D9E}" = Studie zur Verbesserung von HP Photosmart 7510 series Produkten
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9FFC925-E27E-436E-A2DF-652324D51033}" = Nero 8 Trial
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Capture NX 2" = Capture NX 2
"Color Efex Pro 4" = Color Efex Pro 4
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DriverNavigator_is1" = DriverNavigator 2.7.1
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.0 Plug-in (build 2006)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.09.2012 15:08:06 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:08:41 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:09:21 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:09:43 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:10:12 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:10:47 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:11:34 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:12:01 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2012 15:12:34 | Computer Name = Herbie-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 04.10.2012 01:17:11 | Computer Name = Herbie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung presetup.exe, Version 13.4.0.170, Zeitstempel
 0x505c1536, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,  Prozess-ID 0xbf8, Anwendungsstartzeit
 01cda1ef722cd0d4.
 
[ System Events ]
Error - 25.09.2012 15:10:12 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:10:47 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:10:47 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:11:21 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:11:34 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:11:34 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:12:01 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:12:01 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:12:34 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.09.2012 15:12:34 | Computer Name = Herbie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
< End of report >

Danke und Grüsse
Herbie

schrauber · 05.10.2012, 06:01

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Start => Programmzugriff und Standards => Programme ändern oder deinstallieren.
Starte den Rechner neu.

Downloade nun Java (Java Runtime Environment (JRE) 7 Update 9) von SUN und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst.

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

(nach dem scannen auf den Button klicken und Funde löschen lassen!)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Und ein neues OTL log bitte

Herbie63 · 06.10.2012, 11:37

Hallo Schrauber,

Ich krieg das Java 6 Update 31 mit der standradmässigen Deinstallation nicht weg.
Nach der Vorbereitung gibt Vista den Feedback 'Ein nicht Idetifiziertes Programm möchte auf den Computer zugreissen. Bei Abbrechen passiert nichts mehr und bei Zulassen eigentlich auch nicht mehr - das ist suspekt...

schrauber · 07.10.2012, 09:30

Versuchs mal hiermit:

Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall

Herbie63 · 07.10.2012, 10:06

OK, ich habe einfach mal die Java Engine 7 installiert und konnte die Version 6 wurde dann beim Booten entfernt.

schrauber · 07.10.2012, 17:37

Dann den Rest bitte

Herbie63 · 09.10.2012, 07:22

Hallo Schrauber,
hier mal das Log File von 'Malwarebytes' Anti-Malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Herbie :: HERBIE-PC [Administrator]

Schutz: Aktiviert

08.10.2012 22:14:07
mbam-log-2012-10-08 (22-14-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 759075
Laufzeit: 4 Stunde(n), 28 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Herbie\AppData\Roaming\msconfig.dat (Malware.Crypter) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

schrauber · 09.10.2012, 07:27

Alles klar

Herbie63 · 10.10.2012, 05:52

Hallo Schrauber, kämpfe mit den ESET ONline Scanner...das erste Mal war das Resultat Black Screen als ich zurück kam und heute morgen waren keien Resultate ersichtlich... der Rechner hat vermutlih neue gebootet (Sysmantec war wieder aktiv). muss beim Rechner bleiben, aber leider auch zur Arbeit ... Ich melde mich asap ...

07.10.2012, 09:30	#10
schrauber /// the machine /// TB-Ausbilder	Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich Versuchs mal hiermit: Revo Uninstaller Pro - Uninstall Software, Remove Programs easily, Forced Uninstall __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

07.10.2012, 17:37	#12
schrauber /// the machine /// TB-Ausbilder	Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich Dann den Rest bitte __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

09.10.2012, 07:27	#14
schrauber /// the machine /// TB-Ausbilder	Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich Alles klar __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich

Plagegeister aller Art und deren Bekämpfung: Weisser Bildschirm - Task Manager und Abgesicherter Modus nicht mehr möglich